#!/bin/sh

# Copyright  2005 Sun Microsystems, Inc.  All rights reserved.
#
# Sun Microsystems, Inc. has intellectual property rights relating to
# technology embodied in the product that is described in this document.
# In particular, and without limitation, these intellectual property rights
# may include one or more of the U.S. patents listed at
# http://www.sun.com/patents and one or more additional patents or pending
# patent applications in the U.S. and in other countries.
#
# U.S. Government Rights - Commercial software.  Government users are subject
# to the Sun Microsystems, Inc. standard license agreement and applicable
# provisions of the FAR and its supplements.
#
# Use is subject to license terms.
#
# This distribution may include materials developed by third parties.Sun,
# Sun Microsystems and  the Sun logo are trademarks or registered trademarks
# of Sun Microsystems, Inc. in the U.S. and other countries.  
#
# Copyright  2005 Sun Microsystems, Inc. Tous droits rservs.
# Sun Microsystems, Inc. dtient les droits de proprit intellectuels relatifs
#  la technologie incorpore dans le produit qui est dcrit dans ce document.
# En particulier, et ce sans limitation, ces droits de proprit
# intellectuelle peuvent inclure un ou plus des brevets amricains lists
#  l'adresse http://www.sun.com/patents et un ou les brevets supplmentaires
# ou les applications de brevet en attente aux Etats - Unis et dans les
# autres pays.
#
# L'utilisation est soumise aux termes du contrat de licence.
#
# Cette distribution peut comprendre des composants dvelopps par des
# tierces parties.
#
# Sun,  Sun Microsystems et  le logo Sun sont des marques de fabrique ou des
# marques dposes de Sun Microsystems, Inc. aux Etats-Unis et dans
# d'autres pays.

ECHO="/bin/echo -e"
GREP=/bin/grep
SED=/bin/sed
AWK=/bin/awk
CUT=/bin/cut
LS=/bin/ls
MV=/bin/mv
WC=/usr/bin/wc
CP="/bin/cp -p"
RM="/bin/rm -f"
gettext=/usr/bin/gettext

VERSION_FILE=.version
PATCH_ID=120956-03
BKFILESUFFIX=-pre-$PATCH_ID
AM_ETCDIR=/etc/opt/sun/identity
PRODUCT_DIR=identity
CONFIG_DIR=$AM_ETCDIR/config
AMCONFIG=$CONFIG_DIR/AMConfig.properties

############################################################
# get base dir
############################################################
get_base_dir() {
  $MV /tmp/AMConfig.properties $AMCONFIG
  BASEDIR=`$GREP com.iplanet.am.installdir= $AMCONFIG \
    | $SED -e 's/\/identity//g' | $SED -e 's/com.iplanet.am.installdir=//g'`
  INSTALL_DIR=$BASEDIR/$PRODUCT_DIR
}

##############################################################
# replaces a line in the specified file.
##############################################################
replace_line() {
  file=$1
  match=$2
  new=$3

  $CP $file $file-orig-$$
  $SED -e "
/$match/ {
c\\
$new
}" $file > $file-tmp
  $MV $file-tmp $file
  $RM $file-orig-$$
}

##############################################################
# update the version file
##############################################################
updateVersionString() {
  cd $CONFIG_DIR
  if [ ! -f $VERSION_FILE ]; then
    $ECHO "Sun Java System Access Manager 7 2005Q4" > $VERSION_FILE$BKFILESUFFIX
  fi

  HASIT=`$GREP $PATCH_ID $VERSION_FILE | $WC -l | $SED -e 's/ //g'`
  if [ x$HASIT != "x0" ]; then
    return
  fi

  $CP $VERSION_FILE $VERSION_FILE$BKFILESUFFIX
  # insert version number
  $SED -e "s/Manager 2005Q4/Manager 7 2005Q4/g" $VERSION_FILE > $VERSION_FILE.1
  $MV $VERSION_FILE.1 $VERSION_FILE
  $ECHO $PATCH_ID >> $VERSION_FILE
}

