#!/bin/bash

# https://github.com/lukas2511/dehydrated/blob/master/docs/examples/hook.sh
# https://github.com/sebastiansterk/dns-01-manual/master/hook.sh
# https://pub.nethence.com/bin/daemons/sign.ksh.txt

#confdir=/var/chroot/nsd/etc
confdir=/etc/nsd

[[ ! -x $confdir/sign.ksh ]] && echo cannot find $confdir/sign.ksh executable && exit 1
[[ ! -x `which nsd-control` ]] && echo cannot find nsd-control executable in the path && exit 1

set -eu -o pipefail

deploy_challenge() {
		local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

		date=`date +%s`

		echo -n backing up $DOMAIN zone files as $confdir/$DOMAIN.db.$date ...
		cp -p $confdir/$DOMAIN.db $confdir/$DOMAIN.db.$date && echo done

		echo -n adding acme challenge dns record to $confdir/$DOMAIN.db ...
		echo "_acme-challenge.${1}. IN TXT \"${3}\"" >> $confdir/$DOMAIN.db && echo done
		echo "_acme-challenge.${1}. IN TXT \"${3}\""

		echo SIGNING $DOMAIN
		$confdir/sign.ksh $DOMAIN

		record=`host -t txt _acme-challenge.$DOMAIN 127.0.0.1 | grep ^_acme-challenge`
		echo "$record"
		[[ -z $record ]] && echo new record does not show up locally && exit 1

		unset date
}

# we would not have access to the same "date" variable here
clean_challenge() {
		local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"

		echo -n removing challenge from zone file...
		sed -ri '/^_acme-challenge/d' $confdir/$DOMAIN.db && echo done

		#echo -n restoring the original $DOMAIN zone file...
		#mv $confdir/$DOMAIN.db $confdir/$DOMAIN.db.tmp
		#grep -vE "^_acme-challenge\.$DOMAIN\." $confdir/$DOMAIN.db.tmp \
		#	> $confdir/$DOMAIN.db && echo done
		#rm -f $confdir/$DOMAIN.db.tmp

		#echo SIGNING $DOMAIN
		#$confdir/sign.ksh $DOMAIN
}

deploy_cert() {
	#local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"
	:
}

unchanged_cert() {
	#local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"
	:
}

invalid_challenge() {
	local DOMAIN="${1}" RESPONSE="${2}"
	echo INVALID CHALLENGE
	echo "${1}"
	echo "${2}"
}

request_failure() {
	local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"
	echo FAILURE
	echo "${1}"
	echo "${2}"
	echo "${3}"
}

exit_hook() {
	:
}

HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|exit_hook)$ ]]; then
  "$HANDLER" "$@"
fi