#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
# 
#   http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

help() {
   printf " -c use customized key/cert\n"
   printf " -k path of private key\n"
   printf " -p path of certificate of public key\n"
   printf " -t path of certificate chain\n"
   printf " -u path of root ca certificate \n"
}


config_httpd_conf() {
  local ip=$1
  local srvr=$2
  cp -f /etc/httpd/conf/httpd.conf.orig /etc/httpd/conf/httpd.conf
  sed -i -e "s/Listen.*:80$/Listen $ip:80/" /etc/httpd/conf/httpd.conf
  echo "<VirtualHost $ip:443> " >> /etc/httpd/conf/httpd.conf
  echo "  DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
  echo "  ServerName $srvr" >> /etc/httpd/conf/httpd.conf
  echo "  SSLEngine on" >>  /etc/httpd/conf/httpd.conf
  echo "  SSLProtocol all -SSLv2 -SSLv3" >>  /etc/httpd/conf/httpd.conf
  echo "  SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >>  /etc/httpd/conf/httpd.conf
  echo "  SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
  echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
}

config_apache2_conf() {
  local ip=$1
  local srvr=$2
  cp -f /etc/apache2/sites-available/default.orig /etc/apache2/sites-available/default
  cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
  sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
  sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
  sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
  sed -i  's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
  sed -i  's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
  sed -i  's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
  if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
  then
    sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl
  fi

  SSL_FILE="/etc/apache2/sites-available/default-ssl"
  PATTERN="RewriteRule ^\/upload\/(.*)"
  CORS_PATTERN="Header set Access-Control-Allow-Origin"
  if [ -f $SSL_FILE ]; then
    if grep -q "$PATTERN" $SSL_FILE ; then
      echo "rewrite rules already exist in file $SSL_FILE"
    else
        echo "adding rewrite rules to file: $SSL_FILE"
        sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE
    fi
    if grep -q "$CORS_PATTERN" $SSL_FILE ; then
      echo "cors rules already exist in file $SSL_FILE"
    else
        echo "adding cors rules to file: $SSL_FILE"
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE
        sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE
    fi
  fi

}

copy_certs() {
  local certdir=$(dirname $0)/certs
  local mydir=$(dirname $0)
  if [ -d $certdir ] && [ -f $customPrivKey ] &&  [ -f $customPrivCert ] ; then
       mkdir -p /etc/httpd/ssl/keys  &&  mkdir -p /etc/httpd/ssl/certs  &&  cp $customprivKey /etc/httpd/ssl/keys   &&  cp $customPrivCert /etc/httpd/ssl/certs
      return $?
  fi
  if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then
     cp $customCertChain /etc/httpd/ssl/certs  
  fi
  return 1
}

copy_certs_apache2() {
  local certdir=$(dirname $0)/certs
  local mydir=$(dirname $0)
  if [ -f $customPrivKey ] &&  [ -f $customPrivCert ] ; then
      cp $customPrivKey /etc/ssl/private/cert_apache.key   &&  cp $customPrivCert /etc/ssl/certs/cert_apache.crt
  fi
  if [ ! -z "$customCertChain" ] && [ -f "$customCertChain" ] ; then
     cp $customCertChain /etc/ssl/certs/cert_apache_chain.crt
  fi
  return 0
}


cflag=
cpkflag=
cpcflag=
cccflag=
customPrivKey=$(dirname $0)/certs/realhostip.key
customPrivCert=$(dirname $0)/certs/realhostip.crt
customCertChain=
customCACert=
publicIp=
hostName=
keyStore=$(dirname $0)/certs/realhostip.keystore
defaultJavaKeyStoreFile=/etc/ssl/certs/java/cacerts
defaultJavaKeyStorePass="changeit"
aliasName="CPVMCertificate"
storepass="vmops.com"
while getopts 'i:h:k:p:t:u:c' OPTION
do
  case $OPTION in
     c) cflag=1
        ;;
     k) cpkflag=1
        customPrivKey="$OPTARG"
        ;;
     p) cpcflag=1
        customPrivCert="$OPTARG"
        ;;
     t) cccflag=1
        customCertChain="$OPTARG"
        ;;
     u) ccacflag=1
        customCACert="$OPTARG"
        ;;
     i) publicIp="$OPTARG"
        ;;
     h) hostName="$OPTARG"
        ;;
     ?) help
        ;;
   esac
done


if [ -z "$publicIp" ] || [ -z "$hostName" ]
then
   help
   exit 1
fi

if [ "$cflag" == "1" ]
then
  if [ "$cpkflag$cpcflag" != "11" ] 
  then
     help
     exit 1
  fi
  if [ ! -f "$customPrivKey" ]
  then
     printf "private key file does not exist\n"
     exit 2
  fi

  if [ ! -f "$customPrivCert" ]
  then
     printf "public certificate does not exist\n"
     exit 3
  fi

  if [ "$cccflag" == "1" ] 
  then
     if [ ! -f "$customCertChain" ]
     then
        printf "certificate chain does not exist\n"
        exit 4
     fi
  fi
fi

if [ -d /etc/apache2 ]
then
  copy_certs_apache2
else
  copy_certs
fi

if [ $? -ne 0 ]
then
  echo "Failed to copy certificates"
  exit 2
fi

if [ -f "$customCACert" ]
then
  keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt
  keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customCACert
  keytool -importkeystore -srckeystore $defaultJavaKeyStoreFile -destkeystore $keyStore -srcstorepass $defaultJavaKeyStorePass -deststorepass $storepass -noprompt
fi

if [ -d /etc/apache2 ]
then
  config_apache2_conf $publicIp $hostName
  /etc/init.d/apache2 stop
  /etc/init.d/apache2 start
else
  config_httpd_conf $publicIp $hostName
fi