#!/bin/bash

ENGINE=$1

function gost
{
    cp /etc/pki/tls/openssl.cnf /etc/pki/tls/openssl.save
    sed -i 's/openssl_conf = default_modules/openssl_conf = openssl_def/' /etc/pki/tls/openssl.cnf

    echo '
[openssl_def]
engines = engine_section

[engine_section]
gost = gost_section

[gost_section]
engine_id = gost
dynamic_path = /usr/lib64/engines-1.1/gost.so
default_algorithms = ALL
CRYPT_PARAMS = id-Gost28147-89-CryptoPro-A-ParamSet' >> /etc/pki/tls/openssl.cnf

    sed -i 's/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
}

function default
{
    mv /etc/pki/tls/openssl.save /etc/pki/tls/openssl.cnf

    sed -i 's/@SECLEVEL=1:aGOST:aGOST01:kGOST:GOST94:GOST89MAC:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/@SECLEVEL=1:kEECDH:kRSA:kEDH:kPSK:kDHEPSK:kECDHEPSK:-aDSS:-3DES:!DES:!RC4:!RC2:!IDEA:-SEED:!eNULL:!aNULL:!MD5:-SHA384:-CAMELLIA:-ARIA:-AESCCM8/' /etc/crypto-policies/back-ends/openssl.config
}

case ${ENGINE} in
"gost")
    gost
;;

"default")
    default
;;
*)
    printf "Must be gost or default\n"
;;
esac