#!/bin/sh

if [ "$1" = "configure" ]
then

	INSTALLDIR="/usr/local/ComarchCryptoProvider"
	
	if [ ! -f "${INSTALLDIR}/certs/CCP-key-server.pem" ] \
		|| [ ! -f "${INSTALLDIR}/certs/CCP-key-server.pem" ] \
		|| [ ! -f "${INSTALLDIR}/certs/CCP-cert-CA.cer" ]
	then
	
		echo "Generating CA for localhost..."
		openssl genrsa -out ${INSTALLDIR}/certs/CCP-key-CA.pem 2048
		openssl req -x509 -sha256 -days 1000 -extensions ext-ca \
			-subj "/C=PL/O=ComarchCryptoProvider/CN=ComarchCryptoProvider CA" \
			-config "${INSTALLDIR}/openssl.cnf" \
			-key "${INSTALLDIR}/certs/CCP-key-CA.pem" \
			-out "${INSTALLDIR}/certs/CCP-cert-CA.pem"
		openssl x509 -inform PEM -outform DER \
			-in "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
			-out "${INSTALLDIR}/certs/CCP-cert-CA.cer"
		
		echo "Trust generated CA certificate..."
		cp "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
			"/usr/local/share/ca-certificates/CCP-cert-CA.crt"
		dpkg-trigger update-ca-certificates
		
		echo "Generating signed certificate for server..."
		openssl genrsa -out ${INSTALLDIR}/certs/CCP-key-server.pem 2048
		openssl req -new -sha256 \
			-subj "/C=PL/O=ComarchCryptoProvider/CN=localhost" \
			-out "${INSTALLDIR}/certs/CCP-req-server.pem" \
			-key "${INSTALLDIR}/certs/CCP-key-server.pem"
		openssl x509 -req -sha256 -days 999 -extensions ext-san \
			-extfile "${INSTALLDIR}/openssl.cnf" \
			-in "${INSTALLDIR}/certs/CCP-req-server.pem" \
			-CA "${INSTALLDIR}/certs/CCP-cert-CA.pem" \
			-CAkey "${INSTALLDIR}/certs/CCP-key-CA.pem" \
			-CAcreateserial \
			-out "${INSTALLDIR}/certs/CCP-cert-server.pem"
		
		chmod 644 "${INSTALLDIR}/certs/CCP-key-server.pem"
	
	fi

fi

#DEBHELPER#
