#!/bin/bash

# samba uses system wide certificate for now
SERVER_CERT_PATH="$(CreoleGet server_cert)"

# samba domain controller may be in container "domaine"
SAMBA_CERT_FOLDER="$(CreoleGet container_path_domaine 2>/dev/null)/var/lib/samba/private/tls/certs/"

# create intermediate certificates file
echo """#-*- coding: utf-8 -*-
import os
from creole.cert import get_intermediate_certs, concat_fic

chain = get_intermediate_certs(\"$SERVER_CERT_PATH\")
if chain:
    concat_fic(\"$SAMBA_CERT_FOLDER/ca.pem\", chain)
elif os.path.isfile(\"$SAMBA_CERT_FOLDER/ca.pem\"):
    os.unlink(\"$SAMBA_CERT_FOLDER/ca.pem\")
""" > /tmp/samba_cert_chain.py

if [[ -f "$SERVER_CERT_PATH" ]]
then
    python3 /tmp/samba_cert_chain.py
fi

rm -f /tmp/samba_cert_chain.py

exit 0
