#!/usr/bin/env bash

prefix="_acme-challenge"

deploy_challenge() {

    declare -A domainvalues

    while (( "$#" )); do
        local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
        
        domainvalues[$DOMAIN]="${domainvalues[$DOMAIN]}&value=${TOKEN_VALUE}"

        shift 3
    done
    
    for DOMAIN in "${!domainvalues[@]}"; do
    
        . $PWD/hooks/joker/config.sh $DOMAIN

        local hostname='.'${DOMAIN//.$ZONE/}
        if [ "$hostname" ==  ".$ZONE" ]; then
          hostname=""
        fi

        local urlprefix=""

        echo "challenge-hook for: ${DOMAIN}"

        curl -X POST https://svc.joker.com/nic/replace \
        -d "username=${USERNAME}&password=${PASSWORD}&zone=${ZONE}&label=${prefix}${hostname}&type=TXT${domainvalues[$DOMAIN]}"
        
    done
    
    sleep 30

    # This hook is called once for every domain that needs to be
    # validated, including any alternative names you may have listed.
    #
    # Parameters:
    # - DOMAIN
    #   The domain name (CN or subject alternative name) being
    #   validated.
    # - TOKEN_FILENAME
    #   The name of the file containing the token to be served for HTTP
    #   validation. Should be served by your web server as
    #   /.well-known/acme-challenge/${TOKEN_FILENAME}.
    # - TOKEN_VALUE
    #   The token value that needs to be served for validation. For DNS
    #   validation, this is what you want to put in the _acme-challenge
    #   TXT record. For HTTP validation it is the value that is expected
    #   be found in the $TOKEN_FILENAME file.
}

clean_challenge() {

    declare -A domains

    while (( "$#" )); do
        local DOMAIN="${1}" TOKEN_FILENAME="${2}" TOKEN_VALUE="${3}"
        
        domains[$DOMAIN]=1

        shift 3
    done

    for DOMAIN in "${!domains[@]}"; do

        . $PWD/hooks/joker/config.sh $DOMAIN

        local hostname='.'${DOMAIN//.$ZONE/}
        if [ "$hostname" ==  ".$ZONE" ]; then
          hostname=""
        fi

        curl -X POST https://svc.joker.com/nic/replace \
        -d "username=${USERNAME}&password=${PASSWORD}&zone=${ZONE}&label=${prefix}${hostname}&type=TXT&value="

        shift 3
    done

    # This hook is called after attempting to validate each domain,
    # whether or not validation was successful. Here you can delete
    # files or DNS records that are no longer needed.
    #
    # The parameters are the same as for deploy_challenge.
    # delete TXT record
}

deploy_cert() {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}" TIMESTAMP="${6}"

    # This hook is called once for each certificate that has been
    # produced. Here you might, for instance, copy your new certificates
    # to service-specific locations and reload the service.
    #
    # Parameters:
    # - DOMAIN
    #   The primary domain name, i.e. the certificate common
    #   name (CN).
    # - KEYFILE
    #   The path of the file containing the private key.
    # - CERTFILE
    #   The path of the file containing the signed certificate.
    # - FULLCHAINFILE
    #   The path of the file containing the full certificate chain.
    # - CHAINFILE
    #   The path of the file containing the intermediate certificate(s).
    # - TIMESTAMP
    #   Timestamp when the specified certificate was created.
    #
    # usually, the software using the SSL certificate needs to be restartet or reloaded to become aware of
    # a new changed certificate
    #
    # systemctl reload nginx
    # systemctl reload apache2
    # service httpd reload
    # service apache reload
}

unchanged_cert() {
    local DOMAIN="${1}" KEYFILE="${2}" CERTFILE="${3}" FULLCHAINFILE="${4}" CHAINFILE="${5}"

    # This hook is called once for each certificate that is still
    # valid and therefore wasn't reissued.
    #
    # Parameters:
    # - DOMAIN
    #   The primary domain name, i.e. the certificate common
    #   name (CN).
    # - KEYFILE
    #   The path of the file containing the private key.
    # - CERTFILE
    #   The path of the file containing the signed certificate.
    # - FULLCHAINFILE
    #   The path of the file containing the full certificate chain.
    # - CHAINFILE
    #   The path of the file containing the intermediate certificate(s).
    echo "still valid: ${1}"
}

invalid_challenge() {
    local DOMAIN="${1}" RESPONSE="${2}"

    # This hook is called if the challenge response has failed, so domain
    # owners can be aware and act accordingly.
    #
    # Parameters:
    # - DOMAIN
    #   The primary domain name, i.e. the certificate common
    #   name (CN).
    # - RESPONSE
    #   The response that the verification server returned
    echo "FAILURE: ${1} (${2})"
}

request_failure() {
    local STATUSCODE="${1}" REASON="${2}" REQTYPE="${3}"

    # This hook is called when a HTTP request fails (e.g., when the ACME
    # server is busy, returns an error, etc). It will be called upon any
    # response code that does not start with '2'. Useful to alert admins
    # about problems with requests.
    #
    # Parameters:
    # - STATUSCODE
    #   The HTML status code that originated the error.
    # - REASON
    #   The specified reason for the error.
    # - REQTYPE
    #   The kind of request that was made (GET, POST...)
}

exit_hook() {
  # This hook is called at the end of a dehydrated command and can be used
  # to do some final (cleanup or other) tasks.
  # dehydrated --cleanup
  :
}

HANDLER="$1"; shift
if [[ "${HANDLER}" =~ ^(deploy_challenge|clean_challenge|deploy_cert|unchanged_cert|invalid_challenge|request_failure|exit_hook)$ ]]; then
  "$HANDLER" "$@"
fi