# Return 0 on cert-udpate, 1 on fail, on no changes

SRC=${SRC:-192.168.61.1}
SRC_USER=${SRC_USER:-cert_send}

#
#
#

if [ "$1" == "" ]; then
        echo "dir-name for target missing"
        exit 1
fi
if [ "$2" == "" ]; then
        echo "owning user missing"
        exit 1
fi

TMP=$(mktemp -d)
echo $TMP
cd $TMP
ssh $SRC_USER@$SRC 2> /dev/null > in.txt
cat in.txt | head -n 1 
echo Got:
#cat in.txt | grep -B 99999 '\.\.\.\.\.' | grep -v '\.\.\.\.\.' | base64 -d > in.tgz
cat in.txt | tr -d '\r' | base64 -d > in.tgz
echo Install:
tar xzf in.tgz || exit 1
mkdir -p /etc/ssl/server/$1
chg=0
for i in $(ls *cer *key); do 
        echo "...$i"
        diff "$i" "/etc/ssl/server/$1/$i" || chg=1
        if [ "$chg" == "1" ]; then
                cp "$i" "/etc/ssl/server/$1" || exit 1
        fi
done

chmod go-rwx /etc/ssl/server/${1}/*.key || exit 1
chown ${2} /etc/ssl/server/${1}

# return 0 if new cert was retrieved, 2 if no changes, 1 on error
if [ "$chg" == 0 ]; then
        exit 2
fi
exit 0