#!/bin/bash
# info: add letsencrypt for host and backend
# options: NONE
#
# example: v-add-letsencrypt-host
#
# This function check and validates the backend certificate and generate
# a new let's encrypt certificate.

#----------------------------------------------------------#
#                Variables & Functions                     #
#----------------------------------------------------------#

# Includes
# shellcheck source=/etc/hestiacp/hestia.conf
source /etc/hestiacp/hestia.conf
# shellcheck source=/usr/local/hestia/func/main.sh
source $HESTIA/func/main.sh
# shellcheck source=/usr/local/hestia/func/domain.sh
source $HESTIA/func/domain.sh
# load config file
source_conf "$HESTIA/conf/hestia.conf"

# Perform verification if read-only mode is enabled
check_hestia_demo_mode

# Argument definition
domain=$(hostname -f)
if [ -z $domain ]; then
	domain=$HOSTNAME
fi
user="$($BIN/v-search-domain-owner "$domain" web)"
[[ -z "$user" ]] && user="admin"

USER_DATA=$HESTIA/data/users/$user

#----------------------------------------------------------#
#                    Verifications                         #
#----------------------------------------------------------#

is_format_valid 'user' 'domain' 'aliases'
is_object_valid 'user' 'USER' "$user"
is_object_unsuspended 'user' 'USER' "$user"
is_system_enabled "$WEB_SYSTEM" 'WEB_SYSTEM'

#----------------------------------------------------------#
#                       Action                             #
#----------------------------------------------------------#

# Check if hostname already exists as domain
if [ "$($BIN/v-list-web-domain $user $domain plain | cut -f 1)" != "$domain" ]; then
	# Create web domain for hostname
	$BIN/v-add-web-domain "$user" "$domain"
fi

# Validate web domain
is_object_valid 'web' 'DOMAIN' "$domain"
is_object_unsuspended 'web' 'DOMAIN' "$domain"
get_domain_values 'web'

# Load domain data
parse_object_kv_list $(grep "DOMAIN='$domain'" $USER_DATA/web.conf)

# Set ssl installation to yes
add_ssl="yes"

if [ "$SSL" = "yes" ]; then
	# Valildate SSL Certificate
	if [ -e "$USER_DATA/ssl/$domain.ca" ]; then
		if openssl verify -CAfile <(openssl x509 -in $USER_DATA/ssl/$domain.ca) $USER_DATA/ssl/$domain.pem | grep -q "$domain.pem: OK"; then
			add_ssl="no"
		fi
	else
		if openssl verify $USER_DATA/ssl/$domain.pem | grep -q "$domain.pem: OK"; then
			add_ssl="no"
		fi
	fi
fi

# Add let's encrypt ssl if needed
if [ "$add_ssl" = "yes" ]; then
	# Add let's encrypt ssl
	$BIN/v-add-letsencrypt-domain "$user" "$domain"
	check_result $? "Let's Encrypt SSL creation failed" "$E_UPDATE"
fi

# Add certificate to backend
$BIN/v-update-host-certificate "$user" "$domain"

# Enable automatic ssl forward and hsts
$BIN/v-add-web-domain-ssl-force "$user" "$domain" > /dev/null 2>&1
$BIN/v-add-web-domain-ssl-hsts "$user" "$domain" > /dev/null 2>&1

#----------------------------------------------------------#
#                        Hestia                            #
#----------------------------------------------------------#

exit