#!/bin/sh

show_default() {

    DEFAULTCACONFFILE=`${GLOBUS_SH_LS-ls} -l "$secconfdir/grid-security.conf" | ${GLOBUS_SH_SED-sed} -e "s|.*-> \(.*\)|\1|"`
    DEFAULTCAHASH=`echo "$DEFAULTCACONFFILE" | ${GLOBUS_SH_SED-sed} -e "s|.*\.\(.*\)$|\1|"`
    
    echo
    echo "The default CA is:  $DEFAULTCAHASH"
    echo
}

ca_list() {


    INSTALLED_CERTS="`echo $trusted_certs_dir/*.0`"

    if [ -z "${INSTALLED_CERTS}" ]; then
        echo "No CA's have been installed on this host!"
        echo "To set the default CA, you first need to"
        echo "install a CA to the host"
        exit 1;
    else
        echo "The available CA configurations installed on this host are:"
        echo
    fi
    
    index=1
    for cert in $trusted_certs_dir/*.0; do
    
        eval "CA${index}=${cert}"
        TEMP_SUBJECT=`openssl x509 -in ${cert} -noout -subject`
        eval "CA_SUBJECT${index}=\"`echo ${TEMP_SUBJECT} | ${GLOBUS_SH_SED-sed} -e \"s|subject= ||\"`\""
        TEMP_HASH=`echo ${cert} | ${GLOBUS_SH_SED-sed} -e  "s|.*/\([^/]*\)\.0|\1|"`
        eval "CA_HASH${index}=$TEMP_HASH"
        eval "echo \"$index) \${CA_HASH${index}} -  \${CA_SUBJECT${index}}\""
        index=`expr $index + 1`
    done

    show_default
}

interactive() {
    
    ca_list

    echo
    echo -n "Enter the index number of the CA to set as the default: "
    read CA_CHOSEN_INDEX

    while [ -z "$CA_CHOSEN_INDEX" ]
    do
        echo
        echo -n "Enter the index number of the CA to set as the default: "
        read CA_CHOSEN_INDEX
    done
    
    if [ 1 -gt ${CA_CHOSEN_INDEX} ] || [ $index -le ${CA_CHOSEN_INDEX} ]; then
        echo "${CA_CHOSEN_INDEX} is not a valid index!"
        exit 1
    fi
    
    eval "CA_SUBJECT=\${CA_SUBJECT${CA_CHOSEN_INDEX}}"
    eval "CA_CERT=\${CA${CA_CHOSEN_INDEX}}"
}

readCommandLine () {
    # Expects $* from the shell invocation

    while [ "X$1" != "X" ]
    do
        case $1 in
            -\?|-h|-help|usage)
                long_usage
                exit 0
                ;;
                
            -dir)
                secconfdir="$2"
                shift ; shift
                ;;

            -list)
                JUSTLIST=1
                shift 
                ;;
            -ca)
                ca_to_use="$2"
                shift ; shift
                ;;
            *)
                globus_args_unrecognized_option "$1"
                ;;
         esac
    done

}

error() {

    eval "missing_file=\$$1"

    echo
    echo "The file: ${missing_file} does not exist"
    echo "The CA: ${CA_SUBJECT}"
    echo "has not been setup correctly."
    echo
    exit 1
}

long_usage () {
    ${GLOBUS_SH_CAT-cat} >&2 <<EOF

${short_usage}

    Options:
      -help            : Display this message
      -dir <dir_name>  : The security config directory (defaults to
                         /etc/grid-security/)
      -list            : List the available CAs to use and the current
                         default
      -ca <ca hash>    : Set the default CA non-interactively
EOF

}


############################################################
# main code section
############################################################
if test -z "${GLOBUS_LOCATION}"; then
    echo 
    echo "ERROR: Please set the GLOBUS_LOCATION to the Globus"
    echo "installation directory before running this script."
    echo
    exit 1
fi

. ${GLOBUS_LOCATION}/libexec/globus-script-initializer
globus_source ${libexecdir}/globus-sh-tools.sh

PROGRAM_NAME=`echo $0 | ${GLOBUS_SH_SED-sed} 's|.*/||g'`

PROGRAM_VERSION=`echo '$Revision: 1.2.12.2 $'| ${GLOBUS_SH_SED-sed} -e 's|\\$||g' -e 's|Revision: \(.*\)|\1|'`

VERSION="1.7"

PACKAGE="globus_gsi_cert_utils"

DIRT_TIMESTAMP="1079476628"
DIRT_BRANCH_ID="52"

short_usage="$PROGRAM_NAME [-help] [ options ...]"

