#!/bin/bash

mkdir -p $HOME/.digisign && chmod 700 $HOME/.digisign
mkdir -p $HOME/.digisign_logs && chmod 700 $HOME/.digisign_logs

exec > $HOME/.digisign_logs/DigiSignApplication.log 2>&1

set -x

kill -9 $(pidof DigiSignApplication.bin)

if [ -f $HOME/.digisign/SSLCA.cer ]; then
   echo "DSApp signer certificate already exist"
   certCheck=$(certutil -d sql:$HOME/.pki/nssdb -L | grep DigiSign)
else
    /usr/bin/DigiSignApplication.bin /Install
    newCert="true"
fi

bash -E -c "nohup /usr/bin/DigiSignApplication.bin&"

if [ -f /usr/lib/libcryptoki.so ]; then
    cryptokiPath=/usr/lib/libcryptoki.so;
else
    cryptokiPath=/usr/lib64/libcryptoki.so;
fi

if [ -z "$certCheck" ]; then
    date=$(date +"%d-%m-%y_%R")
    mv $HOME/.pki/nssdb $HOME/.pki/nssdb_OLD_$date
    mkdir -p $HOME/.pki/nssdb
    certutil -d sql:$HOME/.pki/nssdb -N -f $HOME/.digisign/Seed.txt
    certutil -d sql:$HOME/.pki/nssdb -A -t "TC,Tw,Tw" -n "DigiSign WebSigner ROOT Certificate" -i $HOME/.digisign/SSLCA.cer -f $HOME/.digisign/Seed.txt
fi

p11check=$(modutil -dbdir sql:$HOME/.pki/nssdb/ -list | grep DigiSign)
if [ -z "$p11check" ]; then
    mkdir -p $HOME/.pki/nssdb
    modutil -dbdir sql:$HOME/.pki/nssdb -add "DigiSign PKCS#11 Module" -libfile $cryptokiPath -mechanisms FRIENDLY -force
fi


for certDB in $(find  ~/.mozilla* ~/.thunderbird -name "cert8.db")
do
    certDir=$(dirname ${certDB});
    certCheck=$(certutil -d ${certDir} -L | grep DigiSign)
    if [ -z "$certcheck" -o "$newCert"="true" ]; then
        certutil -D -n "DigiSign WebSigner ROOT Certificate" -i $HOME/.digisign/SSLCA.cer -d ${certDir}    
        certutil -A -n "DigiSign WebSigner ROOT Certificate" -t "TC,Cw,Tw" -i $HOME/.digisign/SSLCA.cer -d ${certDir}
    fi
    p11check=$(modutil -dbdir ${certDir} -list | grep DigiSign)
    if [ -z "$p11check" ]; then
        modutil -dbdir ${certDir} -add "DigiSign PKCS#11 Module" -libfile $cryptokiPath -mechanisms FRIENDLY -force
    fi

done
