#!/bin/dash

gethash=/bin/gethash
CERT_DIR=/etc/ssl/certs

check_file() {
	grep -q "^-----BEGIN \(X509 |TRUSTED \)\?CERTIFICATE-----" $1
}

link_file() {
	local file=${1##*/}
	local dir=${1%/*}
	local fingerprint hash_value link_name tmp_fingerprint counter=0

	hash_value=$($gethash ${1} | cut -f1)
	fingerprint=$($gethash ${1} | cut -f2)

	while :; do
		local link_name=$dir/$hash_value.$counter

		if [ -e $link_name ]; then
			tmp_fingerprint=$($gethash $link_name | cut -f2)
			[ "$fingerprint" != "$tmp_fingerprint" ] || break
		else
			echo "$1 => $hash_value.$counter"
			ln -s $1 $link_name ||
				echo "Failed to create link for $1"
			break
		fi
		
		counter=$(($counter + 1))
	done
}

CERT_DIR="$CERTDIR $*"

for dir in $CERT_DIR; do
	dir=${dir%/}

	if [ -d $dir ]; then
		echo "Doing $dir"
		for file in ${dir}/*; do
			! check_file ${file} || link_file ${file}
		done
	else
		echo "Not a directory: $dir"
	fi
done