#!/bin/bash

. sbs/exec/config/allg
. $(dirname $BASH_SOURCE)/config/functions

filetype="$vadirInput"

case "$vadirInput" in
    crt) dir="$certcertdir"; filetype="crt";;
    csr) dir="$certcsrdir"; filetype="csr";;
    ext) dir="$certextdir"; filetype="crt";;
    *) echo '#mne_lang#Falscher Dateityp#' >&2; exit 1;;
esac


ext=${vafilenameInput##*.}
name=${vafilenameInput%.*}

if [ "$ext" != "$filetype" ]; then
	echo '#mne_lang#Falscher Dateityp#'" $ext" >&2
	exit 2;
fi

file="/tmp/$$.$vadirInput";
echo "$vadataInput" | base64 --decode > $file

if [ "$vadirInput" == 'ext' ]; then
	mne_error_ignore=1
    openssl x509 -text -noout -in $file >/dev/null 2>/dev/null
    if [ "$?" != "0" ]; then
    	echo "#mne_lang#Kein Zertifikat#" >&2
    	rm $file
    	exit 1
    fi
    mv "$file" "$dir/$vafilenameInput"
	mne_error_ignore=0
   
	update-ca-certificates >&$logfile 2>&1
fi

if [ "$vadirInput" == 'csr' ]; then
    check_capasswd "$vapasswd"
    cert_checkcsr "$name" "$file"
    if [ -f "$certkeydir/$name.key" ]; then
      keydata=$(openssl pkey -in "$certkeydir/$name.key" -pubout -outform pem)
      csrdata=$(openssl req  -in "$file" -noout -pubkey -outform pem)
      if [ "$keydata" != "$csrdata" ]; then
        echo "#mne_lang#Request gehört nicht zum Schlüssel#" >&2
        rm $file
        exit 1
      fi
    fi
    mv "$file" "$dir/$vafilenameInput"
    cert_mkcrt "$name" "$vapasswd"
fi

if [ "$vadirInput" == 'crt' ]; then
    if [ -f "$certkeydir/$name.key" ]; then
      keydata=$(openssl pkey -in "$certkeydir/$name.key" -pubout -outform pem)
      crtdata=$(openssl x509  -in "$file" -noout -pubkey -outform pem)
      if [ "$keydata" != "$crtdata" ]; then
        echo "#mne_lang#Zertifikat gehört nicht zum Schlüssel#" >&2
        rm $file
        exit 1
      fi
      mv "$file" "$dir/$vafilenameInput"
    else
        echo "#mne_lang#Zum Zertifikat existiert kein Schlüssel#" >&2
        rm $file
    fi
fi

exit 0
