#!/bin/bash

function mbedtls_enable {
	if [ "$1" = "" ]; then
		return
	fi
	sed -i "s/^\/\/#define ${1}$/#define ${1}/" include/polarssl/config.h
}

function mbedtls_disable {
	if [ "$1" = "" ]; then
		return
	fi
	sed -i "s/^#define ${1}$/\/\/#define ${1}/" include/polarssl/config.h
}

cd `dirname $0`

version=`curl -s https://tls.mbed.org/download/latest-stable-version`
current=`grep "^=" ChangeLog | head -1 | cut -f4 -d' '`

if [ ${version} = ${current} ]; then
	echo "mbed TLS is already the latest version."
	exit
fi

echo "Downloading mbed TLS version ${version}."
wget --no-check-certificate -qO mbedtls.tgz "https://tls.mbed.org/download/mbedtls-${version}-gpl.tgz?do=yes"

if [ ! -s mbedtls.tgz ]; then 
	rm -f mbedtls.tgz
	echo "Download error."
	exit
fi

echo "Removing current mbed TLS library."
rm -rf include
rm -rf library

echo "Installing new mbed TLS library."
tar -xzf mbedtls.tgz
dir=`tar -tzf mbedtls.tgz | head -n1 | sed 's/\/$//'`
mv ${dir}/ChangeLog .
mv ${dir}/include .
mv ${dir}/library .

echo "Disabling SSL3.0 and RC4."
mbedtls_disable POLARSSL_SSL_PROTO_SSL3
mbedtls_disable POLARSSL_ARC4_C
mbedtls_enable  POLARSSL_REMOVE_ARC4_CIPHERSUITES

if [ -f ${version}.diff ]; then
	echo "Applying patch."
	patch -p1 < ${version}.diff
fi

echo "Cleaning up."
rm -f include/.gitignore
rm -f library/.gitignore
rm -rf ${dir}
rm mbedtls.tgz

echo "mbed TLS upgraded to version ${version}."
