#!/bin/bash
##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004.
# See http://www.eu-egee.org/partners/ for details on the copyright
# holders.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS
# OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
##############################################################################
#
# NAME :        config_DPM_https
#
# DESCRIPTION : This function configures the HTTPS server
#
# AUTHORS :     David.Smith@cern.ch, Gergely.Debreczeni@cern.ch
#
# YAIM MODULE:  glite-yaim-dpm
#
##############################################################################

config_DPM_https_check () {
  requires $1 DPM_HTTPS
  return $?;	
}


config_DPM_https () {
cfname="CONFIG_DPM_HTTPS"

INSTALL_ROOT=${INSTALL_ROOT:-/opt}		

####@ Check if this component has to be configured
if [ "x${DPM_HTTPS}" != "xyes" ]; then
	yaimlog INFO " [$cfname] Skipping configuration of DPM-https - to activate add DPM_HTTPS=\"yes\" to your <config_dir>/services/<node_type> file!";
	return 0;
fi


####@ Update /etc/shift.conf with "https" protocol

if [ -f ${FUNCTIONS_DIR}/config_add_to_shift ]; then
	source ${FUNCTIONS_DIR}/config_add_to_shift
else
	yaimlog WARNING "${FUNCTIONS_DIR}/config_add_to_shift not found. Exiting."
	return 1
fi

add_to_shift "DPM PROTOCOLS" "https"


####@ Find out if we are a disk server, disk server + head node or plain head node 

yaimlog INFO " [$cfname] Checking the configuration of this DPM node ...."

isdiskserver="false"
isheadnode="false"

lDPNS_HOST=""
if [ -e /etc/sysconfig/rfiod ]; then
    lDPNS_HOST=`grep DPNS_HOST /etc/sysconfig/rfiod | cut -d "=" -f 2`
    isdiskserver="true"
fi

if [ -e /etc/sysconfig/dpm ]; then
    lDPNS_HOST=`grep DPNS_HOST /etc/sysconfig/dpm | cut -d "=" -f 2`
    isheadnode="true"
fi

if [ $isdiskserver = "true" ]; then
	if [ $isheadnode = "true" ]; then
		 nodetype="sor"
	else
		 nodetype="disk-node";
	fi
else
	if [ $isheadnode = "true" ]; then
		 nodetype="head-node"
	else
		 nodetype="none";
	fi
fi

if [ $(uname -m) = 'x86_64' ]; then
    lib_m='lib64'
else
    lib_m='lib'
fi

####@ Notify about the configuration found on this host

if [ $nodetype = "none" ]; then
	yaimlog ERROR "[$cfname] This node is neither configured as a DPM head node nor a DPM disk server - skipping configuration!"
	return -1;
fi

yaimlog INFO " [$cfname] This node has been detected to be of type <$nodetype>"
yaimlog INFO " [$cfname] [ sor='dpm head + disk node' , head-node='dpm service node' , disk-node='disk server' ]"

if [ $isheadnode = "true" ]; then
  if [ ! -e /usr/${lib_m}/httpd/modules/mod_gridsite.so -a \
         -e ${GLITE_LOCATION}/${lib_m}/httpd/modules/mod_gridsite.so ]; then
    yaimlog INFO " [$cfname] Adding link /usr/${lib_m}/httpd/modules/mod_gridsite.so -> ${GLITE_LOCATION}/${lib_m}/httpd/modules/mod_gridsite.so"
    ln -s ${GLITE_LOCATION}/${lib_m}/httpd/modules/mod_gridsite.so /usr/${lib_m}/httpd/modules/mod_gridsite.so
    if [ $? != "0" ]; then
      yaimlog ERROR " [$cfname] Couldn't create symbolic link"
      return -1;
    fi
  fi
fi

if [ ! -L ${LCG_LOCATION}/bin/dpm-httpd ]; then
	yaimlog INFO " [$cfname] Adding dpm-httpd link ${LCG_LOCATION}/bin/dpm-httpd -> /usr/sbin/httpd"
	if [ -x /usr/sbin/httpd ]; then
		ln -s /usr/sbin/httpd ${LCG_LOCATION}/bin/dpm-httpd
		if [ $? != "0" ]; then
			yaimlog ERROR " [$cfname] Couldn't create symbolic link to /usr/sbin/httpd!"
			return -1;
		fi
	else
		yaimlog ERROR " [$cfname] Cannot find httpd under /usr/sbin/httpd !"
		return -1;
	fi
else
	yaimlog INFO " [$cfname] Symbolic link exists already: ${LCG_LOCATION}/bin/dpm-httpd -> /usr/sbin/httpd"
fi

