#!/sbin/openrc-run

extra_commands="check add_hostkey check_verbose update_checksum"

CHECKSUM_FILE=${CHECKSUM_FILE:-/var/lib/calculate/access_checksum}

depend()
{
        need net
	keyword -timeout
}

ask_keystore() {
	if [[ $1 =~ : ]]
	then
		host=${1/:*/}
		port=${1/*:/}
	else
		host=$1
		port=22
	fi
	if [[ $host =~ @ ]]
	then
		user=${host/@*/}
		host=${host/*@/}
	else
		user=access
	fi
	what=$2
	strict=${3:-yes}
	/usr/bin/ssh -o KbdInteractiveAuthentication=no \
		-o ControlPath=none \
		-o ControlMaster=no \
		-o ConnectTimeout=${CONNECT_TIMEOUT:-20} \
		-o StrictHostKeyChecking=${strict} \
		-o PasswordAuthentication=no \
		-o BatchMode=yes \
		-o PreferredAuthentications=publickey \
		-p $port -T \
		-i ${KEYFILE:-/var/lib/calculate/access_key} \
		$user@$host $what
}

add_hostkey() {
	for host in ${ACCESSHOST:-access}
	do
		ask_keystore $host "" no 2>&1 | grep -oP "Permanently added.*"
	done
}

check() {
	for host in ${ACCESSHOST:-access}
	do
		ebegin "Host: $host"
		(ask_keystore $host access | tar tjf -) 2>&1 | grep -q ^start
		eend $?
	done
}

update_host_checksum() {
	SHA512=$(ask_keystore $host access 2>/dev/null |
		tar xjOf - start 2>/dev/null |
		sha512sum | awk '{print $1}';exit ${PIPESTATUS[1]})
	if [[ $? -ne 0 ]]
	then
		return 1
	fi
	sed -i "s/$host .*/$host $SHA512/" $CHECKSUM_FILE &>/dev/null || echo $host $SHA512 >>$CHECKSUM_FILE
	return 0
}

wordremove() {
	local word=$1;
	sed -r "s/(^$word ?|$word | ?$word\$)//g";
}

check_host_data() {
	host=$1
	file=$2
	sum=$(sha512sum $file | awk '{print $1}')
	if ! grep -q "$host $sum" $CHECKSUM_FILE &>/dev/null
	then
		if grep -q "$host " $CHECKSUM_FILE &>/dev/null
		then
			ACCESSHOST=$(echo ${ACCESSHOST} | wordremove $host)
			eerror "Wrong checksum"
			return 1
		fi
		echo $host $sum >>$CHECKSUM_FILE
	fi
	return 0
}

update_checksum() {
	#rm -f /var/lib/calculate/access_checksum
	for host in ${ACCESSHOST:-access}
	do
		ebegin "Host: $host"
		update_host_checksum $host
		eend $?
	done
}

check_verbose() {
	for host in ${ACCESSHOST:-access}
	do
		ebegin "Host: $host"
		(ask_keystore $host access | tar tjf -) 2>&1
		eend $?
	done
}

try_access() {
	for host in ${ACCESSHOST:-access}
	do
		echo "Host: $host"
		ask_keystore $host access | tar xjf - -C /dev/shm/access 2>/dev/null
		if [[ ${PIPESTATUS[0]} -eq 0 ]]
		then
			if check_host_data $host /dev/shm/access/start
			then
				return 0
			fi
		fi
	done
	return 1
}

start() {
	ebegin "Starting access" 
	if [[ -d /dev/shm/access ]]
	then
		rm -rf /dev/shm/access
	fi
	mkdir /dev/shm/access
	local try=${RETRY:-6}
	local stopfile=/run/stop_access
	local res=1
	while ! [[ -f $stopfile ]] &&  [[ $try -ne 0 ]]
	do
		
		if try_access
		then
			chmod 0700 /dev/shm/access
			/bin/bash /dev/shm/access/start
			res=$?
			rm -rf /dev/shm/access/start /dev/shm/access/[0-9]*
			break
		else
			res=1
		fi
		if [[ $try -gt 0 ]]
		then
			try=$(( $try - 1 ))
		fi
	done
	rm -f $stopfile
	eend $res "Failed to start access" 
}

stop() {
	ebegin "Stopping access" 
	if [[ -f /dev/shm/access/stop ]]
	then
		/bin/bash /dev/shm/access/stop
	fi
	rm -rf /dev/shm/access
	eend 0 "Failed to stop access" 
}