##############################################################
# update file AMConfig.properties
##############################################################
updateAMConfig() {
  # add property com.sun.identity.am.cookie.check
  defined=`$GREP com.sun.identity.am.cookie.check $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# Flag to indicate whether server should check for the cookie support / cookie
# enabled in the browser.
# Value "true" will result in server checking for the cookie support / cookie
# enabled in the browser and throwing an error page if the browser does not
# support or has not enabled cookie.
# This value should be set to \"false\" (which is default) if the server is
# expected to support cookieless mode for Authentication functionality.
com.sun.identity.am.cookie.check=COOKIE_CHECK
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.identity.session.property.doNotTrimList $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# This property can contain list of comma separated session property names.
# Once a session is timed out, those properties defined in this list will
# not be trimed off, so that can be accessed before the session is purged.
# Example:
#   com.sun.identity.session.property.doNotTrimList=UserId, HostName
com.sun.identity.session.property.doNotTrimList=
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.identity.federation.spadapter $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# This property is the default implementation of federation service provider
# adapter where the application can get hold of assertion, response information
com.sun.identity.federation.spadapter=com.sun.identity.federation.plugins.FSDefaultSPAdapter
" >> $AMCONFIG
  fi

  defined=`$GREP com.sun.am.event.connection.disable.list $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# The key 'com.sun.am.event.connection.disable.list' specifies which
# event connection to be disabled. There are three valid values - aci, sm
# and um (case insensitive). Multiple values should be separated with \",\".
com.sun.am.event.connection.disable.list=
" >> $AMCONFIG
  fi

  defined=`$GREP com.iplanet.services.cdc.WaitImage.display $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# The property com.iplanet.services.cdc.WaitImage.display
# needs to be set to true to have an image displayed in the
# browser while waiting for the protected page in a
# CDSSO scenario (default is false).
# The three following properties allow to choose the name,
# the width and and the height of the image.
# The default name for the image is waitImage.gif. This image
# image be copied in the login_images directory. The default
# size is 420 x 120.
# These properties will be read by CDCServlet.
com.iplanet.services.cdc.WaitImage.display=false
com.iplanet.services.cdc.WaitImage.name=waitImage.gif
com.iplanet.services.cdc.WaitImage.width=420
com.iplanet.services.cdc.WaitImage.height=120
" >> $AMCONFIG
  fi

  defined=`$GREP com.iplanet.am.session.client.polling.cacheBased $AMCONFIG | \
      wc -l | $SED -e "s/ //g"`
  if [ $defined = "0" ]; then
    $ECHO "
# The key 'com.iplanet.am.session.client.polling.cacheBased' specifies whether
# the session polling is determined by the session caching time. If it is set
# to false or not defined, the session polling would be determined by the
# session idle time.
#com.iplanet.am.session.client.polling.cacheBased=false
" >> $AMCONFIG
  fi
}

##############################################################
# generate XML files for modifying service schema
##############################################################
updateServiceSchema() {
  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>

<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE ServicesConfiguration
    PUBLIC "=//iPlanet//Service Management Services (SMS) 1.0 DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd">

<ServicesConfiguration>
    <Service name="iPlanetAMPolicyService" version="1.0">
        <PluginSchema name="LDAPFilterCondition"
            interfaceName="Condition"
            className="com.sun.identity.policy.plugins.LDAPFilterCondition"
            i18nFileName="amPolicy"
            i18nKey="sun-ldapfilter-condition-name" />
    </Service>
</ServicesConfiguration>
' > $AM_ETCDIR/AddLDAPFilterCondition.xml

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>

<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
    -->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"    "jar://com/iplanet/am/admin/cli/amAdmin.dtd">

<Requests>
    <SchemaRequests serviceName="iPlanetAMPolicyConfigService"
	SchemaType="Organization" i18nKey="">
	<AddChoiceValues>
            <ChoiceValue AttributeName="iplanet-am-policy-selected-conditions" 
                I18NKey="a141fc" value="LDAPFilterCondition" />
	</AddChoiceValues>
    </SchemaRequests>

    <SchemaRequests serviceName="iPlanetAMPolicyConfigService"
	SchemaType="Organization" i18nKey="">
	<AddDefaultValues>
            <AttributeValuePair>
                <Attribute name="iplanet-am-policy-selected-conditions"/>
                <Value>LDAPFilterCondition</Value>
            </AttributeValuePair>
	</AddDefaultValues>
    </SchemaRequests>
</Requests>
' > $AM_ETCDIR/amPolicyConfig_mod_ldfc.xml

  $ECHO "\
    XML file AddLDAPFilterCondition.xml and amPolicyConfig_mod_ldfc.xml
    are generated in $AM_ETCDIR directory. Please run amadmin tool
    to import them. For more details, please check the release notes 
    (120956-03/rel_notes.html#LDAPFilterCondition).
  "

  $ECHO "dn:cn=schema
changetype:modify
add:attributeTypes
attributeTypes: ( 1.3.6.1.4.1.42.2.27.9.1.793 NAME 'sunAMAuthInvalidAttemptsData' DESC 'XML data for Invalid Login Attempts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sun Java System Identity Management' )
-
add:Objectclass
objectClasses: ( 1.3.6.1.4.1.42.2.27.9.2.118 NAME 'sunAMAuthAccountLockout' DESC 'Invalid Login Attempts Object Class' SUP top AUXILIARY MAY ( sunAMAuthInvalidAttemptsData ) X-ORIGIN 'Sun Java System Identity Management' )
" > $AM_ETCDIR/accountLockout.ldif

