#!/usr/bin/env bash

# Copyright (C) 2013-2018:
# This file is part of Shinken Enterprise, all rights reserved.

# Set default umask to avoid problems when creating Shinken files
umask 0022

source /var/lib/shinken/libexec/libs/shinken_protected_fields.sh
source ../libexec/libs/shinken_protected_fields.sh 2>/dev/null   # For PyCharm

function usage()
{
    printf "\nUsage: $(basename $0) [options]\n\n"
    printf "This command exports a key from the Synchronizer configuration for backup.\n"
    printf "\nOptions :\n"
    printf "  -h          : Shows this help text\n"
    printf "  -f  <file>  : Specify the key file to export\n"
    printf "\nExample :\n"
    printf "$(basename $0)\n"
    exit 1
}


named_keyfile=0
keyfile=$(spf_get_keyfile_name_from_synchronizer_cfg)
while [ $# -gt 0 ] ; do
    case $1 in
        --help|-h)
            usage
            ;;
        -f)
            if [ $# -ge 2 ]; then
                keyfile="$2"
                shift
                named_keyfile=1
            else
                printf "$(show_failure "Please provide the keyfile name when using the") $(show_command_parameter -f) $(show_failure "option or remove it to use the one from the Synchronizer configuration.")\n"
                usage
            fi
            ;;
        *)
            usage
            ;;
    esac
    shift
done

if ! shinken-daemons-has synchronizer > /dev/null 2> /dev/null ;then
    printf "\n\n$(show_critical_info "The Synchronizer is not installed on this server ; this tool is not relevant.")\n\n"
    exit 1
fi

if [ $? -ne 0 ] ; then
    exit 1
fi

printf "\n$(show_important_info "Checking consistency between the synchronizer configuration file and the currently running configuration...") "
spf_check_consistency_config_db

if [ $? -ne 0 ]; then
    printf "\n\n$(show_critical_info "Consistency check failed ; make sure you restore the correct configuration file before anything else.")\n\n"
    printf "\n$(show_info "Here are some hints for this :")\n"
    printf "\n\t * If you have an export of the key from the database, you can use the command $(show_command "shinken-protected-fields-keyfile-restore" "")\n"
    printf "\n\t * If you don't have an export, but you have a backup made after the encryption, you can use the command and follow its instructions :\n"
    printf "\n\t\t$(show_command "/var/lib/shinken/libexec/tools/shinken-protected-fields-keyfile-rescue-from-backup" "<your backup directory>")\n"
    printf "\n"
    exit 1
else
    printf "$(show_success "DONE")\n"
fi


is_ciphered=$(spf_get_activated_from_synchronizer_cfg)
if [ $? -ne 0 ] ;then
    exit 1
fi

if [ $named_keyfile -eq 1 ] && [ ! -f "$keyfile" ] ; then
    printf "\n$(show_failure "The keyfile") $(show_data "$keyfile") $(show_failure "you provided on the command line does not exist")\n\n"
    exit 1
fi

if [ -z "$keyfile" ] && [ "$is_ciphered" = "1" ]; then
    printf "\n$(show_failure "Encryption is activated but the") $(show_data keyfile) $(show_failure "parameter is not defined...")\n\n"
    exit 1
fi

if [ ! -f "$keyfile" ] && [ "$is_ciphered" = "1" ]; then
    printf "\n$(show_failure "Encryption is activated but the keyfile") $(show_data "$keyfile") $(show_failure "is missing...")\n\n"
    exit 1
fi

if [ ! -f "$keyfile" ]; then
    printf "\n$(show_failure "The keyfile is missing ; I cannot export the key")\n\n"
    exit 2
fi

backup_key=$(spf_backup_key_from_key_file "$keyfile")
if [ $? -ne 0 ] ; then
    exit 1
fi

key_name=$(spf_get_key_name_from_backup "$backup_key")
if [ $? -ne 0 ] ; then
    exit 1
fi



printf "\nThe following line represents the protected fields cipher key named : $(show_data "$key_name")\n\n"
printf "$(show_data "$backup_key")\n\n"

printf "You are responsible for saving it securely in a separate place from the Shinken backup.\n"
printf "You can restore this key export by running the following command :\n\n"

if [ $named_keyfile -eq 1 ]; then
    printf "   $(show_command shinken-protected-fields-keyfile-restore "-f $keyfile $backup_key")\n\n"
else
    printf "   $(show_command shinken-protected-fields-keyfile-restore "$backup_key")\n\n"
fi

if [ $named_keyfile -eq 0 ]; then
    spf_check_mongo_connexion "synchronizer"
    mongo synchronizer --eval "db.getCollection('synchronizer-info').findAndModify( {query: {'_id':'protected_fields_info'},update:{'\$set': {'extracted_key':'true'}}})" > /dev/null 2>&1
fi
