#!/usr/bin/env bash
#
# Copyright (C) 2003 VA Linux Systems Japan, K.K.
#
# LICENSE NOTICE
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#   notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer in the
#   documentation and/or other materials provided with the distribution.
# 3. Neither the name of the company nor the names of its contributors
#   may be used to endorse or promote products derived from this software
#   without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

# This product includes software developed by the OpenSSL Project
# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
# This is just used to produce SSL certificate file.

set -e

eval `ultrapossum-config init`

tmp=`tempfile`
trap "/bin/rm -f $tmp; eval `ultrapossum-config term`" 0

configure() {
  install -d $TLSSYSCONFDIR
  if ! test -f "$TLSCERTIFICATEKEYFILE" && ! test -f "$TLSCERTIFICATEFILE"; then
    touch $TLSCERTIFICATEKEYFILE $TLSCERTIFICATEFILE
    chmod 600 $TLSCERTIFICATEKEYFILE
    ( echo "$CERTCOUNTRY";
      echo "$CERTSTATE";
      echo "$CERTLOCALITY";
      echo "$CERTORGANIZATION";
      echo "$CERTUNIT";
      echo "$CERTHOST";
      echo "$CERTEMAIL"; ) | \
        /usr/bin/openssl req -new -x509 -nodes \
          -days 365 -out $TLSCERTIFICATEFILE -keyout $TLSCERTIFICATEKEYFILE 2> $tmp || cat $tmp 1>&2
  fi


   # haresources configuration
   if test "x$ULTRAPOSSUMMARK" = "xULTRAPOSSUM"; then
     add_startmark "##" "STARTTLS" > $tmp
     echo "TLSCipherSuite	$TLSCIPHERSUITE" >> $tmp
     echo "TLSCertificateFile	$TLSCERTIFICATEFILE" >> $tmp
     echo "TLSCertificateKeyFile	$TLSCERTIFICATEKEYFILE" >> $tmp
     add_endmark "##" "STARTTLS" >> $tmp
     add_vaconf $SLAPDCONF $tmp "STARTTLS"
     add_vaconf $SLAPDMASTERCONF $tmp "STARTTLS"
   fi

}

remove() {
  if test -f "$SLAPDCONF"; then strip_vaconf $SLAPDCONF "STARTTLS"; fi
  if test -f "$SLAPDMASTERCONF"; then strip_vaconf $SLAPDMASTERCONF "STARTTLS"; fi
}

sanity() {
  if ! ldd $ldaplibexecdir/slapd | grep ssl > /dev/null &&
      ! ldd $ldaplibexecdir/slapd | grep tls > /dev/null
  then
    echo "E: $ldaplibexecdir/slapd doesn't support SSL/TLS" 1>&2
    exit 1
  fi
  if test -f "$TLSCERTIFICATEKEYFILE" && ! test -f "$TLSCERTIFICATEFILE"; then
    echo "E: Certificate Key file found, but Certificate file not found" 1>&2
    exit 1
  fi
  if test -f "$TLSCERTIFICATEFILE" && ! test -f "$TLSCERTIFICATEKEYFILE"; then
    echo "E: Certificate file found, but Certificate Key file not found" 1>&2
    exit 1
  fi
}

case "x$1" in
        xconfigure)
		sanity
                configure
		ultrapossum-config set .status ULTRAPOSSUM_MODULE_STARTTLS=installed
		/bin/rm -f $CONFSTATUS
	;;
        xremove)
                remove
		ultrapossum-config remove .status ULTRAPOSSUM_MODULE_STARTTLS
		/bin/rm -f $CONFSTATUS
        ;;
        xsanity)
                sanity
        ;;
        x)
                echo "Usage: $0 <configure|remove>" 1>&2
                exit 1
        ;;
        x*)
                echo "Unknown argument: $1" 1>&2
                exit 1
        ;;
esac

