#!/bin/sh -e

. /usr/share/debconf/confmodule

if [ ! -e /dev/.devfsd ]; then
    # if devfs is not used, then ask for device file creation
    db_input medium freeswan/makedev || true
fi

db_input medium freeswan/restart || true

db_input high freeswan/create_rsa_key || true
db_go || true

db_get freeswan/create_rsa_key
if [ "$RET" = "true" ]; then
    db_input high freeswan/rsa_key_type || true
    db_go || true

    db_get freeswan/rsa_key_type
    if [ "$RET" = "plain" ]; then
        # create just a plain RSA keypair
        db_input medium freeswan/rsa_key_length || true
        db_go || true
    else
        # extract the RSA keypair from a x509 certificate
        db_input high freeswan/existing_x509_certificate || true
        db_go || true

	db_get freeswan/existing_x509_certificate
	if [ "$RET" = "true" ]; then
	    # existing certificate - use it
	    db_input critical freeswan/existing_x509_certificate_filename || true
	    db_input critical freeswan/existing_x509_key_filename || true
	    db_go || true
	else
	    # create a new certificate
	    db_input medium freeswan/rsa_key_length || true
	    db_input high freeswan/x509_self_signed || true
	    db_input medium freeswan/x509_country_code || true
	    db_input medium freeswan/x509_state_name || true
	    db_input medium freeswan/x509_locality_name || true
	    db_input medium freeswan/x509_organization_name || true
	    db_input medium freeswan/x509_organizational_unit || true
	    db_input medium freeswan/x509_common_name || true
	    db_input medium freeswan/x509_email_address || true
            db_go || true
	fi
    fi
fi