#!/bin/bash
# set -x
###############################################################################
##
##      Copyright (c) 2014 Avaya Inc All Rights Reserved
##      THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AVAYA INC
##
##      The copyright notice above does not evidence any
##      actual or intended publication of such source code.
##
###############################################################################
#
# This is the front-end script for the AVP Utilities update/patching plugin
#
# It is executed by the SDM webconsole in case of CSR related.
# The script invokes the /opt/avaya/common_services/certUtil script inside the virtual machine
#

# -----------------------------------------------------------------------------
# usage
#

function usage()
{
    echo ""
    echo " usage:  $(basename $0)  -c -s subject -b keysize -e hash -f |-r|-p|-d -n name | -l -g guest_ip -w dir"
    echo "    Commands"
    echo "         -c - create CSR"
    echo "         -r - remove CSR"
    echo "         -q - print CSR"
    echo "         -d - decode CSR"
    echo "         -l - list CSR"
    echo "    Parameter"
    echo "         -g guest_ip - AVP Utilities IP Address"
    echo "         -w dir      - working directory"
    echo "         -s subject  - subject prameter (/type1=val1/type2=val2...)"
    echo "         -b keysize  - keysize (2048, 3072 or 4096)"
    echo "         -e hash     - digest algorith (sha256, sha384 or sha512)"
    echo "         -n name     - uniquely identifiable name for generating CSR"
    echo "         -f          - include it if it is for CA certificate CSR" 
    echo ""
  
    exit ${RC_FAILED}
}

# -----------------------------------------------------------------------------
# result_success
#

function result_success()
{
    echo "${@}"
}

# -----------------------------------------------------------------------------
# error_exit
#

function error_exit()
{
    _RC=${1}
    shift
    
    echo "${@}" >&2

    exit ${_RC}
}

# -----------------------------------------------------------------------------
# is_host_reachable
#

function is_host_reachable()
{
    ping -W 1 -c 1 "${1}" >/dev/null 2>&1 || error_exit ${RC_NETWORK_FAILED} \
        "Domain $REMOTE_HOST not reachable"   
}

# -----------------------------------------------------------------------------
# clear_known_hosts
#

clear_known_hosts()
{
    sed -i -e /^${1}\\s/d ${HOME}/.ssh/known_hosts
}


# -----------------------------------------------------------------------------
# check environment
#

check_environment()
{
    [ -z "${WORK_DIR}" ] && error_exit ${RC_FAILED} \
        "Working directory not specified"

    [ ! -d "${WORK_DIR}" ] && error_exit ${RC_FAILED} \
        "Working directory '${WORK_DIR}' does not exist"
        
    [ -z "${REMOTE_HOST}" ] && error_exit ${RC_FAILED} \
        "AVP Utilities IP Address not specified"

}

# -----------------------------------------------------------------------------
# do_create
#

function do_create()
{
    # if already exists
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" listCSR \
                 | grep "${CSRNAME}" 2>${STDERR}) && error_exit {RC_ALREADY_EXISTS}

    # invoke install script inside AVP Utilities virtual machine
    if [ "$CA" = "TRUE" ];then
      RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" createCSR -subj $SUBJECT \
             -keysize $KEYSIZE -hash $DIGEST -name "$CSRNAME" -ca 2>${STDERR}) \
		 || error_exit ${RC_ERR_CREATE} "${RESULT}"
    else
      RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" createCSR -subj "$SUBJECT" \
             -keysize $KEYSIZE -hash $DIGEST -name "$CSRNAME" 2>${STDERR}) \
		|| error_exit ${RC_ERR_CREATE} "${RESULT}"
    fi
    echo "${RESULT}" 

    result=$(scp ${SCP} ${REMOTE_USER}@${REMOTE_HOST}:${REMOTE_DIR}/${CSRNAME}.${CSR_EXT} \
             ${REMOTE_DIR} 2>&1) || error_exit ${RC_FAILED}  "${result}"

    result_success "Successfully created and uploaded CSR ${REMOTE_DIR}/${CSRNAME}.${CSR_EXT}"
}

