#!/bin/bash
#
# License: Copyright 2018 SpinetiX. This file is licensed
#          under the terms of the GNU General Public License version 2.
#          This program is licensed "as is" without any warranty of any
#          kind, whether express or implied.
#
# Copyright 1999-2003 MontaVista Software, Inc.
# Copyright 2002, 2003, 2004 Sony Corporation
# Copyright 2002, 2003, 2004 Matsushita Electric Industrial Co., Ltd.
#
### BEGIN INIT INFO
# Required-Start:
# Required-Stop:
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 5
# Default-Stop:
# Short-Description: Starting/stopping SpinetiX's device enroller daemon
# Description: Starting/stopping SpinetiX's device enroller daemon
### END INIT INFO

# Init script information
NAME=spxenroll
DESC="SPX device enroller"

# Individual Daemon information
DAEMON=/usr/sbin/spxenrolld
ARGS=""
BASENAME=spxenrolld

# Load init script configuration
[ -f /etc/default/$NAME ] && . /etc/default/$NAME

# Source the init script functions
. /etc/init.d/functions

# The location where the persistent data store is located
PERSISTENT_DATA_DIR=/var/lib/spinetix/persistent-data
PRIVATE_DIR=/var/run/spxenroll/private
KEY_FILE=device-private.key
PRIVATE_GROUP=enroll-data

# Verify daemons are installed
if [ ! -x $DAEMON -a "$1" != "stop" ]; then
    echo -n "Not starting $DESC $NAME, $DAEMON not installed"
    warning
    echo
    exit 0
fi

# checks if a private key is well formed
check_private_key() {
    openssl pkey -in "$1" -noout
}

# creates a new private key to the given file
create_private_key() {
    # NOTE: the genpkey command can generate keys for ECC as well, but it
    # does not use named curves, resulting in compatibility problems.
    local key="$1"
    openssl ecparam -out "$key" -name secp384r1 -genkey && chmod 0750 "$key" && chgrp "$PRIVATE_GROUP" "$key"
}

setup_private_key() {
    local persistent_key="$PERSISTENT_DATA_DIR"/"$KEY_FILE"
    local volatile_key="$PRIVATE_DIR"/"$KEY_FILE"

    if [ -f "$persistent_key" ]; then
	if check_private_key "$persistent_key"; then
	    cp "$persistent_key" "$volatile_key" && chmod 0750 "$volatile_key" && chgrp "$PRIVATE_GROUP" "$volatile_key"  
	    if [ $? -ne 0 ]; then
		echo "error: failed to set up private key"
		return 1
	    fi
	    echo -n "private key found, "
	    return 0
	fi
	echo "error: persistent private key is malformed, replacing"
    else
	echo -n "no persistent private key found, "
    fi
    if ! create_private_key "$volatile_key" ; then
	echo "error: failed to create new private key"
	return 1
    fi
    if ! cp "$volatile_key" "$persistent_key"; then
	echo "error: failed to make new key persistent"
	return 1
    fi
    echo -n "private key created, "
}

start() {
    local RET ERROR=

    echo -n "Starting $DESC: "

    setup_private_key

    if [ "$ENABLE_ENROLLMENT" = "yes" ]; then
	ARGS="$ARGS --enable"
    elif [ "$ENABLE_ENROLLMENT" = "no" ]; then
	ARGS="$ARGS --disable"
    fi
    if [ -n "$ENABLE_DEBUG" ]; then
        ARGS="$ARGS --debug"
    fi
    if  [ -n "$BASE_ENROLL_URL" ]; then
        ARGS="$ARGS -B $BASE_ENROLL_URL"
    fi

    echo -n "$NAME "
    $DAEMON $ARGS
    RET=$?
    if [ $RET -eq 0 ]; then
	success; echo
    else
	failure; echo
	return 1
    fi
	
    return 0
}

stop () {
    local RET ERROR=

    echo -n "Stopping $DESC: $NAME "
    $DAEMON -k
    RET=$?
    if [ $RET -eq 0 ]; then
	success; echo
    else
	failure; echo
	return 1
    fi

    return 0
}

restart() {
    local RET

    echo "Restarting $DESC..."
    stop
    start
    RET=$?

    return $RET
}

condrestart() {
    local RET

    pidofproc $BASENAME >/dev/null
    RET=$?
    if [ $RET -eq 0 ]; then
	restart
	RET=$?
    else
	RET=1
    fi

    return $RET
}

reload() {
    local RET pid

    # spxenroll has no support for HUP, so just restart
    condrestart
}

forcereload() {
    local RET

    reload
    RET=$?
    if [ $RET -ne 0 ]; then
	restart
	RET=$?
    fi

    return $RET
}

parse() {
    case "$1" in
	start)
	    start
	    return $?
	    ;;
	stop)
	    stop
	    return $?
	    ;;
	restart)
	    restart
	    return $?
	    ;;
	cnodrestart|try-restart)
	    condrestart
	    return $?
	    ;;
	reload)
	    reload
	    return $?
	    ;;
	force-reload)
	    forcereload
	    return $?
	    ;;
	status)
	    status $BASENAME
	    return $?
	    ;;
	*)
	    echo "Usage: $NAME " \
		"{start|stop|restart|condrestart|reload|force-reload|status}" >&2
	    ;;
    esac

    return 1
}

parse $@
