#!/bin/bash
#
# Delete the specified server certificate, after archiving it.
#
#
# Change Activity:
#   05/27/2003 P. Callaghan - initial version
#   07/07/2004 P. Callaghan -01 removed apache config check which failed because this is
#                               not run as root
#
# Parameters:
#   $1: configured certificate file - the filename of the certificate that Apache is configured to use.
#   $2: configured key file - the filename of the key file that Apache is configured to use.
#   $3: configured SSL certificate chain file - the filename of the SSL certificate chain file that Apache is 
#       configured to use.
#   $4: configured archived certificate file - the filename of where the archived certificate is kept.
#   $5: configured archived key file - the filename of where the archived key file is kept.
#   $6: configured archived SSL certificate chain file - the filename of where the archived SSL certificate
#       chain file is kept.
#   $7: HTTPD executable - the filename of the HTTP daemon executable.
#   $8: HTTPD PID file - the filename of where the HTTP daemon PID number is kept. This is currently not used.
#   $9: HMC SSL specific config file - the filename of the HMC SSL specific configuration directives.
#   $10: ServerRoot directory for the HTTP daemon
#
# Exit status codes:
#   0: the server certificate was archived and the web server started or restarted successfully  
#   1: invalid number of arguments  
#   2: move command of server certificate file failed
#   5: the server certificate file to archive and delete does not exist
#   6: the server key file to archive and delete does not exist
#   7: move command of server key file failed
#     

EXIT_STATUS=0
HTTPD_START_OPTIONS='-DSSL' 
HTTPD_RESTART_OPTIONS='-k graceful' 
HTTPD_SYNTAX_CHECK_OPTIONS='-t' 
TRACE='actzTrace'
#TRACE='echo'
# use correct one for the above, eventually???

# Do I need to handle backing off any copy commands that may have succeeded but where ensuing operations failed???

#ARGS="$1 $2 $3 $4 $5 $6 $7 $8 $9 ${10}"
#$TRACE "XCRTDCST: -> deleteCert $ARGS"
$TRACE "XCRTDCST: -> deleteCert"

if [ $# != 10 ] ; then 
  # Invalid number of arguments. 
  EXIT_STATUS=1
  $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
  exit $EXIT_STATUS
fi

if [ ! -f $1 ]; then            
  # Server certificate file to archive does not exist. 
  EXIT_STATUS=5
  $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
  exit $EXIT_STATUS
fi

if [ ! -f $2 ]; then            
  # Server key file to archive does not exist. 
  EXIT_STATUS=6
  $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
  exit $EXIT_STATUS
fi

# Archive the server certificate file.
mv -f $1 $4
                   
if [ $? != 0 ]; then
  # Move command failed.
  EXIT_STATUS=2
  $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
  exit $EXIT_STATUS
fi

# Archive the server key file.
mv -f $2 $5

if [ $? != 0 ]; then
  # Move command failed.
  EXIT_STATUS=7
  $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
  exit $EXIT_STATUS
fi
                   
# Archive the SSL certificate chain file if it exists.
if [ -f $3 ]; then            
  # SSL certificate chain file exists.
  mv -f $3 $6

  if [ $? != 0 ]; then
    # Move command failed.
    EXIT_STATUS=9
    $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
    exit $EXIT_STATUS
  fi
else
  # SSL certificate chain file does not exist so ensure archived file will not exist.
  rm -f $6
fi
                   
# Ensure that the server is using the correct server certificate and key file.
# (make it empty since the server certificate and key file have been deleted).
echo '# SSL not enabled.' > $9

#-01 # Run a syntax check on the current configuration.
#-01 $7 $HTTPD_SYNTAX_CHECK_OPTIONS -d ${10}
#-01 if [ $? != 0 ]; then
#-01   # syntax check failed.
#-01   EXIT_STATUS=8
#-01   $TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
#-01   exit $EXIT_STATUS
#-01 fi

EXIT_STATUS=0
$TRACE "XCRTDCST: <- deleteCert returning $EXIT_STATUS"
exit $EXIT_STATUS

 
