auth-apply

#!/bin/bash

P12FILE=''
STRONGSWANDIR='/etc/strongswan'
DATADIR='/etc/easy-ipsec/'
INITROOT='init'
TYPEAUTH=''
FILENAME=''

exec 3>&1
#/dev/null

pushd $DATADIR$INITROOT 1>&3 2>&3

# check root
if [ $(id -u) != 0 ]; then
	echo 'Please start script with root!'
	exit 0
fi

# param 1
if [[ -z $1 ]]; then
	echo 'The parameter should not be empty!'
	exit 0
else
	while [[ -n $1 ]]; do
		case $1 in
			--psk ) TYPEAUTH='psk'; break;;
			--cer ) TYPEAUTH='cer'; break;;
			* ) echo "Unknown parameter '$1'"; exit 0;;
		esac
	done
fi

# param 2
if [[ -z $2 ]]; then
	echo 'The parameter should not be empty!'
	exit 0
else
	P12FILE=$2
fi

if [[ $TYPEAUTH == 'psk' ]]; then
	while read LINE; do
		PSK=$LINE
	done < $P12FILE
	sed -i "s/$/$PSK/" $STRONGSWANDIR/ipsec.secrets
fi

if [[ $TYPEAUTH == 'cer' ]]; then
	cp -f $P12FILE .
	FILENAME=$(basename $P12FILE)
	sleep 0.5
	echo 'Extraction from p12...'
	sleep 0.5
	KEYNAME=$($FILENAME | sed 's/.p12//')
	openssl pkcs12 -in $FILENAME -nocerts -out $KEYNAME.key -password pass:'' -nodes 1>&3 2>&3
	openssl pkcs12 -in $FILENAME -clcerts -nokeys -out $KEYNAME.crt -password pass:'' 1>&3 2>&3

	sleep 0.5
	echo 'Key installation...'
	mv $KEYNAME.crt $STRONGSWANDIR/ipsec.d/cacerts/
	mv $KEYNAME.key $STRONGSWANDIR/ipsec.d/private/

	rm -f $KEYNAME.crt
	rm -f $KEYNAME.key
fi

popd 1>&3 2>&3
ipsec restart 1>&3 2>&3

echo 'Keys successfully installed!'