#!/bin/bash

if [[ ! -f "/ssprConfig/enforcer.crt" ]]; then
        echo "[Enforcer] Enforcer certificate is missing. Please name it enforcer.crt and place it in the /ssprConfig location"
        exit
fi


ENFORCER_CRT=$(docker exec -t -i ssprservice /bin/bash -c "if [[ ! -f /config/enforcer.crt ]]; then
        echo -n no
else
        echo -n yes
fi")

if [[ "$ENFORCER_CRT" = "yes" ]]; then
        echo "[Enforcer] Certificate is present, importing"
else
        echo "[Enforcer] Certificate does not exist, contact EPAS Enforcer support."
        exit
fi


### DOCKER EXECUTE
ENFORCER_ENABLED=$(docker exec -t -i ssprservice /bin/bash -c '
KEYTOOL_EXISTS=$(keytool -list -trustcacerts -keystore /opt/java/openjdk/lib/security/cacerts -alias EPASEnforcer -storepass changeit 2>/dev/null 1>&2; echo $?)

if [[ "$KEYTOOL_EXISTS" = "1" ]]; then
        echo -n no
else
        echo -n yes
fi
')
### END DOCKER EXECUTE

if [[ "$ENFORCER_ENABLED" = "no" ]]; then
        echo "[Enforcer] Importing certificate into the container store. OUTPUT from container:"
        docker exec -t -i ssprservice /bin/bash -c 'keytool -import -trustcacerts -keystore /opt/java/openjdk/lib/security/cacerts -alias EPASEnforcer -file /config/enforcer.crt -storepass changeit'
        echo "[Enforcer] Please restart sspr service by using: systemctl restart sspr"
else
        echo "[Enforcer] Enforcer certificate is already loaded in the SSPR appliance"
fi


exit