 		
if [ -e "/etc/init.d/dpm-httpd" ]; then
	/etc/init.d/dpm-httpd status >& /dev/null
	if [ $? = "0" ]; then
		yaimlog INFO " [$cfname] Stopping running dpm-httpd service now .... ";
		yaimlog INFO " [$cfname] -----------------s c r i p t  o u t p u t-----------------------"	
		/etc/init.d/dpm-httpd stop
		/etc/init.d/dpm-httpd status >& /dev/null
		res=$?
		yaimlog INFO " [$cfname] ----------------------------------------------------------------"
		if [ $res = "0" ]; then
			yaimlog ERROR "[$cfname] Couldn't stop the running dpm-httpd !";
			return -1;
		fi
	fi
fi
	
if [ -e "${LCG_LOCATION}/etc/dpm/https/conf/dpm-https-conf.sh" ]; then
	DPM_HTTPS_KEYSTORE=${LCG_LOCATION}/etc/dpm/https/keystore
	mkdir -p ${DPM_HTTPS_KEYSTORE}
	if [ $isheadnode = "true" ]; then
		if [ ! -d ${DPM_HTTPS_KEYSTORE} ]; then
			yaimlog ERROR "[$cfname] Couldn't create directory ${DPM_HTTPS_KEYSTORE} !";
			return -1
		fi

		yaimlog INFO " [$cfname] Your keystore is in  ${DPM_HTTPS_KEYSTORE}"
		yaimlog INFO " [$cfname] symlinking the DPM cert&key to this directory";
		if [ ! -e ${DPM_HTTPS_KEYSTORE}/cert.pem -a -e /etc/grid-security/${DPMMGR_USER}/dpmcert.pem ]; then
			ln -s /etc/grid-security/${DPMMGR_USER}/dpmcert.pem ${DPM_HTTPS_KEYSTORE}/cert.pem
		fi
		if [ ! -e ${DPM_HTTPS_KEYSTORE}/key.pem -a -e /etc/grid-security/${DPMMGR_USER}/dpmkey.pem ]; then
			ln -s /etc/grid-security/${DPMMGR_USER}/dpmkey.pem ${DPM_HTTPS_KEYSTORE}/key.pem
		fi
	else
		# we can assume that the headnode is up and running and the httpd is already configured
		# there, so we can fetch the certificate for checking the authentication token in
		# mod_keyauth
		yaimlog INFO " [$cfname] Your keystore is in  ${DPM_HTTPS_KEYSTORE}"
		yaimlog INFO " [$cfname] fetching the head-node's certificate";
		echo '' | openssl s_client -connect $DPM_HOST:443 -showcerts \
			-CApath /etc/grid-security/certificates \
			-key  /etc/grid-security/hostkey.pem \
			-cert /etc/grid-security/hostcert.pem \
			| awk 'BEGIN {cert=0} /-----BEGIN CERTIFICATE-----/ { if(cert==0) cert=1} { if(cert==1) print } /-----END CERTIFICATE-----/ {cert=2}' \
			> ${DPM_HTTPS_KEYSTORE}/cert.pem 2>/dev/null
	fi

	yaimlog INFO " [$cfname] Starting configuration script 'dpm-https-conf.sh -t $nodetype'"
	yaimlog INFO " [$cfname] -----------------s c r i p t  o u t p u t-----------------------"
	${LCG_LOCATION}/etc/dpm/https/conf/dpm-https-conf.sh -t $nodetype
	res=$?
	yaimlog INFO " [$cfname] ----------------------------------------------------------------"
	if [ $res = "0" ]; then	
	        yaimlog INFO " [$cfname] Starting dpm-httpd service ...";
		yaimlog INFO " [$cfname] -----------------s c r i p t  o u t p u t-----------------------"
		/etc/init.d/dpm-httpd start
		/etc/init.d/dpm-httpd status
		res=$?
		yaimlog INFO " [$cfname] ----------------------------------------------------------------"
		if [ $res != "0" ]; then
			yaimlog ERROR "[$cfname] Couldn't start dpm-httpd!";
			return -1
		else
			yaimlog INFO " [$cfname] Started successfully dpm-httpd!";
			yaimlog INFO " [$cfname] Configuration of DPM-https successfull!";
		fi
		return 0;
	else
		yaimlog ERROR "[$cfname] Configuration of DPM-https failed - fix above error!";
		yaimlog INFO " [$cfname] If you do miss a public key, copy the host certificate to the above mentioned location!" 
		yaimlog INFO " [$cfname] If you do miss a private key, copy the host key to the above mentioned location!" 
		return -1;
	fi
else 

	yaimlog ERROR "[$cfname] The configuration script is not installed on this machine - skipping configuration!"
	return -1;
fi

return 0
}

