#!/usr/bin/env sh

# Based on https://gist.github.com/danie1k/c3d866eb6eed93bbc16b0628639efefe

HOSTNAME="gateway.rostvik.site"
CERT_ID="2"
USERNAME="root"
PASSWORD="{{ secret_rox_pass }}"

echo "Downloading certificate id=${CERT_ID} from ${HOSTNAME} into cert.pem file..."

# Open login screen
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    https://$HOSTNAME/system_certmanager.php \
    | grep hidden | sed -E 's/.*name="([^"\]+)" value="([^"]+)".*/\1=\2/' > /tmp/opnsense_csrf.txt

POST_DATA="usernamefld=${USERNAME}&passwordfld=${PASSWORD}&login=1&$(cat /tmp/opnsense_csrf.txt)"

# Perform login
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    https://$HOSTNAME/system_certmanager.php \
    -X POST --data "${POST_DATA}" > /dev/null

# Export user key
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    "https://$HOSTNAME/system_certmanager.php?act=key&id=$CERT_ID" > /etc/pve/local/pve-ssl.key

# Export user cert
curl --cookie /tmp/opnsense_cookies.txt --cookie-jar /tmp/opnsense_cookies.txt \
    "https://$HOSTNAME/system_certmanager.php?act=exp&id=$CERT_ID" > /etc/pve/local/pve-ssl.pem

rm -f /tmp/opnsense_csrf.txt /tmp/opnsense_cookies.txt

# Restart pveproxy
systemctl restart pveproxy.service

echo "Done."