#!/usr/bin/env bash
# Based upon:
# https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh

set -eu -o pipefail

deploy_challenge() {
	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
	local ZONE_TMPFILE=/etc/nsd/${DOMAIN}.zone.tmp
	local ZONE_FILE=/etc/nsd/${DOMAIN}.zone
	echo ""
	echo "Adding challenge to ${ZONE_FILE}..."
	cat ${ZONE_FILE} | awk -v EH_DOMAIN=${DOMAIN} -v EH_TOKENVAL=${TOKEN_VALUE} -e 'BEGIN{};
		{if($0 ~ /serial/){a=$0;serno=gensub(/ *([0-9]+).*/, "\\1", "g", a);serno++;
		print gensub(/( *)([0-9]+)(.*)/,"\\1"serno"\\3","g",a);}else
		if($0 ~ /; ACME-CHALLENGE.*/){print;print "_acme-challenge."EH_DOMAIN". IN TXT \""EH_TOKENVAL"\""}else{print};}
	' > ${ZONE_TMPFILE}
	mv ${ZONE_TMPFILE} ${ZONE_FILE}
	chmod a+r ${ZONE_FILE}
	echo "Reloading zonefile..."
	nsd-control reload ${DOMAIN}
	echo "Notifying slave..."
	nsd-control notify ${DOMAIN}
	#echo "Asking slave to transfer..."
	#ssh @ nsd-control transfer ${DOMAIN}
	echo "Press return to continue..."
	read tmp
	echo ""
}

clean_challenge() {
	local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
	local ZONE_TMPFILE=/etc/nsd/${DOMAIN}.zone.tmp
	local ZONE_FILE=/etc/nsd/${DOMAIN}.zone
	echo ""
	echo "Removing challenge from ${ZONE_FILE}..."
	cat ${ZONE_FILE} | awk -v EH_DOMAIN=${DOMAIN} -v EH_TOKENVAL=${TOKEN_VALUE} -e '
		BEGIN{MATCHLINE="_acme-challenge."EH_DOMAIN". IN TXT \""EH_TOKENVAL"\""};
		{
		if($0 ~ /serial/){a=$0;serno=gensub(/ *([0-9]+).*/, "\\1", "g", a);serno++;
		print gensub(/( *)([0-9]+)(.*)/,"\\1"serno"\\3","g",a);}else
		if($0 == MATCHLINE){}else{print}
		}' > ${ZONE_TMPFILE}
	mv ${ZONE_TMPFILE} ${ZONE_FILE}
	chmod a+r ${ZONE_FILE}
	echo "Reloading zonefile..."
	nsd-control reload ${DOMAIN}
	echo "Notifying slave..."
	nsd-control notify ${DOMAIN}
	#echo "Asking slave to transfer..."
	#ssh @ nsd-control transfer ${DOMAIN}
	echo "Press return to continue..."
	read tmp
	echo ""
}

deploy_cert() {
	local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
	echo ""
	echo "deploy_cert()"
	echo ""
}

unchanged_cert() {
	local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
	echo ""
	echo "unchanged_cert()"
	echo ""
}

invalid_challenge() {
	local DOMAIN="${1}" RESPONSE="${2}"
	echo ""
	echo "invalid_challenge()"
	echo "${1}"
	echo "${2}"
	echo ""
}

request_failure() {
	local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
	echo ""
	echo "request_failure()"
	echo "${1}"
	echo "${2}"
	echo "${3}"
	echo ""
}

exit_hook() {
	echo ""
	echo "done"
	echo ""
}

HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|exit_hook)$ ]]; then
  "$HANDLER" "$@"
fi