##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004. 
# See http://www.eu-egee.org/partners/ for details on the copyright 
# holders.  
#
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
#
#    http://www.apache.org/licenses/LICENSE-2.0 
#
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS 
# OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions and 
# limitations under the License.
##############################################################################
#
# NAME :        config_crl
#
# DESCRIPTION : This function configures the fetch-crl cron job
#
# AUTHORS :     Gergely.Debreczen@cern.ch
#
# NOTES :      
#
# YAIM MODULE:  glite-yaim-core
#                 
##############################################################################

config_crl(){

if (echo "${NODE_TYPE_LIST}" | grep -qE 'TAR|tar'); then
 INSTALL_ROOT=${INSTALL_ROOT:-/usr}
else
 INSTALL_ROOT=/usr
fi

if (echo "${NODE_TYPE_LIST}" | grep -qE 'TAR|tar') && ( central_certs); then
 return 0
fi

let minute="$RANDOM%60"

let h1="$RANDOM%24"
let h2="($h1+6)%24"
let h3="($h1+12)%24"
let h4="($h1+18)%24"

####@	Removes old cron files: edg-fetch-crl and glite-fetch-crl
if [ "$(whoami)" = "root" ]
then

if [ ! -f ${GLITE_EXTERNAL_ROOT:-}/usr/sbin/fetch-crl ]; then
  yestr ${YEX_NOSUCHFILE}
  yaimlog ERROR "${GLITE_EXTERNAL_ROOT:-}/usr/sbin/fetch-crl doesn't exist. fetch-crl is probably not installed !"
  yaimlog ERROR "${YERRORSTR}"
  exit ${YEX_NOSUCHFILE}
fi
if [ -f /etc/cron.d/edg-fetch-crl ] ; then
	yaimlog INFO "Removing /etc/cron.d/edg-fetch-crl"
	rm -f /etc/cron.d/edg-fetch-crl
fi

if [ -f /etc/logrotate.d/edg-fetch ] ; then
        rm -f /etc/logrotate.d/edg-fetch
fi

if [ -f /etc/cron.d/glite-fetch-crl.cron ] ; then
	yaimlog INFO "Removing /etc/cron.d/glite-fetch-crl.cron"
	rm -f /etc/cron.d/glite-fetch-crl.cron
fi
fi

mkdir -p ${GLITE_EXTERNAL_ROOT:-}/var/log/
mkdir -p ${GLITE_EXTERNAL_ROOT:-}/etc/logrotate.d

####@ Creates libexec directory $INSTALL_ROOT/glite/libexec

mkdir -p $INSTALL_ROOT/libexec

if [ "$GLITE_OS" = "redhat" ]; then
   fetch_vers=`rpm -q --qf %{V} fetch-crl |cut -d"." -f 1`  
else
   fetch_vers=2
fi

####@ Checking for SITE_HTTP_PROXY variable defined
unset proxyline
if [ ! -z $SITE_HTTP_PROXY ] ; then 
 proxyline="export http_proxy=$SITE_HTTP_PROXY"
fi

####@ Create fetch-crl script which sets up the environment
if [ -f $INSTALL_ROOT/libexec/fetch-crl.sh ]; then
  mv $INSTALL_ROOT/libexec/fetch-crl.sh $INSTALL_ROOT/libexec/fetch-crl.sh.old
fi

CRLDIR=\${X509_CERT_DIR:-${GLITE_EXTERNAL_ROOT:-}/etc/grid-security/certificates}

if [ "${fetch_vers}" = "2" ]; then
   FETCH_CMD="${GLITE_EXTERNAL_ROOT:-}/usr/sbin/fetch-crl --loc \${CRLDIR} --out \${CRLDIR} --no-check-certificate"
else
   FETCH_CMD="${GLITE_EXTERNAL_ROOT:-}/usr/sbin/fetch-crl -l \${CRLDIR} -o \${CRLDIR}"
fi

echo ". ${GRID_ENV_LOCATION}/grid-env.sh" >> ${INSTALL_ROOT}/libexec/fetch-crl.sh
cat << EOF >> ${INSTALL_ROOT}/libexec/fetch-crl.sh
$proxyline

