#!/bin/sh
# SPDX-FileCopyrightText: 2015-2025 Univention GmbH
# SPDX-License-Identifier: AGPL-3.0-only
set -e
umask 022

paramfile="$(ucr get ldap/tls/dh/paramfile)"
[ -n "$paramfile" ] || exit 0

log="$(mktemp)"
exec 3>&1 >"$log" 2>&1

tmp=$(mktemp "$paramfile.XXXXXXXXXX")
cleanup () {
	rv="$?"
	set +e
	cat "$log" >&3
	rm -f "$tmp" "$log"
	return "$rv"
}
trap cleanup EXIT

openssl dhparam -out "$tmp" -2 2048
chmod 644 "$tmp"
mv "$tmp" "$paramfile"

# shellcheck source=/dev/null
. /usr/share/univention-lib/ucr.sh
if is_ucr_true ldap/tls/dh/restart
then
	invoke-rc.d slapd crestart || :
fi

: >"$log"
exit 0
