#!/bin/bash

## Script Location
SCRIPTDIR=$(dirname $0)
source "$SCRIPTDIR/common/colors.sh"
source "$SCRIPTDIR/common/functions.sh"
source "$SCRIPTDIR/common/load-defaults.sh"

printf "$COL_LIGHT_BLUE" "* Checking if system already contains Membership to FreeIPA Realm"
realm_get_ca=0
if [[ ! -f /var/lib/ipa-client/sysrestore/sysrestore.state ]]
then
  printf "$COL_YELLOW" "** $HOSTNAME appears to not be joined to FreeIPA Server Realm"
else
  printf "$COL_GREEN" "** $HOSTNAME appears to already be joined to FreeIPA Server Realm"
  realm_get_ca=$freeipa_ca
fi

if [ "$freeipa_ca" == "ask" ]; then
  if (whiptail --title "FreeIPA Realm Join" --yes-button "yes" --no-button "no" --yesno "Do You want to use FreeIPA as a CA and get a certificate?" 10 80)
  then
    realm_get_ca=1
  else
    realm_get_ca=0
  fi
fi

## FreeIPA get ca
if [ "$realm_get_ca" == 1 ]; then
  printf "$COL_YELLOW" "** Grabbing Cert"
  mkdir -p /etc/certmonger/certs
  ipa-getcert request -f /etc/certmonger/certs/app.crt -k /etc/certmonger/certs/app.key -K HTTP/$(hostname -f) -D $(hostname -f) -N $(hostname -f)
  sudo getcert list
else
  printf "$COL_CYAN"  "** Skipping Cert Grabbing"
fi