##############################################################################
# Copyright (c) Members of the EGEE Collaboration. 2004. 
# See http://www.eu-egee.org/partners/ for details on the copyright 
# holders.  
#
# Licensed under the Apache License, Version 2.0 (the "License"); 
# you may not use this file except in compliance with the License. 
# You may obtain a copy of the License at 
#
#    http://www.apache.org/licenses/LICENSE-2.0 
#
# Unless required by applicable law or agreed to in writing, software 
# distributed under the License is distributed on an "AS IS" BASIS, 
# WITHOUT WARRANTIES OR CONDITIONS 
# OF ANY KIND, either express or implied. 
# See the License for the specific language governing permissions and 
# limitations under the License.
##############################################################################
#
# NAME :        config_proxy_server
#
# DESCRIPTION : This function configures the 3.0 proxy server.
#
# AUTHORS :     Robert.Harakaly@cern.ch
#
# NOTES :      
#
# YAIM MODULE:  glite-yaim-myproxy
# UPDATES:      Ulrich.Schwickerath@cern.ch, Steve.Traylen@cern.ch
#                 
##############################################################################
#
# 21/05/2008 US,ML  rewrite to support more configuration options
#

config_proxy_server_check () {

requires $1 BDII_USER BDII_GROUP BDII_HOME_DIR X509_HOST_CERT X509_HOST_KEY
return $?

}

config_proxy_server_setenv () {

  yaimgridenv_set GLITE_PX_LOCATION "${GLITE_PX_LOCATION}"
  yaimgridenv_set GLITE_PX_LOCATION_ETC "${GLITE_PX_LOCATION_ETC}"
  yaimgridenv_set GLITE_PX_LOCATION_VAR "${GLITE_PX_LOCATION_VAR}"

  return 0

}

config_proxy_server () {

# copy to the location for MyProxy
cp ${X509_HOST_CERT} /etc/grid-security/myproxy/hostcert.pem
cp ${X509_HOST_KEY} /etc/grid-security/myproxy/hostkey.pem
chown myproxy:myproxy /etc/grid-security/myproxy/hostcert.pem
chown myproxy:myproxy /etc/grid-security/myproxy/hostkey.pem

MYPROXY_CONF=${GLITE_PX_LOCATION_ETC}/myproxy-server.config
MYPROXY_CONF_NEW=${GLITE_PX_LOCATION_ETC}/myproxy-server.config_NEW


# Special case where we are upgrading from the old style configuration.
# with a configuration file myproxy-server.config file.
pgrep -lf myproxy-server.config 2>&1 > /dev/null
if [ $? = "0" ] ; then
   yaimlog INFO "MyProxy Running with old style configuration, stopping"
   /sbin/service myproxy-server stop
fi


yaimlog DEBUG "Creating Minimal myproxy configuration."
cat <<EOF > $MYPROXY_CONF_NEW
# YAIM generated configuration file for MyProxy
#
# We allow anyone to use this service. They are checked against the
# installed CAs anyway.
# 
accepted_credentials "*"

EOF

if [ "x$GRID_TRUSTED_BROKERS" != "x" ] ; then
  yaimlog WARNING "Use of GRID_TRUSTED_BROKERS is deprecated in YAIM, use GRID_AUTHORIZED_RENEWERS"   
  echo "# Adding GRID_TRUSTED_BROKERS as authorized_renewers - Deprecated" >> $MYPROXY_CONF_NEW
  split_quoted_variable $GRID_TRUSTED_BROKERS | while read x; do
      test "x$x" != "x" && echo "authorized_renewers \"$x\"" >> $MYPROXY_CONF_NEW
  done
  echo "" >> $MYPROXY_CONF_NEW
fi

for VALUE in GRID_AUTHORIZED_RENEWERS       GRID_DEFAULT_RENEWERS \
             GRID_AUTHORIZED_RETRIEVERS     GRID_DEFAULT_RETRIEVERS \
             GRID_AUTHORIZED_KEY_RETRIEVERS GRID_DEFAULT_KEY_RETRIEVERS \
             GRID_TRUSTED_RETRIEVERS        GRID_DEFAULT_TRUSTED_RETRIEVERS \
             GRID_ALLOW_SELF_AUTHORIZATION \
             MYPROXY_DISABLE_USAGE_STATS

do
    KEY=`echo $VALUE | sed -e 's/^GRID_//' -e 's/^MYPROXY_//' | tr "[:upper:]" "[:lower:]"`
    echo "#Adding YAIM value $VALUE if any as $KEY values" >> $MYPROXY_CONF_NEW
    split_quoted_variable ${!VALUE} | while read x; do
        test "x$x" != "x" && echo "$KEY \"$x\"" >> $MYPROXY_CONF_NEW
    done
    echo "" >> $MYPROXY_CONF_NEW
done

/sbin/chkconfig --add myproxy-server

/sbin/chkconfig myproxy-server on

#
# check if the configuration changed and reload/replace only if necessary
#

[ -f $MYPROXY_CONF ] && diff $MYPROXY_CONF_NEW $MYPROXY_CONF 2>&1 > /dev/null
rc=$?

if [ $rc == 0 ]; then
  yaimlog INFO "MyProxy server configuration unchanged"
  rm -f  $MYPROXY_CONF_NEW
else
  yaimlog INFO "Reloading MyProxy server"
  mv $MYPROXY_CONF_NEW $MYPROXY_CONF
  /etc/init.d/myproxy-server reload < /dev/null
fi

/etc/init.d/myproxy-server status 2>&1 > /dev/null
if [ $? != "0" ] ; then
  yaimlog INFO "MyProxy server not running so starting"
  /etc/init.d/myproxy-server start
fi



return 0
}
