#!/sbin/sh
#
# Copyright 2005 Sun Microsystems, Inc.  All rights reserved.
# Use is subject to license terms.
#
#ident	"@(#)initspm	1.12	05/05/03 SMI"

APACHE_HOME=/opt/SUNWscvw
CONF_FILE=/opt/SUNWscvw/conf/httpd.conf
PIDFILE=/var/cluster/spm/httpd.pid
HTTPD=/usr/apache/bin/httpd
PKGSSL=/opt/SUNWscvw/conf/ssl
OPENSSL=/opt/SUNWscva/bin/openssl
PERL=/usr/perl5/bin/perl
PERLINC=/opt/SUNWscvw/lib/perl

HOSTNAME=`hostname`
ROOTCERT=${PKGSSL}/sun-ca.crt
SERVER_SIGN_CONF=${PKGSSL}/server-sign.conf
RANDFILE=${PKGSSL}/random-bits; export RANDFILE
SERVER_REQUEST_CONF=${PKGSSL}/server-request.conf
PASSWORD=sPm30c9o # Must match server-request.conf
LOGFILE=/var/cluster/spm/messages

#
# Generate the serial number
#
generate_serial_number() {
	SER=`${PERL} -e 'srand(time()^($$+($$<<15))); print int(rand 64000) + 1;'`
	NUMCHAR=`echo ${SER} | wc -m`
	ODDCHAR=`echo "(${NUMCHAR} - 1) % 2" | bc`
	if [ ${ODDCHAR} = 1 ]
	then
		echo "0${SER}"
	else
		echo $SER
	fi
}
	
#
# Reset the SSL key files
#
do_ssl_reset()
{
	hname=$1
	SERVER_KEY=${PKGSSL}/${HOSTNAME}.key
	SERVER_REQUEST=${PKGSSL}/${HOSTNAME}.csr
	SERVER_CERT=${PKGSSL}/${HOSTNAME}.crt

	if [ $hname = "" -o ! -f $SERVER_REQUEST_CONF ]
	then
		return 1
	fi

	src_conf_save=$SERVER_REQUEST_CONF.save

	# Reset the server request conf file
	tmp_conf_src=$SERVER_REQUEST_CONF.$$
	rm -f $tmp_conf_src 2>/dev/null
	sed -e "s/$hname/${HOSTNAME}/g" < $SERVER_REQUEST_CONF > $tmp_conf_src

	# save the old conf file
	mv $SERVER_REQUEST_CONF $SERVER_REQUEST_CONF.save 2>/dev/null
	if [ $? -ne 0 ]
	then
		return 1
	fi
	mv $tmp_conf_src $SERVER_REQUEST_CONF 2>/dev/null
	if [ $? -ne 0 ]
	then
		# Restore the conf file
		mv $SERVER_REQUEST_CONF.save $SERVER_REQUEST_CONF 2>/dev/null
		rm -f $tmp_conf_src 2>/dev/null
		return 1
	fi

	# Generate the server key
	${OPENSSL} genrsa -out ${SERVER_KEY} 1024 >> ${LOGFILE} 2>&1
	if [ $? -ne 0 ]
	then
		mv $SERVER_REQUEST_CONF.save $SERVER_REQUEST_CONF 2>/dev/null
		return 1
	fi

	# Generate the certificate request
	${OPENSSL} req -new -config ${SERVER_REQUEST_CONF} \
	    -key ${SERVER_KEY} -out ${SERVER_REQUEST} >> ${LOGFILE} 2>&1
	if [ $? -ne 0 ]
	then
		mv $SERVER_REQUEST_CONF.save $SERVER_REQUEST_CONF 2>/dev/null
		return 1
	fi

	# Prepare to sign the certificate request
	RANDVAL=`generate_serial_number`
	mkdir -p ${PKGSSL}/ca.db.certs
	rm -f ${PKGSSL}/ca.db.serial 2>/dev/null
	echo ${RANDVAL} > ${PKGSSL}/ca.db.serial
	touch $PKGSSL/ca.db.index

	# Sign the certificate
	${OPENSSL} ca -config ${SERVER_SIGN_CONF} -key ${PASSWORD} \
	    -out ${SERVER_CERT} -batch -infiles ${SERVER_REQUEST} \
	    >> ${LOGFILE} 2>&1
	if [ $? -ne 0 ]
	then
		mv $SERVER_REQUEST_CONF.save $SERVER_REQUEST_CONF 2>/dev/null
		return 1
	fi

	# Remove the support directories
	rm -rf $PKGSSL/ca.db.*

	# Verify the server certificate
	${OPENSSL} verify -CAfile ${ROOTCERT} ${SERVER_CERT} >> ${LOGFILE} 2>&1
	if [ $? -ne 0 ]
	then
		mv $SERVER_REQUEST_CONF.save $SERVER_REQUEST_CONF 2>/dev/null
		return 1
	fi

	# Remove temp files
	rm -f $SERVER_REQUEST_CONF.save 2>/dev/null
	rm -f ${PKGSSL}/${hname}.key 2>/dev/null
	rm -f ${PKGSSL}/${hname}.csr 2>/dev/null
	rm -f ${PKGSSL}/${hname}.crt 2>/dev/null

	return 0
}

# Check to see if the Apache binary is there
if [ ! -f ${HTTPD} ]; then
	echo "NOTICE: To finish installing the SunPlex Installer, you must install the SUNWapchr and SUNWapchu Solaris packages and any associated patches. Then run '/etc/init.d/initspm start' to start the server."
	exit 0
fi

if [ ! -f ${CONF_FILE} ]; then
	exit 0
fi

case "$1" in
start)
	/bin/rm -f ${PIDFILE}
	cmd="startssl"
	;;
restart)
	cmd="restart"
	;;
stop)
	cmd="stop"
	;;
*)
	echo "Usage: $0 {start|stop|restart}"
	exit 1
	;;
esac

if [ "$1" = "start" -o "$1" = "restart" ]
then
	# Set hostname
	temp=`${PERL} -I${PERLINC} -e "use Net::Domain qw(hostfqdn); print hostfqdn();"`
	if [ "$temp" != "" ]
	then
		HOSTNAME=${temp}
	fi

	hname=`grep '^ServerName ' $CONF_FILE 2>/dev/null | nawk '{print $2}'`
	hname=`echo $hname | nawk '{print $1}'`
	if [ "$hname" != "" -a "$hname" != "$HOSTNAME" ]
	then
		# Reset the httpd conf file
		tmp_conf=$CONF_FILE.$$
		rm -f $tmp_conf 2>/dev/null
		sed -e "s/$hname/${HOSTNAME}/g" < $CONF_FILE > $tmp_conf

		# Reset the SSL files
		do_ssl_reset $hname
		if [ $? -eq 0 ]
		then
			mv $tmp_conf $CONF_FILE
		else
			rm -f $tmp_conf 2>/dev/null
			echo "Cannot reset the server configuration files. Please check $CONF_FILE for any mis-configuration, and then run '/etc/init.d/initspm start' to start the server."
			exit 1 
		fi	

	fi
fi

status=`${APACHE_HOME}/bin/apachectl $cmd 2>&1`

if [ $? != 0 ]; then
	echo "$status"
	exit 1
fi
exit 0
