#!/bin/sh
# Begin $rc_base/init.d/apache

# Based on sysklogd script from LFS-3.1 and earlier.
# Rewritten by Gerard Beekmans  - gerard@linuxfromscratch.org

. /etc/sysconfig/rc
. $rc_functions

generate_certificates() {
	if [ ! -f "/etc/httpd/server.key" ]; then
		boot_mesg "Generating HTTPS RSA server key (this will take a moment)..."
		openssl genrsa -out /etc/httpd/server.key 4096 &>/dev/null
		evaluate_retval
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.key" ]; then
		boot_mesg "Generating HTTPS ECDSA server key..."
		openssl ecparam -genkey -name secp384r1 -noout \
			-out /etc/httpd/server-ecdsa.key &>/dev/null
		evaluate_retval
	fi

	# Generate RSA CSR
	if [ ! -f "/etc/httpd/server.csr" ]; then
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
			openssl req -new -key /etc/httpd/server.key \
				-out /etc/httpd/server.csr &>/dev/null
	fi

	# Generate ECDSA CSR
	if [ ! -f "/etc/httpd/server-ecdsa.csr" ]; then
		sed "s/HOSTNAME/`hostname -f`/" < /etc/certparams | \
			openssl req -new -key /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.csr &>/dev/null
	fi

	if [ ! -f "/etc/httpd/server.crt" ]; then
		boot_mesg "Signing RSA certificate..."
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server.csr \
			-signkey /etc/httpd/server.key \
			-out /etc/httpd/server.crt &>/dev/null
		evaluate_retval
	fi

	if [ ! -f "/etc/httpd/server-ecdsa.crt" ]; then
		boot_mesg "Signing ECDSA certificate..."
		openssl x509 -req -days 999999 -sha256 \
			-in /etc/httpd/server-ecdsa.csr \
			-signkey /etc/httpd/server-ecdsa.key \
			-out /etc/httpd/server-ecdsa.crt &>/dev/null
		evaluate_retval
	fi
}

case "$1" in
	start)
		# Generate all required certificates
		generate_certificates

		boot_mesg "Starting Apache daemon..."
		/usr/sbin/apachectl -k start
		evaluate_retval
		;;

	stop)
		boot_mesg "Stopping Apache daemon..."
		/usr/sbin/apachectl -k stop
		evaluate_retval
		;;

	restart)
		boot_mesg "Restarting Apache daemon..."
		/usr/sbin/apachectl -k restart
		evaluate_retval
		;;
		
	reload)
		boot_mesg "Reloading Apache daemon..."
		/usr/sbin/apachectl -k graceful
		evaluate_retval
		;;

	status)
		statusproc /usr/sbin/httpd
		;;

	*)
		echo "Usage: $0 {start|stop|restart|status}"
		exit 1
		;;
esac

# End $rc_base/init.d/apache