. $libexecdir/globus-args-parser-header

readCommandLine "$@"

if [ ! -z "${GRID_SECURITY_DIR}" ] ; then
    if [ -r "${GRID_SECURITY_DIR}/globus-user-ssl.conf" ] && 
       [ -r "${GRID_SECURITY_DIR}/globus-host-ssl.conf" ] ; then
        secconfdir="${GRID_SECURITY_DIR}"

        if [ -z "${X509_CERT_DIR}" ] ; then
               trusted_certs_dir="${secconfdir}/certificates"
        else
               trusted_certs_dir="${X509_CERT_DIR}"
        fi
    else
        echo "Can't find valid CA config files in " \
             "GRID_SECURITY_DIR  = ${GRID_SECURITY_DIR}." 
        echo "Please make sure that you have installed and " \
             "setup a CA setup package."
        echo ""
        exit 1   
    fi
elif [ -r "/etc/grid-security/globus-user-ssl.conf" ] && 
     [ -r "/etc/grid-security/globus-host-ssl.conf" ] ; then
    secconfdir="/etc/grid-security"
    trusted_certs_dir="${secconfdir}/certificates"
elif [ -r "${GLOBUS_LOCATION}/etc/globus-user-ssl.conf" ] &&
     [ -r "${GLOBUS_LOCATION}/etc/globus-host-ssl.conf" ] ; then
    secconfdir="${GLOBUS_LOCATION}/etc"
    trusted_certs_dir="${GLOBUS_LOCATION}/share/certificates"
else
    echo "Can't find valid CA config files. Please make sure"
    echo "that you have installed and setup a CA setup package."
    echo ""
    exit 1
fi

if [ ! -d "${secconfdir}" ] || [ ! -d "${trusted_certs_dir}" ]; then
    echo 
    echo "There does not appear to be a valid grid security configuration"
    echo "located at ${secconfdir}."
    echo "To specify a different location where the grid security"
    echo "configuration files where installed, use the -dir option or"
    echo "set the GRID_SECURITY_DIR environment variable."
    echo ""
    echo "X509_CERT_DIR may also need to be set as well."
    echo ""
    exit 1
fi

if [ -n "$JUSTLIST" ]; then
    ca_list
    exit
fi

if [ ! -w "${secconfdir}" ]; then
    echo
    echo "You do not have permission to set"
    echo "the default CA configuration at"
    echo 
    echo $secconfdir
    echo
    echo "To change the location of the CA config"
    echo "files, use the -dir option or set"
    echo "the GRID_SECURITY_DIR environment"
    echo "variable to their location"
    echo
    exit 1
fi

if [ -z "$ca_to_use" ]; then
    interactive
else
    CA_CERT="${trusted_certs_dir}/$ca_to_use.0"
    TMP_SUBJECT=`openssl x509 -in ${CA_CERT} -noout -subject`
    CA_SUBJECT=`echo ${TMP_SUBJECT} | ${GLOBUS_SH_SED-sed} -e "s|subject= ||"`
fi

echo
echo "setting the default CA to: ${CA_SUBJECT}"
echo

NEW_DEFAULT_CA_HASH=`openssl x509 -in ${CA_CERT} -noout -hash`

GRID_SECURITY_FILE=${trusted_certs_dir}/grid-security.conf.${NEW_DEFAULT_CA_HASH}
CA_SSL_HOST_CONFIG_FILE=${trusted_certs_dir}/globus-host-ssl.conf.${NEW_DEFAULT_CA_HASH}
CA_SSL_USER_CONFIG_FILE=${trusted_certs_dir}/globus-user-ssl.conf.${NEW_DEFAULT_CA_HASH}


if [ -w ${GRID_SECURITY_FILE} ]; then
    
    echo "linking ${GRID_SECURITY_FILE} to"
    echo "        ${secconfdir}/grid-security.conf"
    echo
    ${GLOBUS_SH_RM-rm} -f ${secconfdir}/grid-security.conf
    ${GLOBUS_SH_LN-ln} -s ${GRID_SECURITY_FILE} \
			  ${secconfdir}/grid-security.conf 
else
    error GRID_SECURITY_FILE
fi

if [ -w ${CA_SSL_HOST_CONFIG_FILE} ]; then

    echo "linking ${CA_SSL_HOST_CONFIG_FILE} to"
    echo "        ${secconfdir}/globus-host-ssl.conf"
    echo
    ${GLOBUS_SH_RM-rm} -f ${secconfdir}/globus-host-ssl.conf
    ${GLOBUS_SH_LN-ln} -s ${CA_SSL_HOST_CONFIG_FILE} \
		          ${secconfdir}/globus-host-ssl.conf
else
    error CA_SSL_HOST_CONFIG_FILE
fi

if [ -w ${CA_SSL_USER_CONFIG_FILE} ]; then

    echo "linking ${CA_SSL_USER_CONFIG_FILE} to"
    echo "        ${secconfdir}/globus-user-ssl.conf"
    echo
    ${GLOBUS_SH_RM-rm} -f ${secconfdir}/globus-user-ssl.conf
    ${GLOBUS_SH_LN-ln} -s ${CA_SSL_USER_CONFIG_FILE} \
	    	          ${secconfdir}/globus-user-ssl.conf
else
    error CA_SSL_USER_CONFIG_FILE
fi

echo 
echo "...done."
echo
exit 0
