#!/bin/bash
# FILE:       	dashboard/ssl
# DESCRIPTION:	Get a user's SSL certs and keys
# USAGE:      	ssl remote_ip querystring
# QUERYSTRING:	?host=$hostname&ext=crt

source /etc/wagon/config
ip="${1}"; qs="$(<<<"${2}" tr '&' '\n' | sed 's/?//')"

# Parse querystring
hostname="$(<<<"${qs}" grep -oP 'host=(.*)' | sed 's/^host=//' | xargs)"
ext="$(<<<"${qs}" grep -oP 'ext=(.*)' | sed 's/^ext=//' | xargs)"

if ! file="${hostname:?}/server.${ext:?}"; then
	printf 'ERROR! Hostname "%s" or extension "%s" missing!\n' "${hostname}" "${ext}" >&2
	printf 'Hostname or extension missing!\n' | /usr/lib/wagon/http_res 400; exit
else
	printf 'User %s requested SSL file %s\n' "${ip}" "${file}" >&2
fi

# Make sure extension is 'crt' or 'key'
if [ "${ext}" != 'crt' ] && [ "${ext}" != 'key' ]; then
	printf 'Invalid extension: %s\n' "${ext}" | tee >(cat 1>&2) | /usr/lib/wagon/http_res 400; exit
fi

# Get username
if ! domain="$(/usr/lib/wagon/ns_lookup_rdns "${ip}")"; then
	printf 'ERROR! Failed to lookup domain from user IP %s\n' "${ip}" | tee >(cat 1>&2) | /usr/lib/wagon/http_res 500
	exit 7
fi; if ! username="$(<<<"${domain}" cut -d'.' -f2)"; then
	printf 'ERROR! Failed to parse username from domain "%s"\n' "${domain}" >&2
	/usr/lib/wagon/http_res 500; exit
else
	printf 'User %s is "%s"\n' "${ip}" "${username}" >&2
fi

if ! path="${SSL_CONFIG_DIR:?}/${username:?}/${file}"; then
	printf 'ERROR! Username "%s" or SSL_CONFIG_DIR "%s" missing!\n' "${username}" "${SSL_CONFIG_DIR}" >&2
	/usr/lib/wagon/http_res 500; exit
fi

# Check that the file exists
if ! [ -f "${path}" ]; then
	printf 'ERROR! File missing: "%s"\n' "${path}" >&2
	/usr/lib/wagon/http_res 500; exit
fi

# Try to return it to the user
if <"${path}" /usr/lib/wagon/http_res 200; then
	printf 'Sent SSL file "%s" to %s\n' "${path}" "${username}" >&2
else
	printf 'ERROR! Failed to return file: "%s"\n' "${path}" >&2
	/usr/lib/wagon/http_res 500; exit
fi