#!/bin/sh

CA_CRT_URL=http://proxy/ca.crt


download_ca_cert()
{
    [ -e "$1" ] && return
    type curl >/dev/null 2>&1 && curl -so "$1" "${CA_CRT_URL}"
    [ -e "$1" ] && return
    type wget >/dev/null 2>&1 && wget -qO "$1" "${CA_CRT_URL}"
    [ -e "$1" ] && return
    if type bash >/dev/null 2>&1 ; then
        # shellcheck disable=SC2154
        host_slash_port=$(echo "${http_proxy##http://}" | tr : /)
        printf "exec 42<>/dev/tcp/%s ; echo -ne 'GET %s HTTP/1.0\r\nConnection: close\r\n\r\n' >&42 ; sed '0,/^\r$/d' <&42" "${host_slash_port}" "${CA_CRT_URL}" | bash
    fi
}

install_alpine()
{
    mkdir -p /usr/local/share/ca-certificates
    download_ca_cert /usr/local/share/ca-certificates/proxy.crt
    cat /usr/local/share/ca-certificates/proxy.crt >> /etc/ssl/certs/ca-certificates.crt
    apk add ca-certificates
    update-ca-certificates
}

install_arch()
{
    download_ca_cert /etc/ca-certificates/trust-source/anchors/proxy.crt
    update-ca-trust
}

install_debian()
{
    mkdir -p /usr/local/share/ca-certificates
    download_ca_cert /usr/local/share/ca-certificates/proxy.crt
    update-ca-certificates
}

install_redhat()
{
    download_ca_cert /etc/pki/ca-trust/source/anchors/proxy.crt
    update-ca-trust
}

[ -e /etc/alpine-release ] && install_alpine
[ -e /etc/arch-release ] && install_arch
[ -e /etc/debian_version ] && install_debian
[ -e /etc/redhat-release ] && install_redhat