#!/usr/bin/env bash
source "${SNAP}/init"

DOMAIN=`snapctl get domain`

if [ "${DOMAIN}" != "--not-set" ]; then
    snapctl is-connected certs
    if [ $? -ne 0 ]; then
        logger "${SNAP_NAME} is disconnected (uuid: ${UUID})"
        logger "${SNAP_NAME} domain is set to '--not-set'"
        snapctl set domain="--not-set"
        exit 1
    fi

    CERT_MATCH_NAME="${UUID}_${DOMAIN}"

    readarray -d '' CERTIFICATES < <(find ${CERTS_DIR} -type f -name "*${CERT_MATCH_NAME}*" -print0)
    logger "`expr ${#CERTIFICATES[@]} / 4` available for ${CERT_MATCH_NAME}"

    if [ "${#CERTIFICATES[@]}" -ne 0 ]; then
        gpg_start_agent
        i=0
        for CERTIFICATE in "${CERTIFICATES[@]}"; do
            DEST="${SSL_DIR}/`basename "${CERTIFICATE}" ".gpg"`"
            ORIG=""
            if [ -f "${DEST}" ]; then
                ORIG="`cat "${DEST}"`"
            fi
            gpg --batch --yes --output "${DEST}" --decrypt "${CERTIFICATE}"
                
            DIFF=`echo "${ORIG}" | diff "${DEST}" -`
            RET=$?
            if [ "${RET}" -ne 0 ]; then
                echo "${ORIG}" > "${DEST}.backup"
                (( i = $i + 1 ))
            fi
        done
        if [ "${i}" -ne 0 ]; then
            logger "Certificates (${DOMAIN}) changed for ${SNAP_NAME}-${UUID}, restart"
            snapctl restart "${SNAP_NAME}.hass"
        fi
        gpg_close_agent
    fi
else
    readarray -d '' CERTIFICATES < <(find ${CERTS_DIR} -type f -name "*${UUID}*" -print0)

    if [ "${#CERTIFICATES[@]}" -ne 0 ]; then
        logger "> `expr ${#CERTIFICATES[@]} / 4` available for ${SNAP_NAME} (uuid: ${UUID})"
        logger "> Consider setting your domain with 'sudo snap set ${SNAP_NAME} domain=\"domain.tld\"'"
    fi
fi