# Define the location of the CA files. Set the default value if X509_CERT_DIR is not defined 
CRLDIR=\${X509_CERT_DIR:-${GLITE_EXTERNAL_ROOT:-}/etc/grid-security/certificates}

${FETCH_CMD}

EOF

####@ Sets execute permissions on the fetch-crl.sh script
chmod a+x $INSTALL_ROOT/libexec/fetch-crl.sh

#fetch-crl from EPEL has the cron fetch-crl, and the update should be dome always
if ( ! echo "${NODE_TYPE_LIST}" | egrep -qi 'TAR' ); then
#if [ ! -f ${GLITE_EXTERNAL_ROOT:-}/etc/cron.d/fetch-crl ]; then
   yaimlog INFO "Now updating the CRLs - this may take a few minutes..."
   /usr/libexec/fetch-crl.sh >> ${GLITE_EXTERNAL_ROOT:-}/var/log/fetch-crl-cron.log 2>&1

   if [ $? -ne 0 ]; then 
      yaimlog WARNING "/usr/libexec/fetch-crl.sh didn't finish succesfully"
      yaimlog WARNING "CRLs may not be updated, please have a look !"
   fi
fi

if ( echo "${NODE_TYPE_LIST}" | egrep -qi 'TAR' ); then
    # do not rewrite the cron job if it already exists, otherwise the times
    # will change and it is possible that the current CRLs will only get
    # updated after more than 6 hours
    cron_job fetch-crl $(whoami) "$minute $h1,$h2,$h3,$h4 * * * $INSTALL_ROOT/libexec/fetch-crl.sh >> ${GLITE_EXTERNAL_ROOT:-}/var/log/fetch-crl-cron.log 2>&1"
fi

if [ "$(whoami)" = "root" ]
then
####@ Sets up the /etc/logrotate.d/fetch-crl logrotate
    cat <<EOF > /etc/logrotate.d/fetch-crl
/var/log/fetch-crl-cron.log  {
    compress
    monthly
    rotate 12
    missingok
    ifempty
    create
}
EOF
fi

if ( ! echo "${NODE_TYPE_LIST}" | egrep -qi 'TAR' ); then

####@ Creates the init.d script for fecth-crl
cat > /etc/init.d/fetch-crl << EOF
#!/bin/bash
###############################################################################
#
#       Copyright (c) Members of the EGEE Collaboration. 2004
#       See http://eu-egee.org/partners/ for details on the copyright holders
#       For license conditions see the license file or http://eu-egee.org/license.html
#
#   Startup script for fetch-crl
#
#   chkconfig: 345 97 97
#
#   description:  fetch-crl startup script
#
#   processname: fetch-crl
#
#   Author(s): Maria Alandes Pradillo <yaim-contact@cern.ch> 
#
#   Version: V1.0
#
#   Date: 14/11/2008
###############################################################################
case "\$1" in 
      start) /usr/libexec/fetch-crl.sh;;

        *) echo "======================================"
           echo "===== Usage: fetch-crl { start } ====="
           echo "======================================"
           exit 1;;
    esac
 
exit 0
EOF

####@ Make the script executable
chmod +x /etc/init.d/fetch-crl

####@ Add the script to the service list    

if [ "x${OS_TYPE}" != "xdebian" ]; then
  /sbin/chkconfig --add fetch-crl
else
  update-rc.d fetch-crl start 20 2 3 4 5 . stop 20 0 1 6 .
fi

####@ enable fetch-crl cron
if [ -f /etc/init.d/fetch-crl-cron ]; then
   /etc/init.d/fetch-crl-cron start
   if [ "x${OS_TYPE}" != "xdebian" ]; then
      /sbin/chkconfig fetch-crl-cron on
   else
      update-rc.d fetch-crl enable
   fi
   yaimlog DEBUG "fetch-crl cron enabled"
fi

fi

return 0
}
