#!/bin/ksh

###############################################
# Sourcing macros
###############################################
DIRNAME=/usr/bin/dirname
. `$DIRNAME $0`/../lib/psmacros

###############################################
# Defines
###############################################

BELL_CHAR='\a'

STATE_FILE="$PS_CONFIG_DIR/PSConfig.properties"
LOG_FILE="$IDSAME_VAR_DIR/debug/isconfig.log"
SERVICE_DIR="$PS_VAR_DIR/tmp/service"
REQUEST_DIR="$PS_VAR_DIR/tmp/request"
RESBUNDLE_DIR="$PS_VAR_DIR/tmp/locale"


###############################################
# Get configuration from file
###############################################
GrabConfig() {
  local FILE=$1
  local KEY=$2
  local SEPARATOR=$3

  ANSWER=`$GREP "^$KEY$SEPARATOR" $FILE | $UNIQ | $SED -e "s/$KEY$SEPARATOR//"` 
}

###############################################
# Main
###############################################

if [ `$ID | $NAWK '{print $1}'` != "uid=0(root)" ]; then
  $ECHO "You must be root user. $BELL_CHAR"
  exit 1
fi

if [ ! -f $STATE_FILE ]; then
  $ECHO "Error: $STATE_FILE does not exist. $BELL_CHAR"
  exit 1
fi

GrabConfig $STATE_FILE "IDSAME_BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "BASEDIR" "="
if [ "$ANSWER" != "" ]; then
  PS_BASEDIR=$ANSWER
else
  $ECHO "Error: Cannot determine BASEDIR. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_HOST" "="
if [ "$ANSWER" != "" ]; then
  DS_HOST=$ANSWER
else
  $ECHO "Error: Cannot determine DS_HOST. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_PORT" "="
if [ "$ANSWER" != "" ]; then
  DS_PORT=$ANSWER
else
  $ECHO "Error: Cannot determine DS_PORT. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DS_DIRMGR_DN" "="
if [ "$ANSWER" != "" ]; then
  DS_DIRMGR_DN=$ANSWER
else
  $ECHO "Error: Cannot determine DS_DIRMGR_DN. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "DEPLOY_URI" "="
if [ "$ANSWER" != "" ]; then
  DEPLOY_URI=$ANSWER
else
  $ECHO "Error: Cannot determine DEPLOY_URI. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "IDSAME_AMCONSOLE" "="
if [ "$ANSWER" != "" ]; then
  IDSAME_AMCONSOLE=$ANSWER
else
  $ECHO "Error: Cannot determine IDSAME_AMCONSOLE. $BELL_CHAR"
  exit 1
fi
GrabConfig $STATE_FILE "LOAD_BALANCER_URL" "="
if [ "$ANSWER" != "" ]; then
LOGIN_URL=$ANSWER
else
  $ECHO "Error: Cannot determine Portal URL. $BELL_CHAR"
  exit 1
fi

# Identity server user naming attribute.
IS_CONFIG_FILE="$IDSAME_CONFIG_DIR/config/AMConfig.properties"
GrabConfig $IS_CONFIG_FILE "com.sun.identity.authentication.super.user" "="
if [ "$ANSWER" != "" ]; then
USER_NAMING_ATTR=`$ECHO $ANSWER | $CUT -f1 -d =`
else
$ECHO "Error: Cannot determine IDSAME_USER_NAMING. $BELL_CHAR"
exit 1
fi

FILE="$IDSAME_CONFIG_DIR/config/AMConfig.properties"
ADMIN_DN=`$GREP "^com.sun.identity.authentication.super.user=" $FILE | $SED -e "s/com.sun.identity.authentication.super.user=//"`
ROOT_DN=`$GREP "^com.iplanet.am.rootsuffix=" $FILE | $SED -e "s/com.iplanet.am.rootsuffix=//"`
ORG_DN=`$GREP "^com.iplanet.am.defaultOrg=" $FILE | $SED -e "s/com.iplanet.am.defaultOrg=//"`
LOGIN_URL="$LOGIN_URL/dt"
if [ "$ORG_DN" != "$ROOT_DN" ]; then
  ORG_DN="$ORG_DN,$ROOT_DN"
fi

AMADMIN="$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/bin/amadmin"
FILE="/tmp/scrubds.xml"

$CAT > $FILE << EOF
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE Requests PUBLIC "-//iPlanet//iDSAME 5.0 Admin CLI DTD//EN" "file:$IDSAME_BASEDIR/$IDSAME_PRODUCT_DIR/dtd/amAdmin.dtd">

<!-- Cleaning iplanet-am-auth-login-success-url from iPlanetAMAuthService template... -->
<!--Cleaning iplanet-am-required-services from iPlanetAMAdminConsoleService template... -->
<Requests>
 <OrganizationRequests DN="$ORG_DN">
    <RemoveServiceTemplateAttributeValues serviceName="iPlanetAMAuthService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-auth-login-success-url"/>
        <Value>$LOGIN_URL</Value>
      </AttributeValuePair>
    </RemoveServiceTemplateAttributeValues>
      </OrganizationRequests>
      <OrganizationRequests DN="$ORG_DN">
      <AddServiceTemplateAttributeValues serviceName="iPlanetAMAuthService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-auth-login-success-url"/>
        <Value>%protocol://%host:%port$IDSAME_AMCONSOLE</Value>
      </AttributeValuePair>
    </AddServiceTemplateAttributeValues>
      </OrganizationRequests>
      <OrganizationRequests DN="$ORG_DN">
    <RemoveServiceTemplateAttributeValues serviceName="iPlanetAMAdminConsoleService" schemaType="Organization">
      <AttributeValuePair>
        <Attribute name="iplanet-am-required-services"/>
        <Value>SunPortalDesktopService</Value>
        <Value>SunPortalSubscriptionsService</Value>
        <Value>SunPortalNetmailService</Value>
        <Value>SunSSOAdapterService</Value>
      </AttributeValuePair>
    </RemoveServiceTemplateAttributeValues>
  </OrganizationRequests>

