#!/bin/bash

# Get a PEM format file with a CA certificate bundle in it.

BASEDIR=$(dirname "$0")

mkdir -p ${BASEDIR}/../certs

pushd ${BASEDIR}/../certs

curl --remote-name --time-cond cacert.pem https://curl.se/ca/cacert.pem || exit 1

# Let's Encrypt certificates are easy to get and quite popular, but many MU* servers lack the ability
# to deliver a proper intermediate certificate chain.  For that reason, we include the intermediates
# here.
curl --remote-name --time-cond letsencryptauthorityx3.pem.txt https://letsencrypt.org/certs/letsencryptauthorityx3.pem.txt || exit 1
curl --remote-name --time-cond lets-encrypt-x3-cross-signed.pem.txt https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem.txt || exit 1

cat cacert.pem letsencryptauthorityx3.pem.txt lets-encrypt-x3-cross-signed.pem.txt >cabundle.pem

popd

${BASEDIR}/process-pem.pl < ${BASEDIR}/../certs/cabundle.pem >${BASEDIR}/../certs/cabundle.js || exit 1

COUNT=`egrep '\-+BEGIN' ${BASEDIR}/../certs/cabundle.js | wc -l`

echo ""
echo "${COUNT} certificates successfully processed."