#!/usr/bin/env bash

# Copyright (C) 2013-2018:
# This file is part of Shinken Enterprise, all rights reserved.

# Set default umask to avoid problems when creating Shinken files
umask 0022

source /var/lib/shinken/libexec/libs/shinken_protected_fields.sh
source ../libexec/libs/shinken_protected_fields.sh 2>/dev/null   # For PyCharm

function usage()
{
    printf "\nUsage: $(basename $0) [options]\n\n"
    printf "This command disables protected fields encryption in the Synchronizer\n"
    printf "\nOptions :\n"
    printf "  -h  : Shows this help text\n"
    printf "  -q  : Reduce the verbosity\n"
    printf "  -y  : Force the "YES" answer to all questions asked by this command\n"
    printf "\nExample :\n"
    printf "$(basename $0)\n\n"
    exit 1
}

if ! shinken-daemons-has synchronizer > /dev/null 2> /dev/null ;then
    printf "\n\n$(show_critical_info "The Synchronizer is not installed on this server ; this tool is not relevant.")\n\n"
    exit 1
fi


force_yes=0
quiet=0
while [ $# -gt 0 ]; do
    case $1 in
        -h|-H|--help)
            usage
            ;;
         -y)
            force_yes=1
            ;;
         -q)
            quiet=1
            ;;
        *)
            usage
            ;;
    esac
    shift
done

spf_check_mongo_connexion "synchronizer"
synchronizer_is_started
is_started=$?

if [ $quiet -eq 0 ] ; then
    printf "\n\n$(show_important_info "This command will disable encryption")"

    if [ $is_started -eq 0 ] ; then
        printf "$(show_important_info " and restart the synchronizer to decrypt the protected fields.")\n\n"
    else
        printf "$(show_important_info ". Then you have to start up your synchronizer to decrypt the protected fields.")\n\n"
    fi
fi

printf "\n$(show_important_info "Checking consistency between the synchronizer configuration file and the currently running configuration...") "
spf_check_consistency_config_db

if [ $? -ne 0 ]; then
    printf "\n\n$(show_critical_info "Consistency check failed ; make sure you restore the correct configuration file before anything else.")\n\n"
    printf "\n$(show_info "Here are some hints for this :")\n"
    printf "\n\t * If you have an export of the key from the database, you can use the command $(show_command "shinken-protected-fields-keyfile-restore" "")\n"
    printf "\n\t * If you don't have an export, but you have a backup made after the encryption, you can use the command and follow its instructions :\n"
    printf "\n\t\t$(show_command "/var/lib/shinken/libexec/tools/shinken-protected-fields-keyfile-rescue-from-backup" "<your backup directory>")\n"
    printf "\n"
    exit 1
else
    printf "$(show_success "DONE")\n"
fi

SYNCHRONIZER_CFG=/etc/shinken/synchronizer.cfg
key_file=$(spf_get_keyfile_name_from_synchronizer_cfg)

if [ -z "$key_file" ]; then
    key_file=/etc/shinken/secrets/protected_fields_key
fi

if grep -q 'protect_fields__activate_encryption=1' $SYNCHRONIZER_CFG ; then
    activated=1
else
    activated=0
fi

if [ -f "$key_file" ] ; then
    keyfile_present=1
else
    keyfile_present=0
fi

if [ $activated -eq 0 ] ; then
    printf "$(show_info "Encryption already disabled")\n"
    exit 0
fi

if [ $force_yes -eq 0 ] ;then
    printf "\n\n\t$(show_question "Are you sure you want to proceed and disable encryption ?") (y/N) "
    read -n 1 answer

    if [ "$answer" != "y" ] && [ "$answer" != "Y" ] ; then
        printf "\n$(show_info "Aborting field protections disabling")\n"
        exit 0
    fi
fi

printf "\n\n$(show_important_info "Disabling encryption with key named '$(show_data "$(spf_get_key_name_from_key_file ${key_file})")'...")\n"

if [ $is_started -eq 0 ] ; then
    printf "\n$(show_info "Now stopping the Synchronizer... ") "

    stop_output=$(service shinken-synchronizer stop)
    if [ $? -eq 0 ] ; then
        printf " $(show_success OK)\n"
    else
        printf "$(show_info "Synchronizer already stopped").\n"
    fi
fi

sed -i -e "s/protect_fields__activate_encryption=1/protect_fields__activate_encryption=0/" $SYNCHRONIZER_CFG
sed -i -e "s/protect_fields__activate_database_encryption=1/protect_fields__activate_database_encryption=0/" $SYNCHRONIZER_CFG
sed -i -e "s/protect_fields__activate_interface_encryption=1/protect_fields__activate_interface_encryption=0/" $SYNCHRONIZER_CFG

printf "\n$(show_success "Encryption disabled")\n\n"

if [ $is_started -eq 0 ] ; then
    printf "$(show_info "Now restarting the Synchronizer... ")"

    start_output=$(service shinken-synchronizer start)
    if [ $? -eq 0 ]; then
        printf " $(show_success OK)\n"
    else
        printf "$start_output\n"
        spf_show_error "An error occurred while starting the synchronizer ; please check the synchronizer logs.\n"
        exit 1
    fi
else
    printf "$(show_action "You now need to start the Synchronizer")\n\n"
fi
