# ----------
# see also:
#    https://github.com/lazyfrosch/docker-icingaweb2/issues/1
#    https://stackoverflow.com/questions/31842400/ssl-issue-after-pear-channel-update-pear-php-net/46544219#46544219
#
# possible errors
#
#    - download of pgp source code failed
#      in tha case try to add certificate to ca-certificates file
#
#    - pecl runs into error "Connection to `ssl://pecl.php.net:443' failed:"
#    - pear runs into error "Connection to `ssl://pear.php.net:443' failed:"
#      in that cases try to add certificate to 'default_cert_file' ..
#
# ----------

cert_URL="https://curl.haxx.se/ca/cacert.pem"
cert_name="$(basename "https://curl.haxx.se/ca/cacert.pem")"
cert_name_crt="${cert_name%.*}.crt"


# ===
# Add certificate to default certification file (default_cert_file)
# --

# RUN php -r "print_r(openssl_get_cert_locations());"
#
# This will output dfefault ssl certificate locations
#
#    Array
#    (
#        [default_cert_file] => /usr/lib/ssl/cert.pem
#        [default_cert_file_env] => SSL_CERT_FILE
#        [default_cert_dir] => /usr/lib/ssl/certs
#        [default_cert_dir_env] => SSL_CERT_DIR
#        [default_private_dir] => /usr/lib/ssl/private
#        [default_default_cert_area] => /usr/lib/ssl
#        [ini_cafile] =>
#        [ini_capath] =>
#    )
PHP=/usr/local/php-8.1/bin/php
_default_cert_file="$($PHP -r "print_r(openssl_get_cert_locations());" | grep -E "\[default_cert_file\]" | awk '{print$3}')"

wget --no-check-certificate -O ${_default_cert_file} "${cert_URL}"


# ===
# add certificate to ca-certificates file
# ===

_path_to_openssl_dir="$(openssl version -d | awk '{print$2}')"
_path_to_openssl_dir=${_path_to_openssl_dir#\"}
_path_to_openssl_dir=${_path_to_openssl_dir%\"}
_path_to_openssl_dir="$(realpath "${_path_to_openssl_dir}")"

_default_cert_dir="$(realpath "${_path_to_openssl_dir}/certs")"

if [[ -d "/usr/local/share/ca-certificates/" ]] ; then
   wget --no-check-certificate -O "/usr/local/share/ca-certificates/${cert_name_crt}" "${cert_URL}"
fi

update-ca-certificates
c_rehash "${_default_cert_dir}"



# =====
# Find the path to the trusted certificates and add certificate there
# =====

# ---
# using PHP
# ---
#
# RUN php -r "print_r(openssl_get_cert_locations());"
#
# This will output dfefault ssl certificate locations
#
#    Array
#    (
#        [default_cert_file] => /usr/lib/ssl/cert.pem
#        [default_cert_file_env] => SSL_CERT_FILE
#        [default_cert_dir] => /usr/lib/ssl/certs
#        [default_cert_dir_env] => SSL_CERT_DIR
#        [default_private_dir] => /usr/lib/ssl/private
#        [default_default_cert_area] => /usr/lib/ssl
#        [ini_cafile] =>
#        [ini_capath] =>
#    )
#
PHP=/usr/local/php-8.1/bin/php
$PHP -r "print_r(openssl_get_cert_locations());"
#
_default_cert_dir="$($PHP -r "print_r(openssl_get_cert_locations());" | grep -E "\[default_cert_dir\]" | awk '{print$3}')"
_default_cert_dir="$(realpath "${_default_cert_dir}")"

# ---
# using openssl directly
# ---
_path_to_openssl_dir="$(openssl version -d | awk '{print$2}')"
_path_to_openssl_dir=${_path_to_openssl_dir#\"}
_path_to_openssl_dir=${_path_to_openssl_dir%\"}
_path_to_openssl_dir="$(realpath "${_path_to_openssl_dir}")"


if [[ ! -d "${_path_to_openssl_dir}/certs" ]] ; then
   mkdir "${_path_to_openssl_dir}/certs"
fi
_default_cert_dir="$(realpath "${_path_to_openssl_dir}/certs")"


# ---
# Download certificate and save it into directory '${_default_cert_dir}'
# ---


wget --no-check-certificate -P "${_default_cert_dir}" "${cert_URL}"

chmod 644 "${_default_cert_dir}/${cert_name}"
c_rehash "${_default_cert_dir}"