#!/bin/sh
#
# initpart - create a partition for a user using their corresponding 
#            certificate and place the user in that partition
#
HERE=`pwd`
BIN=`dirname $0`

DONT=0
if [ "$1" = "-n" ]; then
  DONT=1
  shift
fi

cd $BIN

if [ -d db ]; then 
  DB=db
  else if [ -d ../db ]; then 
    DB=../db
  fi
fi

if [ -z "$INITPART_DIR" ]; then
  INITPART_DIR="$DB/data"
fi

TOP=`dirname $DB`

FILES=
for i 
do
  case $i in
    *crt|*pem|*PEM) FORMAT="";;
    *) FORMAT="-inform der";;
  esac
  THE_USER=`openssl x509 $FORMAT -in $i -subject -noout -nameopt multiline |sed -e 's/\r//g' | grep commonName  | awk -F= '{print $2}' | awk '{print $1}'`
  THE_CERT=`openssl x509 $FORMAT -in $i -outform d | openssl base64 -a -e |sed -e 's/\r//g' | awk '{printf("%s",$1)}'`

  cat > $INITPART_DIR/part-$THE_USER.json <<EOF
{
  "defaults" : {
    "part": "$THE_USER"
  },
  "part": [
	{"name": "$THE_USER"}
  ],
  "grp": [
    { "name": "default object group" },
    { "name": "default admin group" },
    { "name": "default user group" },
    { "name": "default", "properties": "fresh_auto" },
  ],
  "priv": [
    { "source": "default user group", "target": "default object group", "privs": [
      "Operation_Create",
      "Operation_CreateKeyPair",
      "Operation_Register",
      "Operation_ReKey",
      "Operation_DeriveKey",
      "Operation_Certify",
      "Operation_ReCertify",
      "Operation_Locate",
      "Operation_Check",
      "Operation_Get",
      "Operation_GetAttributes",
      "Operation_GetAttributeList",
      "Operation_AddAttribute",
      "Operation_ModifyAttribute",
      "Operation_DeleteAttribute",
      "Operation_ObtainLease",
      "Operation_GetUsageAllocation",
      "Operation_Activate",
      "Operation_Revoke",
      "Operation_Destroy",
      "Operation_Archive",
      "Operation_Recover",
      "Operation_Validate",
      "Operation_ReKeyKeyPair",
      "Operation_SQLSelect",
      "Group_InsertObject",
      "Group_DeleteObject",
      "Wrap",
      "Operation_CreateSplitKey",
      "Operation_JoinSplitKey",
      "Operation_Encrypt",
      "Operation_Decrypt",
      "Operation_Sign",
      "Operation_SignatureVerify",
      "Operation_MAC",
      "Operation_MACVerify"
    ]},
    { "source": "default user group", "target": "default user group", "privs": [
      "Operation_Cancel",
      "Operation_Poll",
      "Operation_SQLSelect_Script",
      "Operation_RNGRetrieve",
      "Operation_RNGSeed",
      "Operation_Hash"
    ]}
  ],
  "usr": [
    {"username": "$THE_USER", "cert": "$THE_CERT", "member_of": ["default user group"] },
  ]
  "grplink": [
    { "type": "grp", "name": "default", "member_of": ["default object group"]},
  ]
}
EOF
  FILES="$FILES $INITPART_DIR/part-$THE_USER.json"
done

LOAD=
for i in $FILES
do
  LOAD="$LOAD load=$i"
done

# 
# load in the newly created file for this user and ensure that the
# DB log is on so that we will see any failure details in terms of
# unique key constraints (e.g. attempts to use the same certificate for
# more than one user)
#
if [ -z "$DBLOG" ]; then
  DBLOG="true"
fi
if [ "$DONT" = "1" ]; then
  echo ./run k_db db.log=$DBLOG top=$TOP $LOAD
else
  exec ./run k_db db.log=$DBLOG top=$TOP $LOAD
fi