#!/usr/bin/env bash
set -o errexit
# Generate a new local CA "/root/.local/share/mkcert"
bin/docker-compose exec -T -u root app mkcert -install

docker cp "$(bin/docker-compose ps -q app|awk '{print $1}')":/root/.local/share/mkcert/rootCA.pem .
echo "System password requested to install certificate authority on host..."

if [ "$(uname)" == "Darwin" ]; then
  sudo security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain rootCA.pem
  echo "{\"policies\": {\"Certificates\": {\"ImportEnterpriseRoots\": true}}}" | sudo tee policies.json

  FIREFOX_FOUND=0
  ### Check if Firefox is installed
  for FFoxAppDir in \
    '/Applications/Firefox.app' \
    '/Applications/Firefox Developer Edition.app' \
    ; do

    FFoxBin=$FFoxAppDir/Contents/MacOS/firefox-bin
    if [[ -f $FFoxBin ]]; then
      printf 'Firefox compatible found at: %s\n' "$FFoxAppDir" >&2
      FIREFOX_FOUND=1

      ### Copy the newly created policies.json to the Certificates directory
      DistDirectory=$FFoxAppDir/Contents/Resources/distribution
      sudo mkdir -p "$DistDirectory"
      sudo cp policies.json "$DistDirectory"/policies.json

    fi
  done

  if [[ $FIREFOX_FOUND -ne 0 ]]; then
    ### Copy the newly created .pem to the Certificates directory
    CertDirectory='/Library/Application Support/Mozilla/Certificates'
    printf 'Installing CA certificate to: %s\n' "$CertDirectory" >&2
    sudo mkdir -p "$CertDirectory"
    sudo cp rootCA.pem "$CertDirectory"/rootCA.pem
  fi

  rm -f policies.json rootCA.pem

else

  ### Requirement: apt install libnss3-tools
  REQUIRED_PKG="libnss3-tools"
  PKG_OK=$(dpkg-query -W --showformat='${Status}\n' $REQUIRED_PKG|grep "install ok installed")
  echo Checking for $REQUIRED_PKG: "$PKG_OK"
  if [ "" = "$PKG_OK" ]; then
    echo "No $REQUIRED_PKG found. Setting up $REQUIRED_PKG."
    sudo apt-get --yes install $REQUIRED_PKG
  fi

  ### CA file to install (CUSTOMIZE!)
  certfile="rootCA.pem"
  certname="Root CA"

  ### For cert8 (legacy - DBM)
  find ~/ -name "cert8.db" -print0 | while read -r certDB
  do
      certdir=$(dirname "${certDB}");
      certutil -D -n "${certname}" -i ${certfile} -d dbm:"${certdir}"
      certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d dbm:"${certdir}"
  done

  ### For cert9 (SQL)
  find ~/ -name "cert9.db" -print0 | while read -r certDB
  do
      certdir=$(dirname "${certDB}");
      certutil -D -n "${certname}" -i ${certfile} -d sql:"${certdir}"
      certutil -A -n "${certname}" -t "TCu,Cu,Tu" -i ${certfile} -d sql:"${certdir}"
  done

  sudo mv rootCA.pem /usr/local/share/ca-certificates/rootCA.crt
  sudo update-ca-certificates
fi