#!/bin/sh

os="$(cat "${__global:?}"/explorer/os)"

case "$os" in
	alpine|ubuntu|debian)
		default_confdir=/etc/ssl/uacme
		;;
	*)
		echo "This type currently has no implementation for $os. Aborting." >&2;
		exit 1
		;;
esac

admin_mail=
if [ -f "${__object:?}/parameter/admin-mail" ];
then
	admin_mail="$(cat "${__object:?}/parameter/admin-mail")";
fi

# Autoaccept ACME server terms (if any) upon new account creation.
uacme_opts="--yes"

# Non-default ACMEv2 server directory object URL.
if [ -f "${__object:?}/parameter/acme-url" ]; then
	custom_acme_url=$(cat "${__object:?}/parameter/acme-url")
	uacme_opts="$uacme_opts --acme-url $custom_acme_url"
fi

# Specify RFC8555 External Account Binding credentials.
if [ -f "${__object:?}/parameter/eab-credentials" ]; then
	eab_credentials=$(cat "${__object:?}/parameter/eab-credentials")
	uacme_opts="$uacme_opts --eab $eab_credentials"
fi

confdir="${default_confdir:?}"
if [ -f "${__object:?}/parameter/confdir" ];
then
	confdir="$(cat "${__object:?}/parameter/confdir")"
fi

cat << EOF
if ! [ -f "${confdir}/private/key.pem" ];
then
	uacme $uacme_opts new ${admin_mail}
fi
EOF