#!/bin/bash

echo "Try download NetFree certificates"

CERT_URLS=(
    "https://netfree.link/cacert/united/root_ca_rsa.crt"
    "https://netfree.link/cacert/united/root_ca_ed25519.crt"
    "https://netfree.link/cacert/united/root_ca_prime256v1.crt"
    "https://netfree.link/cacert/united/root_ca_secp384r1.crt"
    "https://netfree.link/cacert/united/root_ca_rsa_2037.crt"
)

for URL in "${CERT_URLS[@]}"; do
    CERT=$(curl -L "$URL" 2> /dev/null)

    if [[ $CERT == *"BEGIN CERTIFICATE"* ]]; then
        sudo mkdir -p "/usr/share/ca-certificates/extra/"
        FILE_NAME=$(basename "$URL")
        echo "$CERT" | sudo tee "/usr/share/ca-certificates/extra/$FILE_NAME" > /dev/null
        echo "Saved certificate: $FILE_NAME"
        
        sudo dpkg-reconfigure -f noninteractive ca-certificates
        sudo sed -i.bak s/\!extra\\/$FILE_NAME/extra\\/$FILE_NAME/g /etc/ca-certificates.conf
        sudo dpkg-reconfigure -f noninteractive ca-certificates
    else
        echo "error: not have NetFree certificate from $URL"
    fi
done