#!/usr/bin/env bash

# Copyright (C) 2013-2018:
# This file is part of Shinken Enterprise, all rights reserved.

# Set default umask to avoid problems when creating Shinken files
umask 0022

source /var/lib/shinken/libexec/libs/shinken_protected_fields.sh
source ../libexec/libs/shinken_protected_fields.sh 2>/dev/null   # For PyCharm

function usage()
{
    printf "\nUsage: $(basename $0) [options]\n\n"
    printf "This command restores a key export generated by $(show_command shinken-protected-fields-keyfile-export "")\n"
    printf "If the key file is not specified, it will be retrieved from the Synchronizer configuration file.\n"
    printf "If the key export is not specified, you will be asked for it interactively.\n"
    printf "\nOptions :\n"
    printf "  -h  : Shows this help text\n"
    printf "  -f  : Name of the key file into which to restore the key\n"
    printf "\nExample :\n"
    printf "$(basename $0) -f /etc/shinken/secrets/production_key bm9tfGZ3ZE4xd3I2T2JtczFzcHd0ZWRVYnY3eWUyc2l3TkVkUjAyWjZmOXRNakk9Cg==\n\n"
    exit 1
}

if ! shinken-daemons-has synchronizer > /dev/null 2> /dev/null ;then
    printf "\n\n$(show_critical_info "The Synchronizer is not installed on this server ; this tool is not relevant.")\n\n"
    exit 1
fi

spf_check_mongo_connexion "synchronizer"

named_keyfile=0
if [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ] ; then
    usage
fi

if [ "$1" = "-f" ] ; then
    if [ $# -ge 2 ] ; then
        keyfile="$2"
        named_keyfile=1
        shift 2
    else
        printf "\n$(show_failure "Please provide the keyfile name with the") $(show_command_parameter "-f") $(show_failure "option or remove it to use the one from the Synchronizer configuration.")\n"
        usage
    fi
fi

if [ $# -eq 1 ]; then
    key="$1"
else
    read -p "Please enter the $(show_important_info "key export") to restore : " key
fi

if [ $named_keyfile -eq 0 ] ; then
    keyfile=$(spf_get_keyfile_name_from_synchronizer_cfg)
    if [  $? -ne 0 ] ; then
        exit 1
    fi
fi

if [ -f "$keyfile" ] ; then
    backup_keyfile="${keyfile}.backup.$(date +%s)"
    if [ -f "$backup_keyfile" ] ; then
        backup_keyfile="${backup_keyfile}.$RANDOM"
    fi
    printf "\nCurrent key name = $(show_data "$(spf_get_key_name_from_key_file "$keyfile")")\n"
    printf "\n$(show_info "Making a backup of the current key in") $(show_data "$backup_keyfile")\n"
    mv "$keyfile" "$backup_keyfile"
fi


backup_key_name=$(spf_get_key_name_from_backup "$key")
if [ $? -ne 0 ]; then
    if [ -f "$backup_keyfile" ] ; then
        printf "\n $(show_important_info "=> Restoring the previous keyfile")\n"
        mv "$backup_keyfile" "$keyfile"
    fi
    exit 1
fi

backup_key_value=$(spf_get_key_value_from_backup "$key")
if [ $? -ne 0 ]; then
    if [ -f "$backup_keyfile" ] ; then
        printf "\n $(show_important_info "=> Restoring the previous keyfile")\n"
        mv "$backup_keyfile" "$keyfile"
    fi
    exit 1
fi

printf "\n$(show_info "Restoring key with name '$(show_data "${backup_key_name}")' to the key file $(show_data "$keyfile")") ... "

spf_restore_key_file_from_backup  "$key" "$keyfile"
if [ $? -ne 0 ]; then
    spf_show_error "The key you supplied cannot be restored."
    printf "\nIf this is not a typing mistake, please check the following hints :\n"
    printf "\n\t * Check if you have the correct export and re-use this command.\n"
    printf "\n\t * If you don't have an export, but you have a backup made after the encryption, you can use the command and follow its instructions :\n"
    printf "\n\t\t$(show_command "/var/lib/shinken/libexec/tools/shinken-protected-fields-keyfile-rescue-from-backup" "<your backup directory>")\n"
    if [ -f "$backup_keyfile" ] ; then
        printf "\n\n $(show_important_info "=> Until then, restoring the previous keyfile")\n"
        mv "$backup_keyfile" "$keyfile"
    fi
    exit 1
fi

printf "$(show_success Done)\n"

printf "\n$(show_important_info "You now need to (re)start the Synchronizer in order to use this key")\n\n"
