#!/bin/bash
# This should not be considered a good idea in any measure...
# Also script assumes root privs
hash -r
set -e

setglobal port = '8443'   # what if already occupied?
if [[ $1 != "" ]] {
    setglobal target = $1
} else {
    setglobal target = 'supermarket.chef.io'
}

if [[ $2 != "" ]] {
    setglobal cafile = $2
} else {
    setglobal cafile = '/opt/chef/embedded/ssl/cert.pem'
}

echo "Copying SSL certificate for $target into store $cafile"

if [[ -f ./proxy_setup.sh ]] {
  source ./proxy_setup.sh
}

apt-get install proxytunnel

proxytunnel -p $(https_proxy##*://) -d $target:443 -a $(port) &
setglobal pid = $BgPid
trap 'kill ${pid}' HUP EXIT INT
sleep 1
#TODO: check for some sort of failure?
cp -H $(cafile) "$(cafile).old"
echo | openssl s_client -connect 127.0.0.1:$port -showcerts | sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' >> $(cafile)