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>

<Requests>
 <ServiceConfigurationRequests serviceName="DAI">
        <ModifySubConfiguration
            operation="add"
            subConfigName="/templates/CreationTemplates/BasicUser">
            <AttributeValuePair> <Attribute name="required" />
                <Value>objectClass=sunAMAuthAccountLockout</Value>
            </AttributeValuePair>
        </ModifySubConfiguration>
 </ServiceConfigurationRequests>

 <SchemaRequests serviceName="sunIdentityRepositoryService"
                SchemaType="Organization" SubSchema="LDAPv3" >
    <AddDefaultValues>
       <AttributeValuePair>
               <Attribute name="sun-idrepo-ldapv3-config-user-objectclass"/>
               <Value>sunAMAuthAccountLockout</Value>
         </AttributeValuePair>
         <AttributeValuePair>
               <Attribute name="sun-idrepo-ldapv3-config-user-attributes"/>
               <Value>sunAMAuthInvalidAttemptsData</Value>
         </AttributeValuePair>
     </AddDefaultValues>
 </SchemaRequests>

 <SchemaRequests serviceName="iPlanetAMAuthService"
                SchemaType="Organization" >
   <AddAttributeSchema fileName="\c'> $AM_ETCDIR/accountLockoutData.xml
  $ECHO "$AM_ETCDIR\c" >> $AM_ETCDIR/accountLockoutData.xml
  $ECHO '/accountLockoutAuthServiceSchema.xml" />
 </SchemaRequests>

</Requests>
' >> $AM_ETCDIR/accountLockoutData.xml

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd"
>

<Requests>
                 <AttributeSchema name="sunStoreInvalidAttemptsInDS"
                     type="single"
                     syntax="boolean"
                     i18nKey="a144">
                     <DefaultValues>
                         <Value>true</Value>
                     </DefaultValues>
                 </AttributeSchema>
</Requests>
' > $AM_ETCDIR/accountLockoutAuthServiceSchema.xml 

  $ECHO "\
    LDIF file accountLockout.ldif and XML file accountLockoutData.xml
    are generated in $AM_ETCDIR directory. Please run ldapmodify 
    to load the ldif file and amadmin to import the xml file.
    For more details, please check the release notes
    (120956-03/rel_notes.html#accountlockout).
  "

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/sun/identity/sm/sms.dtd"
>

<Requests>

	          <AttributeSchema name="sun-idrepo-ldapv3-config-cache-enabled"
		    type="single"
                    syntax="boolean"
                       i18nKey="a2048">
                       <DefaultValues>
                           <Value>true</Value>
                       </DefaultValues>
                   </AttributeSchema>

                   <AttributeSchema name="sun-idrepo-ldapv3-config-cache-ttl"
                       type="single"
                       syntax="number_range"
                       rangeStart="1" rangeEnd="2147483647"
                       i18nKey="a2049">
                       <DefaultValues>
                           <Value>600</Value>
                       </DefaultValues>
                   </AttributeSchema>

                   <AttributeSchema name="sun-idrepo-ldapv3-config-cache-size"
                       type="single"
                       syntax="number_range"
                       rangeStart="1" rangeEnd="2147483647"
                       i18nKey="a2050">
                       <DefaultValues>
                           <Value>10240</Value>
                       </DefaultValues>
                   </AttributeSchema>

</Requests>
' > $AM_ETCDIR/idRepoServiceAddAttrRequest_Cache.xml

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>
<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>

<!--  MODIFY REQUESTS -->

<Requests>
<SchemaRequests serviceName="sunIdentityRepositoryService"
                SchemaType="Organization"
                SubSchema="LDAPv3">
   <AddAttributeSchema fileName="\c' > $AM_ETCDIR/idRepoServiceAddAttrSchemaRequest_Cache.xml
  $ECHO "$AM_ETCDIR\c" >> $AM_ETCDIR/idRepoServiceAddAttrSchemaRequest_Cache.xml
  $ECHO '/idRepoServiceAddAttrRequest_Cache.xml" />
</SchemaRequests>
</Requests>
' >> $AM_ETCDIR/idRepoServiceAddAttrSchemaRequest_Cache.xml

  $ECHO "\
    XML file idRepoServiceAddAttrSchemaRequest_Cache.xml is generated
    $AM_ETCDIR directory. Please run amadmin tool to import them. For
    more details, please check the release notes 
    (120956-03/rel_notes.html#idRepoService).
  "

