#!/bin/bash
#
# Return code:
#   1: General Error
#   2: Incorrect cipher string specified
#   3: cipher string specified is not in current list
#
setWebUICipher()
{
   echo "CIPHER="$1 > $CIPHERFILE
   chmod 640 $CIPHERFILE
   chown root.root $CIPHERFILE
   return 0
}

getWebUICipher()
{
   if [ "$1" == "LIST" ]; then
#      java -cp /usr/websm/codebase/pluginjars/hsc.jar com.ibm.hsc.common.util.GetCipherList
       echo $AVAIL_CL
   fi
   if [ "$1" == "AVAIL" ]; then
     if [ ! -f $CIPHERFILE ]; then
       java -cp /usr/websm/codebase/pluginjars/hsc.jar com.ibm.hsc.common.util.GetCipherList
     else
        cat $CIPHERFILE | grep "CIPHER" | cut -d'=' -f2
     fi
   fi
   return $?
}
addWebUICipher()
{
   if [ ! -f $CIPHERFILE ]; then
   # just add 
      echo "CIPHER="$1 > $CIPHERFILE
      chmod 640 $CIPHERFILE
      chown root.root $CIPHERFILE
      return 0
   else
   # Look up in the current list and see if the newly cipher
   # you want to add exists. If it does not add to the current list.
      cl=`cat $CIPHERFILE | grep "CIPHER" | cut -d'=' -f2`
      ncl=`echo $cl | sed -e 's/,/ /g'`
      nl=`echo $1 | sed -e 's/,/ /g'`
      for i in $nl
      do
	found=0
	for j in $ncl
	do
	  if [ "$i" == "$j" ]; then
	    found=1
	    break
	  fi
	done
        if [ $found -ne 1 ]; then
        # add to list
          cl=$cl",$i"
        fi 
      done
      echo "CIPHER=${cl%%,}" > $CIPHERFILE
      chmod 640 $CIPHERFILE
      chown root.root $CIPHERFILE
      return 0
   fi
}
removeWebUICipher()
{
   if [ -f $CIPHERFILE ]; then
   # Only if file exist can we remove, obtain current list first
      cl=`cat $CIPHERFILE | grep "CIPHER" | cut -d'=' -f2`
      nl=`echo $cl | sed -e 's/,/ /g'`
   # Now fillup the array fl with
      fl=($nl)
   # now determine list of cipher to remove
      cl=`echo $1 | sed -e 's/,/ /g'`
   # Look up in the given cipher list want to remove,
   # if it exist in the current list then take it out.
      rl=""
      for j in "${fl[@]}" 
      do
        found=0
        for i in $cl
	do
	  if [ "$i" == "$j" ]; then
	    found=1
	    break
          fi 
        done
        if [ $found -eq 0 ]; then
	   rl=$rl"$j,"
	fi
      done
      # Remove last comma in the list
      echo "CIPHER=${rl%%,}" > $CIPHERFILE
      chmod 640 $CIPHERFILE
      chown root.root $CIPHERFILE
      return 0
   fi
   return 1
}
# Validate if a given list of cipher name is valid
# list is comma separated
validatecl()
{
   cl=`echo $1 | sed -e 's/,/ /g'`
   vl=`echo $AVAIL_CL | sed -e 's/,/ /g'`
   for i in $cl
   do
      found=0
      for j in $vl
      do
        if [ "$i" == "$j" ]; then
          found=1
	  break
        fi
      done
      if [ $found -eq 0 ]; then
         return 1
      fi
   done
   return 0
}
# Validate if a given list of cipher name is in
# the current list
incurrentcl()
{
   vl=`echo $1 | sed -e 's/,/ /g'`
   cl=`cat $CIPHERFILE | grep "CIPHER" | cut -d'=' -f2`
   nl=`echo $cl | sed -e 's/,/ /g'`
   for i in $vl
   do
      found=0
      for j in $nl
      do
        if [ "$i" == "$j" ]; then
          found=1
	  break
        fi
      done
      if [ $found -eq 0 ]; then
         return 1
      fi
   done
}
usage()
{
   echo "usage: hmccipher -w -{a | r | s | l | v} [ <cipher list>]"
   echo "                  w   WebUI cipher list"
   echo "		   s   Set the list"
   echo "		   l   Get the list of available cipher"
   echo "		   v   Get the list of current cipher"
   echo "		   a   Add to the list"
   echo "		   r   Remove from the list"
   exit 1
}
AVAIL_CL="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,SSL_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_RSA_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_RC4_128_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_FIPS_WITH_DES_CBC_SHA,SSL_DHE_RSA_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5,SSL_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA"
export PATH=/opt/IBMJava/bin:/usr/bin:/bin:$PATH
apps="webui"
ops="LIST"
CL=""
CIPHERFILE="/opt/hsc/data/cipher/webuicipher.conf"
if [ ! -d /opt/hsc/data/cipher ]; then
   mkdir -p /opt/hsc/data/cipher
   chmod 600 /opt/hsc/data/cipher
   chown root.root /opt/hsc/data/cipher
fi

while getopts 'ws:a:r:c:lv?' optname; do
   case "$optname" in
   w) apps="webui"
      ;;
   s) ops="SET"
      CL="$OPTARG"
      ;;
   l) ops="LIST"
      ;;
   a) ops="ADD"
      CL="$OPTARG"
      ;;
   c) ops="CHECK"
      CL="$OPTARG"
      ;;
   r) ops="REMOVE"
      CL="$OPTARG"
      ;;
   v) ops="AVAIL"
      ;;
   \?) usage;;
   esac
done

if [[ "$ops" == "SET" && "$CL" == "" ]]; then
   usage
fi
if [[ "$ops" == "ADD" && "$CL" == "" ]]; then
   usage
fi
if [ "$ops" == "CHECK" ]; then
   validatecl "$CL"
   if [ $? -ne 0 ]; then
      exit 2
   fi
fi

if [ "$ops" == "LIST" ]; then
   getWebUICipher LIST
   exit $?
fi
if [ "$ops" == "AVAIL" ]; then
   getWebUICipher AVAIL
   exit $?
fi
if [ "$ops" == "SET" ]; then
   validatecl "$CL"
   if [ $? -ne 0 ]; then
      exit 2
   fi
   setWebUICipher "$CL"
   exit $?
fi
if [ "$ops" == "ADD" ]; then
   validatecl "$CL"
   if [ $? -ne 0 ]; then
      exit 2
   fi
   addWebUICipher "$CL"
   exit $?
fi
if [ "$ops" == "REMOVE" ]; then
   validatecl "$CL"
   if [ $? -ne 0 ]; then
      exit 2
   fi
   incurrentcl "$CL"
   if [ $? -ne 0 ]; then
      exit 3
   fi
 
   removeWebUICipher "$CL"
   exit $?
fi
exit 0

