#!/bin/bash
# $Header: /cvs/WebShield/wsrc/files/mgmt/systemservices.d/60_ssl,v 1.4 2004/07/06 17:31:43 scrowe Exp $
#
# Copyright (C) 2004 Networks Associates Technology Inc. All Rights Reserved
#
# Create SSL certificate for the current eth0 or ibr0 IP address
#
if [ -f $NETAWSS/.profile.vars ]; then 
 . $NETAWSS/.profile.vars 
else 
 . /var/NAIENV/.profile.vars 
fi 
PATH=$wsPATH:$PATH
shopt -s extglob
ARG=${1}

# we don't want stdin
exec </dev/null

# get out quick if nothing to do
[[ $1 == @(stop|status) ]] && exit

# load in the system info functions
. sysinfo-functions

# names of SSL files
wsscnf=$NETAWSS/ui/uiconf/openssl.cnf	# WebShield prototype
sslcnf=/usr/share/ssl/openssl.cnf
sslkey=/etc/httpd/conf/ssl.key/server.key
sslcrt=/etc/httpd/conf/ssl.crt/server.crt

# create the config file if different
old=$(md5sum "$sslcnf" | cut -f1 -d" ")
new=$(gen_ssl_cert | md5sum - | cut -f1 -d" ")
if [[ "$old" != "$new" ]]; then
    wsmount <<-END
    gen_ssl_cert > "$sslcnf"
    rm -f "$sslkey"
    /usr/sbin/webshield make_ssl_cert
END
    # Need to change the certificate on the appliance
    if [ "T${ARG}" = "Treload" ]
    then
	[[ -f $WS_RESTART_LIST ]] && echo httpd >>"$WS_RESTART_LIST"
    fi
    exit 0
fi

# generate new server.key if required
if [[ ! -s "$sslkey" || "$sslkey" -ot "$sslcnf" ||
	! -s "$sslcrt" || "$sslcrt" -ot "$sslkey" ]]; then
    wsmount <<-END
    /usr/sbin/webshield make_ssl_cert
END

    # Need to change the certificate on the appliance
    if [ "T${ARG}" = "Treload" ]
    then
	[[ -f $WS_RESTART_LIST ]] && echo httpd >>"$WS_RESTART_LIST"
    fi
    exit 0
fi
