#!/bin/sh /etc/rc.common
# Copyright (C) 2006-2011 OpenWrt.org

SERVICE_USE_PID=1

START=50

EXTRA_COMMANDS="change_url gen_key gen_pem check_pem rm_key start_gen_new_pem copy_api_pem"
pem_file="/etc/lighttpd/lighttpd.pem"

start() {
	if [ "`uci get luci.main.mediaurlbase`" != "/luci-static/web_NTGR" ];then
		uci set luci.main.mediaurlbase="/luci-static/web_NTGR"
		uci commit
	fi

	check_pem

	mkdir -m 0755 -p /tmp/etc/lighttpd
	cp /rom/etc/lighttpd/lighttpd.conf /tmp/etc/lighttpd/lighttpd.conf
	if [ "`uci get lighttpd.@https[0].forward`" = "1" ] && [ "`uci get lighttpd.@https[0].enable`" = "1" ]; then
		sed -i 's/^.*"mod_redirect"/	"mod_redirect"/g' /tmp/etc/lighttpd/lighttpd.conf
	else
		sed -i 's/^.*"mod_redirect"/#	"mod_redirect"/g' /tmp/etc/lighttpd/lighttpd.conf
	fi

	if [ "`uci get lighttpd.@https[0].enable`" = "1" ]; then
		sed -i 's/^.*ssl/	ssl/g' /tmp/etc/lighttpd/lighttpd.conf
	else
		sed -i 's/^.*ssl/#	ssl/g' /tmp/etc/lighttpd/lighttpd.conf
	fi

	if [ "`ls -al /tmp/etc/lighttpd/lighttpd.conf | awk -F" " '{ print $5 }'`" = "0" ]; then
		cp /rom/etc/lighttpd/lighttpd.conf /tmp/etc/lighttpd/lighttpd.conf
	fi

    change_url

	mkdir -m 0755 -p /var/log/lighttpd
	service_start /usr/sbin/lighttpd -f /tmp/etc/lighttpd/lighttpd.conf

	mkdir -m 0755 -p /var/run/lighttpd
}

stop() {
	service_stop /usr/sbin/lighttpd
}

change_url() {
    if [ `uci get system.firmware.first_login` = "1" ]; then
        sed -i 's/cgi-bin\/luci/day_zero/g' /www/index.html
    else
        sed -i 's/day_zero/cgi-bin\/luci/g' /www/index.html
    fi
}

gen_key() {
	cd /tmp/
	echo "[Generate Key]" > /dev/console
	openssl genrsa -out server.key 2048
	openssl ecparam -genkey -name secp384r1 -out server.key
	openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650 -config /etc/ssl/new.cnf -extensions v3_ca
	openssl req -new -nodes -x509 -out server.pem -keyout server.key -days 3650 -config /etc/ssl/new.cnf -extensions v3_ca
}

gen_pem() {
	if [ -f "server.key" -a -f "server.pem" ]; then
		echo "[Combine Pem File]" > /dev/console
		cat server.key > lighttpd.pem
		cat server.pem >> lighttpd.pem
		if [ -f '$pem_file' ]; then
			echo "[Remove Original Pem File]" > /dev/console
			rm $pem_file
		fi
		cp lighttpd.pem /etc/lighttpd/
		sync
		check_pem
	else
		start_gen_new_pem
	fi
}

copy_api_pem() {
	echo "[Copy Pem to openapi-server]" > /dev/console
	cp $pem_file /etc/senao-openapi-server/senao-openapi-server.pem
	sync
}

check_pem()
{
	result=$(openssl verify -CAfile $pem_file $pem_file | cut -d ' ' -f 2)

	if [ "$result" == "OK" ]; then
		echo "[Pem Check Pass]" > /dev/console
		copy_api_pem
	else
		echo "[Pem Check Fail, Generate Again]" > /dev/console
		start_gen_new_pem
	fi
}

rm_key() {
	echo "[Remove Key]" > /dev/console
	rm server.key
	rm server.crt
	rm server.pem
	rm lighttpd.pem
	cd -
}

start_gen_new_pem() {
	echo "[Start to Generate New Pem File]" > /dev/console
	gen_key
	gen_pem
	rm_key
	echo "[Done]" > /dev/console
}
