est_client: switch to production environment

Signed-off-by: John Crispin <john@phrozen.org>

feeds/tip/cloud_discovery/files/usr/bin/est_client

@@ -8,9 +8,22 @@ import * as libuci from 'uci';
 
 let store_operational_pem = false;
 let store_operational_ca = false;
-let est_server = 'qaest.certificates.open-lan.org:8001';
+let est_server = 'est.certificates.open-lan.org';
 let cert_prefix = 'operational';
 
+function set_est_server() {
+	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
+	let issuer = pipe.read("all");
+	pipe.close();
+
+	if (!match(issuer, /Telecom Infra Project Issuing CA/)) {
+		ulog(LOG_INFO, 'Certificate type is "Demo" \n');
+		est_server = 'qaest.certificates.open-lan.org:8001';
+	} else {
+		ulog(LOG_INFO, 'Certificate type is "TIP"\n');
+	}
+}
+
 if (getenv('EST_SERVER'))
 	est_server = getenv('EST_SERVER');
 
@@ -79,6 +92,8 @@ function call_est_server(path, cert, target) {
 	if (generate_csr(cert))
 		return 1;
 
+	set_est_server();	
+
 	let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to request operational certificate\n');
@@ -126,6 +141,9 @@ function load_operational_ca() {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}
+
+	set_est_server();	
+
 	let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7');
 	if (!ret)
 		ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca');