#!/bin/bash
# скрипт автодобавления сертификатов минцифры в Debian
# author V.Koshuba - 2023(c)
#

# script path 
path_script="$(dirname $(readlink --canonicalize-existing "$0"))";
# хост хранения сертификатов - откуда скачиваем
url_gov="https://gu-st.ru/content/lending/";
# сертификаты
cert_gov=( "russian_trusted_sub_ca_pem.crt"
	   "russian_trusted_root_ca_pem.crt"
	);

# certs pool
path_ssl="/etc/ssl/certs";

function addCerts(){
for ((ix = 0; ix != ${#cert_gov[@]}; ix++)); do
    if wget -c -t 1 --inet4-only  -c -O $path_script/${cert_gov[$ix]} $url_gov/${cert_gov[$ix]}; then
	    echo "сертификат скачан успешно!";
    else
	    echo "ошибка - сертификат не скачан!..";
	    exit
    fi
    if [ "$( echo -e ${cert_gov[$ix]}|wc -m)" != "0" ]; then
      cert_name=$(echo -e ${cert_gov[$ix]}|sed 's/\_pem.crt//g');
      sudo openssl x509 -in $path_script/${cert_gov[$ix]} -out $path_ssl/$cert_name.pem -outform PEM;
      cd $path_ssl;
      sudo ln -sf $cert_name.pem $(sudo openssl x509 -in $cert_name.pem -noout -hash).0
            sudo chmod 600 $path_ssl/$cert_name.pem;
      sudo chown root:root $path_ssl/$cert_name.pem;
      cd $path_script;
    fi
    # для пользователя 
    eval cert8_db="(" $(find $HOME -type f -name cert8.db -printf '%p\n') ")";
    eval cert9_db="(" $(find $HOME -type f -name cert9.db -printf '%p\n') ")";
#
    if [ "$(echo -e ${#cert8_db[@]})" != "0" ]; then
      for ((i_dm = 0; i_dm != ${#cert8_db[@]}; i_dm++)); do
          certdir=$(dirname ${cert8_db[$i_dm]});
          sudo certutil -A -n "$cert_name" -t "TCu,Cu,Tu" -i $path_script/${cert_gov[$ix]} -d dbm:$certdir;
      done
    fi
    if [ "$(echo -e ${#cert9_db[@]})" != "0" ]; then
      for ((i_dm = 0; i_dm != ${#cert9_db[@]}; i_dm++)); do
          certdir=$(dirname ${cert9_db[$i_dm]});
          sudo certutil -A -n "$cert_name" -t "TCu,Cu,Tu" -i $path_script/${cert_gov[$ix]} -d sql:$certdir
      done
    fi
done
sudo update-ca-certificates;
sudo update-ca-certificates --fresh;
#
}

addCerts;