#!/usr/bin/env bash

# Copyright (C) 2013-2018:
# This file is part of Shinken Enterprise, all rights reserved.

# Set default umask to avoid problems when creating Shinken files
umask 0022

source /var/lib/shinken/libexec/libs/shinken_protected_fields.sh
source ../libexec/libs/shinken_protected_fields.sh 2>/dev/null   # For PyCharm

function usage {
    printf "\nUsage: $(basename $0) [options]\n\n"
    printf "This command creates a named key and saves it in a key file\n"
    printf "If the key file is not specified, it will be retrieved from the Synchronizer configuration file.\n"
    printf "\nOptions :\n"
    printf "  --help              -h         : Shows this help text\n"
    printf "  --key-name <name>   -n <name>  : Name of the key\n"
    printf "  --key-file <file>   -f <file>  : Name of the file in which to save the key\n"
    printf "  --quiet             -q         : Reduce display verbosity\n"
    printf "\nExample :\n"
    printf "$(basename $0) -n 'production key' -f /etc/shinken/secrets/production_key\n\n"
    exit 1
}

if ! shinken-daemons-has synchronizer > /dev/null 2> /dev/null ;then
    printf "\n\n$(show_critical_info "The Synchronizer is not installed on this server ; this tool is not relevant.")\n\n"
    exit 1
fi

default_keyfile=1
quiet=0

set -- "$@"
while [ $# -gt 0 ] ; do
    case $1 in
        --help|-h)
            usage
            ;;
        --key-name|-n)
            if [ $# -ge 2 ]; then
                key_name="$2"
                shift
            else
                usage
            fi
            ;;
        --key-file|-f)
            if [ $# -ge 2 ]; then
                key_file="$2"
                shift
                default_keyfile=0
            else
                usage
            fi
            ;;
        --quiet|-q)
            quiet=1
            ;;
        *)
            usage
            ;;
    esac
    shift
done

if [ -z "$key_file" ]; then
    key_file="$(spf_get_keyfile_name_from_synchronizer_cfg)"
fi

if [ -z "$key_name" ]; then
    usage
fi

if [ -z "$key_file" ]; then
    spf_show_error "\n   The '$(show_data protect_fields__encryption_keyfile)' parameter is not defined in the synchronizer configuration file. I will not generate a key\n\n"
    printf "\n$(show_important_info "However if you want to encrypt your protected fields with a new key, please use the following command :")\n"
    printf "\n\t$(show_command shinken-protected-fields-keyfile-migrate "")\n\n"
    exit 1
fi

if [ $quiet -eq 0 ]; then
    printf "\n$(show_info "Generating keyfile for protected fields encryption... ")"
fi
spf_create_keyfile "$key_name" "$key_file"

if [ $? -eq 0 ] ;then
    if [ $quiet -eq 0 ]; then
        printf "$(show_success Done)\n"

        printf "\n$(show_important_info "Make sure you export this key using the following command :")\n\n"
        if [ $default_keyfile -eq 0 ] ; then
           params=" -f $key_file"
        else
            params=""
        fi
        printf "$(show_command "shinken-protected-fields-keyfile-export" "$params")"
        printf "\n\n"
    fi
else
    # The error message is displayed by spf_create_keyfile
    if [ -f "$key_file" ] ; then
        printf "\n$(show_important_info "However if you want to encrypt your protected fields with a new key, please use the following command :")\n"
        printf "\n\t$(show_command shinken-protected-fields-keyfile-migrate "")\n\n"
    else
        exit 1
    fi
fi
