#!/usr/bin/env bash
# Copyright (C) 2013-2018:
# This file is part of Shinken Enterprise, all rights reserved.

# Set default umask to avoid problems when creating Shinken files
umask 0022

source /var/lib/shinken/libexec/libs/shinken_protected_fields.sh
source ../libexec/libs/shinken_protected_fields.sh 2>/dev/null   # For PyCharm

function usage {
    printf "\nUsage: $(basename $0) [options]\n\n"
    printf "This command generates a new key and migrates a synchronizer database to it.\n"
    printf "$(show_important_info "Note that this will restart the synchronizer twice and that there will be a short period during which the database is uncrypted").\n"
    printf "\nOptions :\n"
    printf "  -h          : Shows this help text\n"
    printf "\nExample :\n"
    printf "$(basename $0) \n\n"
    exit 1
}

if ! shinken-daemons-has synchronizer > /dev/null 2> /dev/null ;then
    printf "\n\n$(show_critical_info "The Synchronizer is not installed on this server ; this tool is not relevant.")\n\n"
    exit 1
fi

while [ $# -gt 0 ]; do
    case $1 in
        -h|-H|--help)
            usage
            ;;
        *)
            usage
            ;;
    esac
    shift
done

printf "This command proceeds in two steps :\n\t - first it will uncrypt the database using the current key\n\t - second it will ask you to generate a new key and then crypt the database with the new key.\n"

printf "\n\n\t$(show_question "Are you sure you want to proceed and migrate your key (if you answer negatively you can still re-run this command later) ?") (y/N) "
read -n 1 answer

if [ "$answer" != "y" ] && [ "$answer" != "Y" ] && [ "$answer" != "o" ] && [ "$answer" != "O" ]; then
    printf "\n$(show_critical_info "Aborting protected fields key migration")\n"
    exit 0
fi

printf "\n"

synchronizer_is_started
is_started=$?

if [ $is_started -eq 1 ] ; then
    printf "\nThe Synchronizer needs to be started to proceed with the migration.\n"
    printf "\n\n\t$(show_question "Do you want to start the Synchronizer and perform the migration now ?") (y/N) "
    read -n 1 answer
    if [ "$answer" != "y" ] && [ "$answer" != "Y" ] && [ "$answer" != "o" ] && [ "$answer" != "O" ]; then
        printf "\n$(show_critical_info "Aborting protected fields key migration")\n"
        exit 0
    fi

    printf "\n$(show_info "Now starting the Synchronizer... ") "
    stop_output=$(service shinken-synchronizer start)
    if [ $? -eq 0 ] ; then
        printf " $(show_success OK)\n"
    else
        printf "$(show_info "Unable to start the synchronizer").\n"
        exit 1
    fi
fi

printf "\n\n$(show_critical_info "First step:") $(show_important_info "Disabling encryption")\n"

if ! shinken-protected-fields-encryption-disable -y -q ; then
    printf "$(show_critical_info "Aborting : uncrypting the database failed.")\n\n"
    exit 1
fi

keyfile=$(spf_get_keyfile_name_from_synchronizer_cfg)
previous_key_name=$(spf_get_key_name_from_key_file "$keyfile")

if [ -f "$keyfile" ]; then
    mv "$keyfile" "${keyfile}.${previous_key_name}"
fi

while [ -z "$key_name" -o "$key_name" = "$previous_key_name" ]; do
    if [ "$key_name" = "$previous_key_name" ]; then
        printf "$(show_failure "The new key name must be different from the previous one.") "
    fi
    read -p "Enter your key name: " key_name
done

printf "\n"

if ! shinken-protected-fields-keyfile-generate -q -n "$key_name" ; then
    printf "$(show_critical_info "Aborting : new key generation failed.")\n\n"
    printf "$(show_critical_info "Your database in now uncrypted.")\n\n"
    exit 1
fi


printf "$(show_critical_info "Second step:") $(show_important_info "Enabling encryption with the new key :") $(show_data "$key_name")\n\n"
shinken-protected-fields-encryption-enable -y -q

