#!/bin/bash

# This file contains base functions for dehydrated system hook scripts.
# Please do not edit this file! It will be overwritten by package updates!
# If you need to implement your own functions, take a look at
# custom_functions file.

# This function checks for per certificate hook scripts in hooks.d directory.
# If not found, it executes global hook script instead.
deploy_cert() {
  local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
  if [[ -n "${HOOKS_D}" ]]; then
    if [[ ! -d "${HOOKS_D}" ]]; then
      echo " + System hook: ${HANDLER}: The path ${HOOKS_D} specified for HOOKS_D does not point to a directory."
    else
      if [[ -f "${HOOKS_D}/${DOMAIN}" ]]; then 
        if  [[ -r "${HOOKS_D}/${DOMAIN}" ]]; then
          echo " + System hook: ${HANDLER}: Executing hook script for certificate ${DOMAIN}."
          . "${HOOKS_D}/${DOMAIN}"
        else
          echo " + System hook: ${HANDLER}: Cannot execute hook script for certificate ${DOMAIN}."
        fi
      else
        if [[ -f "${HOOKS_D}/global" ]] && [[ -r "${HOOKS_D}/global" ]]; then
          echo " + System hook: ${HANDLER}: Executing global hook script"
          . "${HOOKS_D}/global"
        else
          echo " + System hook: ${HANDLER}: Cannot execute global hook script."
        fi
      fi
    fi
  fi
}

clean_challenge() {
  local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

deploy_challenge() {
  local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

invalid_challenge() {
  local DOMAIN="${1}" RESPONSE="${2}"
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

request_failure() {
  local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

unchanged_cert() {
  local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

startup_hook() {
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

exit_hook() {
  echo " + System hook: ${HANDLER}: Nothing to do..."
}

# Function to concat files atomic way to avoid MITM problems
atomic_concat() {
  local file=$1; shift
  > $file.new
  chmod 600 $file.new
  cat "$@" > $file.new
  cp -f $file $file.dehydrated~
  mv -f $file.new $file
}

lighttpd_reload() {
  if [ ! -x /usr/sbin/lighttpd ] || [ ! -f /etc/lighttpd/server.pem ]; then
    return
  fi
  echo " + System hook: Overwritting /etc/lighttpd/server.pem and reloading lighttpd..."
  atomic_concat /etc/lighttpd/server.pem "$FULLCHAINCERT" "$PRIVKEY"
  /sbin/service lighttpd reload
}

haproxy_reload() {
  if [ ! -x /usr/sbin/haproxy ] || [ ! -f /etc/haproxy/server.pem ]; then
    return
  fi
  echo " + System hook: Overwritting /etc/haproxy/server.pem and restarting haproxy..."
  atomic_concat /etc/haproxy/server.pem "$FULLCHAINCERT" "$PRIVKEY"
  /sbin/service haproxy reload
}

nginx_reload() {
  if [ ! -f /etc/nginx/server.crt ] || [ ! -f /etc/nginx/server.key ]; then
    return
  fi
  echo " + System hook: Overwritting /etc/nginx/server.{crt,key} and reloading nginx..."
  atomic_concat /etc/nginx/server.crt "$FULLCHAINCERT"
  atomic_concat /etc/nginx/server.key "$PRIVKEY"
  /sbin/service nginx reload
}

apache_reload() {
  if [ ! -x /etc/rc.d/init.d/httpd ]; then
    return
  fi
  echo " + System hook: Reloading Apache..."
  /sbin/service httpd graceful
}

postfix_reload() {
  if [ ! -x /etc/rc.d/init.d/postfix ]; then
    return
  fi
  echo " + System hook: Reloading Postfix..."
  /sbin/service postfix reload
}

dovecot_reload() {
  if [ ! -x /etc/rc.d/init.d/dovecot ]; then
    return
  fi
  echo " + System hook: Reloading Dovecot..."
  /sbin/service dovecot reload
}
