From a1ff0f90f67bd56420e0e2fd40822a23d660009c Mon Sep 17 00:00:00 2001
From: Rick Sommerville <rick.sommerville@netexperience.com>
Date: Sat, 22 May 2021 10:32:51 -0400
Subject: [PATCH] WIFI-2381 Query DigiCert's API for Redirector's address

Signed-off-by: Max Brenner <xamrennerb@gmail.com>
Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>
---
 .../opensync/files/bin/wlan_ap_redirector.sh  | 32 ++++++++++++++++---
 1 file changed, 28 insertions(+), 4 deletions(-)

diff --git a/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh b/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh
index e6f454cfa..d42358915 100755
--- a/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh
+++ b/feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh
@@ -1,11 +1,35 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
-	echo "Usage: $0 <redirector address>" >&2
-	exit 1
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
+
+  # TODO: this command should be retried if it fails
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  # TODO: we should get the port with the redirector record and only default to 6643 if no port was specified
+  redirector_addr="ssl:${controller_url}:6643"
+else
+  redirector_addr=$1
+fi
 
 uci set system.tip.redirector="${redirector_addr}"
 uci commit system