<!--Deleting attributes added to iPlanetAMAdminConsoleService ServiceSchema... -->
  <SchemaRequests serviceName="iPlanetAMAdminConsoleService" SchemaType="Global">
    <RemovePartialDefaultValues>
      <AttributeValuePair>
        <Attribute name="iplanet-am-console-service-view-bean"/>
        <Value>SunPortalDesktopService|/portal/dtadmin/DesktopAdminUserProfile</Value>
      </AttributeValuePair>
    </RemovePartialDefaultValues>
  </SchemaRequests>
  <SchemaRequests serviceName="iPlanetAMAdminConsoleService" SchemaType="Organization">
    <RemovePartialDefaultValues>
      <AttributeValuePair>
        <Attribute name="iplanet-am-admin-console-online-help"/>
        <Value>Portal Help|ps/pshelp.htm|psDesktop|%DYNAMIC_URI%</Value>
      </AttributeValuePair>
      <AttributeValuePair>
        <Attribute name="iplanet-am-admin-console-online-help"/>
        <Value>SSOAdapter_Help|ps/ssoadapterhelp.html|ssoAdapterService|%DYNAMIC_URI%</Value>
      </AttributeValuePair>
    </RemovePartialDefaultValues>
  </SchemaRequests>

<!-- Deleting desktop policy... -->
  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Desktop" />
    </DeletePolicy>
  </OrganizationRequests>

<!-- Unregistering SunPortalDesktopService... -->
  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalDesktopService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>

<!-- Deleting netmail policy... -->
  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Netmail" />
    </DeletePolicy>
  </OrganizationRequests>


<!-- Unregistering SunPortalNetMailService... -->

  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalNetMailService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>

<!-- Deleting Subscriptions policy... -->

  <OrganizationRequests DN="$ORG_DN">
    <DeletePolicy deleteDN="$ORG_DN">
      <PolicyName name="Ability to execute Portal Server Subscriptions" />
    </DeletePolicy>
  </OrganizationRequests>


<!-- Unregistering SunPortalSubscriptionsService... -->

  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalSubscriptionsService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>



<!-- Unregistering SunSSOAdapterService... -->

  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunSSOAdapterService</Service_Name>
    </UnregisterServices>
  </OrganizationRequests>


<!-- Unregistering SunPortalWSRPConsumerService... -->

  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalWSRPConsumerService</Service_Name>
    </UnregisterServices>
            <DeletePolicy deleteDN="$ORG_DN">
            <PolicyName name="Ability to execute Portal Server WSRP Consumer"/>
        </DeletePolicy>
  </OrganizationRequests>

<!--Unregistering SunPortalWSRPProducerService... -->

  <OrganizationRequests DN="$ORG_DN">
    <UnregisterServices>
      <Service_Name>SunPortalWSRPProducerService</Service_Name>
    </UnregisterServices>
      </OrganizationRequests>


<!--Unregistering iPlanetAMAuthMembershipService... -->

    <OrganizationRequests DN="$ORG_DN">
        <UnregisterServices>
            <Service_Name>iPlanetAMAuthMembershipService</Service_Name>
        </UnregisterServices>
    </OrganizationRequests>

<!-- Unregistering iPlanetAMUserService... -->

<OrganizationRequests DN="$ORG_DN">
        <UnregisterServices>
            <Service_Name>iPlanetAMUserService</Service_Name>
        </UnregisterServices>
    </OrganizationRequests>


<!-- Unregistering iPlanetAMAuthConfiguration... -->
<OrganizationRequests DN="$ORG_DN">
        <UnregisterServices>
            <Service_Name>iPlanetAMAuthConfiguration</Service_Name>
        </UnregisterServices>
</OrganizationRequests>

<!-- Resetting the Core Service to its Original state -->
<OrganizationRequests DN="$ORG_DN">
    <AddServiceTemplateAttributeValues serviceName="iPlanetAMAuthService" schemaType="Organization">
      <AttributeValuePair>
	<Attribute name="iplanet-am-auth-allowed-modules"/>
	<Value>LDAP</Value>
      </AttributeValuePair>
    </AddServiceTemplateAttributeValues>
</OrganizationRequests>

<!-- Unassigning Deny Write Access Role for the User Default -->
 <RoleRequests DN="cn=Deny Write Access,$ORG_DN">
    <RemoveUsers>
      <DN>$USER_NAMING_ATTR=default,ou=People,ou=default,ou=WSRPProducers,$ORG_DN</DN>
    </RemoveUsers>
  </RoleRequests>
</Requests>
EOF

$AMADMIN --runasdn "$ADMIN_DN" --password "${IDSAME_ADMIN_PASSWORD}" --verbose --continue --data $FILE  >> ${LOG_FILE}

$ECHO "Deleting services..."
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalDesktopService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalRewriterService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalSearchService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalNetmailService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalSubscriptionsService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunSSOAdapterService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalWSRPConsumerService >> ${LOG_FILE}
$AMADMIN -u "$ADMIN_DN" -w "${IDSAME_ADMIN_PASSWORD}" -r SunPortalWSRPProducerService >> ${LOG_FILE}

$RM -f $FILE

#Remove the Service/Request and locale dir in /var/opt/SUNWps/tmp

$RM -rf $SERVICE_DIR
$RM -rf $REQUEST_DIR
$RM -rf $RESBUNDLE_DIR

exit 0
