#!/bin/sh
# Split combined certificate file into separate components

COMBINED="/vault/certs/combined.pem"
CERT_FILE="/vault/certs/macmini.crt"
KEY_FILE="/vault/certs/macmini.key"
CA_FILE="/vault/certs/ca-chain.crt"

# Extract certificate (between ===CERT=== and ===CA===)
sed -n '/===CERT===/,/===CA===/p' "$COMBINED" | sed '1d;$d' > "$CERT_FILE"

# Append CA to certificate file for full chain
sed -n '/===CA===/,/===KEY===/p' "$COMBINED" | sed '1d;$d' >> "$CERT_FILE"

# Extract CA chain
sed -n '/===CA===/,/===KEY===/p' "$COMBINED" | sed '1d;$d' > "$CA_FILE"

# Extract private key
sed -n '/===KEY===/,$p' "$COMBINED" | sed '1d' > "$KEY_FILE"

# Set permissions
chmod 644 "$CERT_FILE" "$CA_FILE"
chmod 600 "$KEY_FILE"

# Reload nginx if running
nginx -s reload 2>/dev/null || true

echo "Certificates split successfully"