#!/bin/bash

# Check if the required parameters are provided
if [ $# -ne 2 ]; then
    echo "Usage: $0 <target_machine> <path_to_ca_cert>"
    echo "Example: $0 target_machine /path/to/ca.pem"
    exit 1
fi

TARGET_MACHINE=$1
CA_CERT_PATH=$2

# Check if the CA certificate file exists locally
if [ ! -f "$CA_CERT_PATH" ]; then
    echo "CA certificate not found at $CA_CERT_PATH"
    exit 1
fi

# Copy the CA certificate to the target machine
echo "Copying CA certificate to $TARGET_MACHINE..."
scp "$CA_CERT_PATH" root@"$TARGET_MACHINE":/tmp/ca.pem

# Connect to the target machine and determine the OS
ssh root@"$TARGET_MACHINE" << 'EOF'
    # Detect the OS
    if [ -f /etc/debian_version ]; then
        echo "Detected Debian/Devuan system."
        # Install the CA certificate
        cp /tmp/ca.pem /usr/local/share/ca-certificates/
        update-ca-certificates
    
    elif [ -f /etc/redhat-release ]; then
        echo "Detected Red Hat/CentOS system."
        # Install the CA certificate
        cp /tmp/ca.pem /etc/pki/ca-trust/source/anchors/
        update-ca-trust
    
    elif [ "$(uname)" = "FreeBSD" ]; then
        echo "Detected FreeBSD system."
        # Install the CA certificate
        cp /tmp/ca.pem /usr/local/share/certs/ca.pem
        c_rehash /usr/local/share/certs/
    
    else
        echo "Unsupported OS. Exiting."
        exit 1
    fi

    echo "CA certificates updated successfully."
EOF

echo "CA certificate installation completed on $TARGET_MACHINE."