#!/bin/bash

set -e
DEBUG=
SILENT="-s"
QUIET="-q"
for param in "$@" ; do
  if [ $param ] ; then
    case $param in
	    debug )
		    DEBUG="debug" ;;
      permission=* )
        NEW_PERMS=${param#*=} ;;
      help | -h | --help )
        echo "koji-add-user.sh <user> [permission=<permission> | debug]" ;;
      * )
        NEW_USER=$param ;;
    esac
  else
	  break
  fi
done

if [ $DEBUG ] ; then
    set -xe
    SILENT=
    QUIET="-v"
fi

# load required parameters
SCRIPT_DIR="$(echo ~)/bin"
if [ ! -f "$SCRIPT_DIR"/koji-parameters.sh ] ; then
    echo "$SCRIPT_DIR/koji-parameters.sh NOT found - aborting"
    exit 1
fi
source "$SCRIPT_DIR"/koji-parameters.sh
KOJI_HUB_FQDN="$(hostname -f)"

# pull down any required scripts
if [ ! -d $SCRIPT_DIR ] ; then mkdir -p $SCRIPT_DIR ; fi
if [ ! -f $SCRIPT_DIR/koji-gencert.sh ] ; then
    curl $SILENT $SCRIPT_GIT/koji-gencert.sh > $SCRIPT_DIR/koji-gencert.sh
    chmod o+x $SCRIPT_DIR/koji-gencert.sh
fi

# Add the new user into the database
sudo -u kojiadmin koji add-user "$NEW_USER"
if [ $NEW_PERMS ] ; then
    sudo -u kojiadmin koji grant-permission --new $NEW_PERMS $NEW_USER
fi
# Generate a certificate for the user
pushd "$KOJI_PKI_DIR"
$SCRIPT_DIR/koji-gencert.sh "$NEW_USER" "/C=$COUNTRY_CODE/ST=$STATE/L=$LOCATION/O=$ORGANIZATION/CN=$NEW_USER"
popd

# crete a bundle (tarball) for deployment to the user
if [[ ! -d $KOJI_PKI_DIR/bundle ]] ; then
    mkdir -p $KOJI_PKI_DIR/bundle
fi

WORK_DIR=`mktemp -p /tmp -d $NEW_USER-XXXXXXXX`
# check if tmp dir was created
if [[ ! "$WORK_DIR" || ! -d "$WORK_DIR" ]]; then
  echo "Could not create temp dir"
  exit 1
fi

# function to delete the temp directory
function cleanup {      
  rm -rf "$WORK_DIR"
}

# register the cleanup function to be called on the EXIT signal
trap cleanup EXIT

pushd $WORK_DIR
mkdir -p .koji
cp $KOJI_PKI_DIR/$NEW_USER.pem  $WORK_DIR/.koji/koji_$NEW_USER.pem
cp $KOJI_PKI_DIR/koji_ca_bundle.pem $WORK_DIR/.koji/koji_ca_bundle.pem
cp $KOJI_PKI_DIR/certs/"$NEW_USER"_browser_cert.p12 $WORK_DIR/.koji/koji_"$NEW_USER"_browser_cert.p12
cat > $WORK_DIR/.koji/config <<- EOT
[koji]
server = $KOJI_URL/kojihub
weburl = $KOJI_URL/koji
topurl = $KOJI_URL/kojifiles
topdir = $KOJI_DIR
cert = ~/.koji/koji_$NEW_USER.pem
serverca = ~/.koji/koji_ca_bundle.pem
anon_retry = true
authtype = ssl
EOT
tar -zcf koji-"$NEW_USER"-bundle.tgz .koji
cp koji-"$NEW_USER"-bundle.tgz $KOJI_PKI_DIR/bundle/.
popd

echo "The Koji CLI and Web key bundle for $NEW_USER is $KOJI_PKI_DIR/bundle/koij-$NEW_USER-bundle.tgz"