#!/bin/sh
set -e

add-pkcs11-support

add_cert() {
	local NAME="$1"
	local FILE="$2"
	local SQL_DBDIR="$3"
	local PROG="$4"
	if certutil -L -n "$NAME" -d "$SQL_DBDIR" > /dev/null 2>&1
	then
		echo Certificate "$NAME" already in "$PROG"
	else
		echo Adding certificate "$NAME" to "$PROG"
		certutil -A -n "$NAME" -t CT,C,c -d "$SQL_DBDIR" -a \
			-i /usr/share/ca-certificates/"$FILE"
	fi
}

add_certs() {
	local SQL="$1"
	local DBDIR="$2"
	local PROG="$3"
	if [ ! -d "$DBDIR" ]
	then
		return
	fi
	add_cert "AC RAIZ DNIE - DIRECCION GENERAL DE LA POLICIA" \
		"dnielectronico.es/AC_RAIZ_DNIE.crt" "$SQL$DBDIR" "$PROG"
	add_cert "FNMT Clase 2 CA - FNMT" "fnmt.es/FNMT_Clase_2_CA_-_FNMT.crt" \
		"$SQL$DBDIR" "$PROG"
}

DBDIR=~/.pki/nssdb
add_certs "sql:" "$DBDIR" "user PKI"

DBDIR=$(ls -d ~/.mozilla/firefox/*.default 2> /dev/null || true)
add_certs "" "$DBDIR" Iceweasel
