#!/bin/sh

#/etc/haproxy/ssl/example.com.pem example.com
#/etc/haproxy/ssl/www.example.com.pem www.example.com
#/etc/haproxy/ssl/mail.example.com.pem mail.example.com


set -e

update_crt_list() {
  local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt
  local CERT_LIST=""
  local LIVE_DIR_PATH="/etc/letsencrypt/live"
  local FULLCHAIN_FILE_NAME="fullchain.pem"
  local PRIVATEKEY_FILE_NAME="privkey.pem"
  local SSL_DIR_PATH="/etc/haproxy/ssl"
  local B_CHANGED=false

  if [ ! -d "$LIVE_DIR_PATH" ]; then
    mkdir -p $LIVE_DIR_PATH
  fi
  if [ ! -d "$SSL_DIR_PATH" ]; then
    mkdir -p $SSL_DIR_PATH
  fi

  echo "Generation of crt-list.txt is start."

  cd "$LIVE_DIR_PATH"

  local DOMAIN_LIST="$(ls)"

  for DOMAIN in $DOMAIN_LIST; do
    if [ ! -d "$DOMAIN" ]; then
      continue
    fi
    cd "$DOMAIN"
    if [ -f "$FULLCHAIN_FILE_NAME" -a -f "$PRIVATEKEY_FILE_NAME" ]; then
      # Check if something has changed
      OLD_COMBINED_PEM=
      [ -f "${SSL_DIR_PATH}/${DOMAIN}.pem" ] && OLD_COMBINED_PEM="$(cat ${SSL_DIR_PATH}/${DOMAIN}.pem)"
      CURRENT_COMBINED_PEM="$(cat ${FULLCHAIN_FILE_NAME} ${PRIVATEKEY_FILE_NAME})"
      if [ "$OLD_COMBINED_PEM" != "$CURRENT_COMBINED_PEM" ]; then
        # Store new combined cert
        echo "$CURRENT_COMBINED_PEM" > "${SSL_DIR_PATH}/${DOMAIN}.pem"
        B_CHANGED=true
      fi
      CERT_LIST="${CERT_LIST}${SSL_DIR_PATH}/${DOMAIN}.pem $DOMAIN\n"
    fi
    cd ..
  done

  if [ "$CERT_LIST" != "$(cat $CRT_LIST_PATH)" -o $B_CHANGED == true ]; then
    # Update list and reload server
    DEFAULT_CRT=$(head -n 1 $CRT_LIST_PATH)
    echo -e "$DEFAULT_CRT\n$CERT_LIST" > ${CRT_LIST_PATH}
    reload_haproxy.sh
  fi

  echo "Generation of crt-list.txt was ended."

}

update_crt_list