#!/bin/sh
set -e

CONFIG_FILE="/home/step/config/ca.json"
MARKER="/home/step/.postgres-configured"
POSTGRES_PASSWORD=$(cat /run/secrets/postgres_password)


# If already configured, start normally with PostgreSQL
if [ -f "$MARKER" ]; then
  echo "✅ PostgreSQL already configured, starting step-ca..."
  echo $(cat $CONFIG_FILE)
  exec step-ca "$CONFIG_FILE"
fi

# If ca.json does not exist yet, perform full initialization
if [ ! -f "$CONFIG_FILE" ]; then
  echo "🔄 Running step ca init (with Badger temporarily)..."
  
  # Use Docker secrets directly (mounted at /run/secrets/password)
  step ca init \
    --name="${DOCKER_STEPCA_INIT_NAME}" \
    --dns="${DOCKER_STEPCA_INIT_DNS_NAMES}" \
    --address=:9000 \
    --provisioner="${DOCKER_STEPCA_INIT_PROVISIONER_NAME}" \
    --password-file=/run/secrets/password \
    --provisioner-password-file=/run/secrets/password \
    --ssh \
    --acme  \
    --remote-management\
    --admin-subject="${DOCKER_STEPCA_INIT_ADMIN_SUBJECT}"
  
  echo "✅ Init complete, certificates generated"
  touch "$MARKER"
fi

# Now modify ca.json to use PostgreSQL
echo "🔧 Replacing Badger with PostgreSQL in ca.json..."

jq --arg datasource "postgresql://stepca:${POSTGRES_PASSWORD}@postgres:5432/stepca?sslmode=disable" \
  'del(.db) | . + {db: {type: "postgresql", dataSource: $datasource}}' \
  "$CONFIG_FILE" > "${CONFIG_FILE}.tmp"

mv "${CONFIG_FILE}.tmp" "$CONFIG_FILE"

# Mark as configured
touch "$MARKER"

echo "✅ PostgreSQL configured, starting step-ca with PostgreSQL backend..."
exec step-ca "$CONFIG_FILE" --password-file=/run/secrets/password