#!/bin/sh

# Test script to start checkpki.sh in _respawnService mode
# Starts checkpki.sh

exec 2> /dev/null

ROOTACT=_REPLACEWITHROOTACT_
export ROOTACT

[ -f "/var/run/lrrsystem" ] && . "/var/run/lrrsystem"
. "${ROOTACT}/lrr/com/system_setting.sh"
_system_api_loaded 2> /dev/null || . "${ROOTACT}/lrr/com/system_api.sh"
. "${ROOTACT}/lrr/com/functionsservice.sh"
[ -f "${ROOTACT}/usr/etc/lrr/_parameters.sh" ] && . "${ROOTACT}/usr/etc/lrr/_parameters.sh"

OPTIONS=""
SERVICE="checkpki"
SERVICE_RUNDIR="${ROOTACT}/lrr/pkimgr"
SERVICE_COMMAND="checkpki.sh"
COMMAND="${SERVICE_RUNDIR}/${SERVICE_COMMAND}"

initServiceDataDefaultVars

usage() {
    echo "Usage: $0 {start|stop|restart|reload|status|info|clean}"
    echo " Where options are:"
    echo "  -h|--help   Print this help message"
}

serviceCommand() {
    echo "${COMMAND} ${OPTIONS}"
}

stopService() {
    CHECKPKI_PID=$(getPids "${SERVICE_COMMAND}")

    # Kill the checkpki.sh to avoid respawning the tunnels
    for p in ${CHECKPKI_PID} ; do
        kill -9 "${p}"
    done

    # Then ask to gracefully close tunnels
    ${COMMAND} stop
}

abortService() {
    CHECKPKISERVICE_PID=$(getPids "${SERVICE}")
    for p in ${CHECKPKISERVICE_PID} ; do
        [ "${p}" != "$$" ] && kill -9 "${p}"
    done

    stopService
    cleanServiceDataFiles
}

reloadService() {
    echo -n "Reloading ${SERVICE} service: "
    # Prevent reloading service if another instance is alread starting or stopping
    getServiceStatus
    ret=$?
    if [ "${ret}" -eq "${SERVICE_ST_STARTING}" ] ; then
        writeStatus ${ret}
        echo "Another instance is already starting"
        return ${ret}
    elif [ "${ret}" -eq "${SERVICE_ST_STOPPING}" ] ; then
        writeStatus ${ret}
        echo "Another instance is already stopping"
        return ${ret}
    fi
    TUNNEL_MODE=$(cat /var/run/checkpki_currentmode 2> /dev/null)
    if [ "${TUNNEL_MODE}" = "tls" ] ; then
        echo -n "(tls) "
        # Method: send HUP signal to stunnel to reload (is it sufficient ?)
        #kill -HUP $(cat /var/run/stunnel.pid 2> /dev/null) 2> /dev/null
        #if ! kill -HUP $(cat /var/run/stunnel.pid 2> /dev/null) 2> /dev/null ; then
        #    echo "[FAILED] Error reloading stunnel"
        #    return 1
        #fi
        # Method: kill all stunnel processes
        for p in $(getPids stunnel) ; do kill -9 "${p}" 2> /dev/null ; done
    elif [ "${TUNNEL_MODE}" = "ipsec" ] ; then
        echo -n "(ipsec) "
        # Need to source $CONF_FILE to retrieve $IPSEC_CMD (depends on gw models)
        CONF_FILE="${SERVICE_RUNDIR}/${SERVICE}.conf"
        [ ! -f "${CONF_FILE}" ] && echo "[FAILED] Unable to find ${CONF_FILE}" && return 1
        . "${CONF_FILE}"
        cpLoadConf
        if [ "${HOST_IPSEC}" -eq 1 ]; then
            # Cisco cases
            SystemGetFilePath "${ROOTACT}/lrr/pkimgr" "_checkpki_custom_functions.sh"
            [ ! -f "${sysfilepath}" ] && echo "[FAILED] Unable to find ${sysfilepath}" && return 1
            . "${sysfilepath}"
            if ! host_stop_vpn ; then echo "[FAILED]" && return 1; fi
            if ! host_start_vpn ; then echo "[FAILED]" && return 1; fi
        else
            ${IPSEC_CMD} restart 2> /dev/null
        fi
        #if ! ${IPSEC_CMD} restart 2> /dev/null ; then
        #    echo "[FAILED] Error reloading ipsec"
        #    return 1
        #fi
    fi
    # Abort current waitloop (if any) in order to checkpki to restart ipsec/tls process now
    kill $(cat /var/run/checkpki_loopwait.pid 2> /dev/null) 2> /dev/null

    echo "[OK]"
    return 0
}

infoService() {
    status
    if [ $? -eq "${SERVICE_ST_STARTED}" ] ; then
        TUNNEL_MODE=$(cat /var/run/checkpki_currentmode 2> /dev/null)
        echo "Current tunnel mode: $(cat /var/run/checkpki_currentmode 2> /dev/null)"
        if [ "${TUNNEL_MODE}" = "ipsec" ] ; then
            CONF_FILE="${SERVICE_RUNDIR}/${SERVICE}.conf"
            [ ! -f "${CONF_FILE}" ] && return 0
            . "${CONF_FILE}"
            cpLoadConf
            ${IPSEC_CMD} status 2>&1
        fi
    fi
}

clean() {
    handleParams stop

    echo -n "Cleaning ${SERVICE} service PKI files: "
    ${COMMAND} clean
    echo "[OK]"
    return 0
}

case "$1" in
    clean)
        clean
        ;;
    reload)
        reloadService
        ;;
    info)
        infoService
        ;;
    *)
        handleParams "$@"
        ;;
esac

exit $?
