#!/usr/bin/env bash

file_env() {
   local var="$1"
   local fileVar="${var}_FILE"
   local def="${2:-}"

   if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
      echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
      exit 1
   fi
   local val="$def"
   if [ "${!var:-}" ]; then
      val="${!var}"
   elif [ "${!fileVar:-}" ]; then
      val="$(< "${!fileVar}")"
   fi
   export "$var"="$val"
   unset "$fileVar"
}

load_vars() {
   file_env "CONFIG_AUTHADMINPASSWORD"
   file_env "CONFIG_SECRETSALT"
}

generate_certs() {
   CERT_DIR=/var/simplesamlphp/cert

   if [ -f "$CERT_DIR/saml.crt" ] && [ -f "$CERT_DIR/saml.pem" ]; then
      return
   fi

    if ! type openssl > /dev/null 2>&1; then
        yum install -q -y openssl
    fi

   openssl req -newkey rsa:4096 -new -x509 \
      -days 3652 -nodes \
      -out "$CERT_DIR/saml.crt" \
      -keyout "$CERT_DIR/saml.pem" \
      -subj "/C=XX/ST=/L=/O=/OU=SimpleSAML/CN=${DOMAIN}"
}

enable_plugins() {
   touch /var/simplesamlphp/modules/cas/enable
}

main() {
    set -eu

    load_vars

    enable_plugins

    generate_certs
}

main

/init "$@"