#!/bin/sh
#
# Manage OSGi runner home-brew secrets
#
# $Id$
#

export OSGI_PERFORM_REGROUP_BUNDLES="no"

if test "$OSGI_RUNNER_CONFIG_INCLUDED" != iro4sAFb2zRYXpP9
then
    . /usr/share/osgi-runner/sh/load-config-include.sh
fi

if test "$1" = "--help" -o "$1" = "-h" -o "$1" = "help"
then
    echo "usage: /usr/sbin/osgi-runner-secrets [-init|-list|-add|-decrypt]"
    echo "     Manage home-brew osgi-runner secrets."
    echo "       -init initializes the masterkey."
    echo "       -list <file> list secrets in file."
    echo "       -add <file> <pid> <key> <value> stores a value for a config."
    echo "                key to be accessed by a PID."
    echo "       -decrypt <file> <pid> <key> decrypt a value for a config."
    echo "                key previously store with -add."
    echo "        Encrypted secret files are stored in"
    echo '          /etc/osgi-runner/secrets.d/*.properties'
    echo 'examples:'
    echo '  osgi-runner-secrets -init'
    echo '  osgi-runner-secrets -add db-secrets.properties org.clazzes.jdbc.provider FANCYMAIL-db-passwd foobar123!#'
    echo '  osgi-runner-secrets -list db-secrets.properties'
    echo '  osgi-runner-secrets -decrypt db-secrets.properties org.clazzes.jdbc.provider FANCYMAIL-db-passwd'
    exit 0
fi

OSGI_MK_FILE=$OSGI_ETCDIR/conf.d/secret-masterkey.properties

OSGI_SECRETS_DIR=$OSGI_ETCDIR/secrets.d

OSGI_RUNNER_JARFILE=$(ls $OSGI_BASE/lib/osgi-runner-*.jar)

if test ! -f "$OSGI_RUNNER_JARFILE"
then
    echo "Cannot find any version of osgi-runner in $OSGI_BASE/lib"
    exit 1
fi

if test "$1" = "-init"
then
    if test -f "$OSGI_MK_FILE"
    then
        echo "Warn: $OSGI_MK_FILE exists, setting permissions."
        chown $OSGI_USER:$OSGI_GROUP "$OSGI_MK_FILE" || exit 2
        chmod 440 "$OSGI_MK_FILE" || exit 3
        echo "Successfully set permissions on $OSGI_MK_FILE"
    else
        sudo -u $OSGI_USER -g $OSGI_GROUP /bin/sh <<EOF
           echo -n osgi.runner.secretsMasterKey= > $OSGI_MK_FILE
           chmod 640 "$OSGI_MK_FILE"
           head -c 32 /dev/random | base64 >> "$OSGI_MK_FILE"
           chmod 440 "$OSGI_MK_FILE"
EOF
        if test $? -eq 0
        then
            echo "Successfully created $OSGI_MK_FILE"
        else
            echo "Error creating $OSGI_MK_FILE, please check manaully"
        fi
    fi

    if test -d "$OSGI_SECRETS_DIR"
    then
        echo "Warn: $OSGI_SECRETS_DIR exists, setting permissions."
    else
        echo "Creating $OSGI_SECRETS_DIR."
        mkdir $OSGI_SECRETS_DIR || exit 4
        echo "Successfully created $OSGI_SECRETS_DIR, setting permissions."
    fi
    chown $OSGI_USER:$OSGI_GROUP "$OSGI_SECRETS_DIR" || exit 5
    chmod 770 "$OSGI_SECRETS_DIR" || exit 6
    echo "Successfully set permissions on $OSGI_SECRETS_DIR"
else

    if test ! -f "$OSGI_MK_FILE"
    then
        echo "Error: $OSGI_MK_FILE does not exist, call 'osgi-runner-secrets -init'"
        exit 1
    fi

    if test ! -d "$OSGI_SECRETS_DIR"
    then
        echo "Error: $OSGI_SECRETS_DIR does not exist, call 'osgi-runner-secrets -init'"
        exit 2
    fi

    echo "Running in dirctory $OSGI_SECRETS_DIR"
    cd "$OSGI_SECRETS_DIR"
    
    sudo -u $OSGI_USER -g $OSGI_GROUP OSGI_SECRETS_MK=$(sed 's/^ *osgi\.runner\.secretsMasterKey *= *//p;d' $OSGI_MK_FILE) "$JAVA_EXE" -Dosgi.runner.etcPath="$OSGI_ETCDIR" -cp "$OSGI_RUNNER_JARFILE" org.clazzes.osgi.runner.ManageSecrets "$@"
    code=$?
    
    test -f "$2" && chmod o-rwx "$2"
    exit $code
fi