  $ECHO '<?xml version="1.0" encoding="ISO-8859-1"?>

<!--
    Copyright (c) 2005 Sun Microsystems, Inc. All rights reserved
    Use is subject to license terms.
-->

<!DOCTYPE Requests
    PUBLIC "-//iPlanet//Sun Java System Access Manager 2005Q4 Admin CLI DTD//EN"
    "jar://com/iplanet/am/admin/cli/amAdmin.dtd"
>

<Requests>
    <SchemaRequests serviceName="sunIdentityServerSOAPBinding"
	SchemaType="Global">
	<AddChoiceValues>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10513" value="urn:liberty:security:2005-02:null:X509"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10514" value="urn:liberty:security:2005-02:TLS:X509"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10515" value="urn:liberty:security:2005-02:ClientTLS:X509"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10516" value="urn:liberty:security:2005-02:null:SAML"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10517" value="urn:liberty:security:2005-02:TLS:SAML"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10518" value="urn:liberty:security:2005-02:ClientTLS:SAML"/>
	    <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10519" value="urn:liberty:security:2005-02:null:Bearer"/>
            <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10520" value="urn:liberty:security:2005-02:TLS:Bearer"/>
            <ChoiceValue AttributeName="SupportedAuthenticationMechanisms" I18NKey="a10521" value="urn:liberty:security:2005-02:ClientTLS:Bearer"/>
	</AddChoiceValues>
    </SchemaRequests>
    <SchemaRequests serviceName="sunIdentityServerSOAPBinding"
	SchemaType="Global">
	<AddDefaultValues>
	    <AttributeValuePair>
		<Attribute name="SupportedAuthenticationMechanisms"/>
                <Value>urn:liberty:security:2005-02:null:X509</Value>
                <Value>urn:liberty:security:2005-02:TLS:X509</Value>
                <Value>urn:liberty:security:2005-02:ClientTLS:X509</Value>
                <Value>urn:liberty:security:2005-02:null:SAML</Value>
                <Value>urn:liberty:security:2005-02:TLS:SAML</Value>
                <Value>urn:liberty:security:2005-02:ClientTLS:SAML</Value>
                <Value>urn:liberty:security:2005-02:null:Bearer</Value>
                <Value>urn:liberty:security:2005-02:TLS:Bearer</Value>
                <Value>urn:liberty:security:2005-02:ClientTLS:Bearer</Value>
	    </AttributeValuePair>
	</AddDefaultValues>
    </SchemaRequests>
    <SchemaRequests serviceName="sunIdentityServerDiscoveryService"
        SchemaType="Global">
        <AddChoiceValues>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:null:X509"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:null:SAML"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:null:Bearer"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:TLS:X509"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:TLS:SAML"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:TLS:Bearer"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:ClientTLS:X509"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:ClientTLS:SAML"/>
            <ChoiceValue
                AttributeName="sunIdentityServerDiscoSupportedAuthnMechs"
                I18NKey=""
                value="urn:liberty:security:2005-02:ClientTLS:Bearer"/>
        </AddChoiceValues>
    </SchemaRequests>

    <SchemaRequests serviceName="sunIdentityServerDiscoveryService"
        SchemaType="Global">
        <AddDefaultValues>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:null:X509</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:null:SAML</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:null:Bearer</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:TLS:X509</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:TLS:SAML</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:TLS:Bearer</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:ClientTLS:X509</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:ClientTLS:SAML</Value>
            </AttributeValuePair>
            <AttributeValuePair>
                <Attribute name="sunIdentityServerDiscoSupportedAuthnMechs"/>
                <Value>urn:liberty:security:2005-02:ClientTLS:Bearer</Value>
            </AttributeValuePair>
        </AddDefaultValues>
    </SchemaRequests>
</Requests> 
' >> $AM_ETCDIR/wsf1.1_upgrade.xml

  $ECHO "\
    XML file wsf1.1_upgrade.xml is generated in $AM_ETCDIR directory. 
    Please run amadmin tool to import it. For more details, please
    check the release notes (120956-03/rel_notes.html#wsf1.1).
  "
}

##############################################################
# main processing
##############################################################
CURRENTDIR=`pwd`
get_base_dir
updateVersionString

# generate the silent file and print the redeployment instructions
cd $CURRENTDIR/scripts
if [ -f getSilentFile ]; then
  . getSilentFile
else
  $ECHO "`$gettext 'ERROR: Script getSilentFile is missing, amsilent file for AM application redeployment fails to create!'`"
fi

updateAMConfig
updateServiceSchema
