#! /bin/sh

set -e

CERTS_CONF="/etc/ca-certificates.conf"
CERTS_DIR="/usr/share/ca-certificates"
CERTS_SUBDIR="sanctuaire"

case "$1" in
    configure)

      # Add CA certificate in /etc/ca-certificates.conf if not present already
      for CERT_NAME in $(find "$CERTS_DIR/$CERTS_SUBDIR" -iname "*.crt" | sort) ; do
        CERT_NAME="${CERT_NAME##*/}"
        if ! grep -q "^$CERTS_SUBDIR/$CERT_NAME" "$CERTS_CONF" ; then
          printf "%s\n" "$CERTS_SUBDIR/$CERT_NAME" >> "$CERTS_CONF"
        fi
      done

      # Update ca-certificates
      dpkg-trigger --no-await update-ca-certificates

      # Build list of services to reload
      for SERVICE in apache2 postfix ; do
        for CERT_NAME in $(find "$CERTS_DIR/$CERTS_SUBDIR" -iname "*.crt" | sort) ; do
          CERT_NAME="${CERT_NAME##*/}" ; CERT_NAME="${CERT_NAME%.*}"
          if grep -qsiRE "$CERT_NAME\.(pem|crt|crl)" /etc/$SERVICE ; then
            RELOAD="$SERVICE $RELOAD"
            break
          fi
        done
      done

      # Reload services
      if [ -n "$RELOAD" ] ; then
        printf "Reloading services using Sanctuaire CA certificates:\n"
        for SERVICE in $RELOAD ; do
          printf "  %s... " "$SERVICE"
          if invoke-rc.d $SERVICE reload > /dev/null 2>&1 ; then
            printf "done.\n"
          else
            printf "FAILED! ($?)\n"
            FAILED="$SERVICE $FAILED"
          fi
        done
        if [ -n "$FAILED" ] ; then
          printf "The following services failed to reload: %s\n" "$FAILED"
          printf "Please investigate why.\n"
        else
          printf "Services reloaded successfully.\n"
        fi
      fi

    ;;

    abort-upgrade|abort-remove|abort-deconfigure)
    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

#DEBHELPER#

exit 0
