CLIENT_ID=$(uci get system.@system[0].crypto_sn)
ENDPOINT="a1k5gpst54157z-ats.iot.us-east-1.amazonaws.com"
CREDENTIAL_ENDPOINT="c2dy5ia8fyusda.credentials.iot.us-east-1.amazonaws.com"
S3_ROLE="s3-de-iot-config-access"
S3_BUCKET_NAME="de-iot-config"
S3_BUCKET_REGION="us-east-1"
S3_DOWNLOAD_DIR="/tmp/downloads"

sed \
  -e "s|{{CLIENT_ID}}|${CLIENT_ID}|g" \
  -e "s|{{ENDPOINT}}|${ENDPOINT}|g" \
  -e "s|{{CREDENTIAL_ENDPOINT}}|${CREDENTIAL_ENDPOINT}|g" \
  -e "s|{{S3_ROLE}}|${S3_ROLE}|g" \
  -e "s|{{S3_BUCKET_NAME}}|${S3_BUCKET_NAME}|g" \
  -e "s|{{S3_BUCKET_REGION}}|${S3_BUCKET_REGION}|g" \
  -e "s|{{S3_DOWNLOAD_DIR}}|${S3_DOWNLOAD_DIR}|g" \
  /etc/gateway/provision.conf.tmpl > /etc/gateway/provision.conf

CLIENT_PEM=$(crypto-cli cert) || { echo "Failed to generate certificate" >&2; exit 1; }
echo "$CLIENT_PEM" > /etc/gateway/certs/gateway.pem

exit 0
