#!/bin/sh
### BEGIN INIT INFO
# Provides:          fetch-filter-cert
# Required-Start:    $local_fs $remote_fs
# Required-Stop:     $local_fs $remote_fs
# Should-Start:      $network $syslog $named
# Default-Start:     2 3 4 5
# Default-Stop:
# Short-Description: Fetch e2guardian SSL public cacert
# Description:
#   Retrieve e2guardian proxy's CA certificate and add it to
#   the system-wide list of CA certificates.
### END INIT INFO

set -e

. /lib/lsb/init-functions

CERTFILE=/usr/local/share/ca-certificates/debian-edu/filter-ca.crt
FILTERSERVER="filter"
FILTERCACERTURL="http://$FILTERSERVER/filter-ca.crt"

do_start() {
    ERROR=false
    if ! fping "$FILTERSERVER" 1>/dev/null 2>/dev/null; then
	    logger -t fetch-filter-cert "Site does not have a content filter server, aborting."
	    return 0
    elif [ ! -f $CERTFILE ]; then
	[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching content filter CA certificate."
	mkdir -p "$(dirname $CERTFILE)"
	curl "$FILTERCACERTURL" > $CERTFILE.new
	chmod 644 $CERTFILE.new
	if test -s $CERTFILE.new && head -n1 $CERTFILE.new | grep -q -E '^-----BEGIN CERTIFICATE-----$'; then
	    mv $CERTFILE.new $CERTFILE
	    [ "$VERBOSE" != no ] && log_action_end_msg 0
	    logger -t fetch-filter-cert "Fetched content filter CA certificate from $FILTERCACERTURL."
	    update-ca-certificates 1>/dev/null
	else
	    rm $CERTFILE.new
	    log_action_end_msg 1
	    logger -t fetch-filter-cert "Failed to fetch content filter CA certificate from $FILTERCACERTURL."
	    ERROR=true
	fi
    fi
    if [ -d /opt/ltsp ] ; then
	for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
	    if [ ! -f $ltsp_chroot$CERTFILE ]; then
		[ "$VERBOSE" != no ] && 
		log_action_begin_msg "Copying content filter CA certificate to ltsp-chroot $ltsp_chroot "
		if test -s $CERTFILE; then
	            mkdir -p $(dirname $ltsp_chroot/$CERTFILE)
		    cp $CERTFILE $ltsp_chroot$CERTFILE
		    chmod 644 $ltsp_chroot$CERTFILE
		    chroot $ltsp_chroot update-ca-certificates 1>/dev/null
		    [ "$VERBOSE" != no ] && log_action_end_msg 0
		else
		    log_action_end_msg 1
		    ERROR=true
		fi
	    fi
	done
    fi
    if $ERROR; then
	return 1
    fi
}

case "$1" in
    start)
	do_start
	;;
    stop)
	;;
    restart|force-reload)
	;;
    *)
	echo "Usage: $0 {start|stop|restart|force-reload}"
	exit 2
esac
exit 0