# -----------------------------------------------------------------------------
# do_remove
#

function do_remove()
{
    # Do nothing if not present
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" listCSR \
		 | grep "${CSRNAME}" 2>${STDERR}) || return

    # invoke remove script inside virtual machine
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" deleteCSR -name "${CSRNAME}" \
             2>${STDERR}) || error_exit ${RC_ERR_REMOVE} "${RESULT}"

    echo "${RESULT}" 
    result_success "Successfully deleted CSR ${CSRNAME}.${CSR_EXT} on ${VM_ID}"
}

# -----------------------------------------------------------------------------
# do_print
#

function do_print(){

    # Do nothing if not present
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" listCSR \
                 | grep "${CSRNAME}" 2>${STDERR}) || return

    # invoke remove script inside virtual machine
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" printCSR -name "${CSRNAME}" \
             2>${STDERR}) || error_exit ${RC_FAILED} "${RESULT}"

    echo "${RESULT}"
    result_success "Print CSR $CSRNAME from ${VM_ID} successful"
}

# -----------------------------------------------------------------------------
# do_decode
#

function do_decode(){

    # Do nothing if not present
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" listCSR \
                 | grep "${CSRNAME}" 2>${STDERR}) || return

    # invoke remove script inside virtual machine
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" decodeCSR -name "${CSRNAME}" \
             2>${STDERR}) || error_exit ${RC_FAILED} "${RESULT}"

    echo "${RESULT}"
    result_success "Decode CSR $CSRNAME from ${VM_ID} successful"
}

# -----------------------------------------------------------------------------
# do_list
#

function do_list()
{
    # invoke update script inside virtual machine
    RESULT=$(ssh ${SO} ${REMOTE_USER}@${REMOTE_HOST} "${REMOTE_CMD}" \
             listCSR 2>${STDERR}) || error_exit ${RC_FAILED} "$RESULT"

    result_success "List CSRs on ${VM_ID} successful"
}


# -----------------------------------------------------------------------------
# main
#

# Global Vars
VM_ID="utility_server"
CMD=""
WORK_DIR=""
QUERY_TYPE=""
SUBJECT=""
KEYSIZE=""
DIGEST=""
CSRNAME=""
CA=FALSE

# Return Codes
RC_SUCCESS=0
RC_NETWORK_FAILED=10
RC_FAILED=100
RC_ERR_CREATE=104
RC_ERR_REMOVE=105
RC_ALREADY_EXISTS=106

# Remote Parameter
REMOTE_USER="csadmin"
REMOTE_CMD="/opt/avaya/common_services/certUtil"
REMOTE_DIR="/var/tmp"
CSR_EXT="csr"

SO="-o StrictHostKeyChecking=no -o BatchMode=yes"
SCP="-o StrictHostKeyChecking=no"

# Process command line options
while getopts "crlpdw:g:s:b:e:n:f" CMD_OPTION
do
    case "${CMD_OPTION}" in
        c) CMD="do_create";;
        r) CMD="do_remove";;
        l) CMD="do_list";;
        p) CMD="do_print";;
        d) CMD="do_decode";;
       
        w) WORK_DIR=${OPTARG};;
        g) REMOTE_HOST=${OPTARG};;
	s) SUBJECT=${OPTARG};;
        b) KEYSIZE=${OPTARG};;
        e) DIGEST=${OPTARG};;
        n) CSRNAME=${OPTARG};;
        f) CA=TRUE;;
	[?]) usage;;
    esac
done

# check valid command
[ -z "${CMD}" ] && usage
# check environment is valid
check_environment
# set error and output files
STDOUT="${WORK_DIR}/patch_output.txt"
STDERR="${WORK_DIR}/patch_error.txt"
# set patch vars
#[ -n "${CSRNAME}" ] && set_update_vars ${CSRNAME}
# Check if host is reachable
is_host_reachable ${REMOTE_HOST}
# Clear remote host from known_hosts
clear_known_hosts ${REMOTE_HOST}

# Perform action
${CMD}
        
exit ${RC_SUCCESS}
