#!/bin/sh
#
# ident "@(#)postinstall	1.18 02/04/15 SMI"
#
# Copyright 1996-2002 Sun Microsystems, Inc.  All rights reserved.
#

#
# utskid registration
#
cp -f /etc/net/ticlts/services /etc/net/ticlts/services.orig
cp -f /etc/net/ticots/services /etc/net/ticots/services.orig
cp -f /etc/net/ticotsord/services /etc/net/ticotsord/services.orig

/usr/bin/sed '$a\
utskid utskid' /etc/net/ticlts/services.orig > /etc/net/ticlts/services.tmp
cp -f /etc/net/ticlts/services.tmp /etc/net/ticlts/services
/usr/bin/sed '$a\
utskid utskid' /etc/net/ticots/services.orig > /etc/net/ticots/services.tmp
cp -f /etc/net/ticots/services.tmp /etc/net/ticots/services
/usr/bin/sed '$a\
utskid utskid' /etc/net/ticotsord/services.orig > /etc/net/ticotsord/services.tmp
cp -f /etc/net/ticotsord/services.tmp /etc/net/ticotsord/services
rm -f /etc/net/ticlts/services.tmp
rm -f /etc/net/ticots/services.tmp
rm -f /etc/net/ticotsord/services.tmp

#
# start utskid
#
ps -ae | grep utskid >> /dev/null
if [ $? = 0 ]; then
	echo "SKI keyserver already running."
	echo "Stopping and restarting the keyserver."
	echo "Please re-skilogin keys after package installation is complete."
	/etc/init.d/utskid stop
	/etc/init.d/utskid start
else
	echo "starting the SKI keyserver."
	/etc/init.d/utskid start
fi

#
# Certificate number (license) installation
#

licFile="/etc/opt/SUNWut/http/ski/license"
cert_lic_num=10 # number of certificate licenses
IFS=

#
# update_cert_cnt_file()
#
# DESCRIPTION:
#       Parse certificate counter string and determine how many
#       certificates have been issued and how many more certificates.
#       can be issued.
#       Add the number of new certificate licenses to the existing
#       number of certificate licenses (i.e., credit unused certificates
#       from old package towards new package)
#
# PARAMETER:
#       New certificate licenses
#
# RETURN VALUES:
#       Success: 0
#       Error: -1
#
update_cert_cnt_file () {
    /usr/bin/nawk '{ preIssuedStrLen = 14; # Parse (random) PRE_ISSUED_STRING
        preIssuedStr = substr($0, 1, preIssuedStrLen);
        # PRE_AVAIL_STRING is a constant
        preAvailStr = "0292kew0w21002-20202";
        match($0, preAvailStr);
        preAvailStrStart = RSTART;
        if (preAvailStrStart == 0) {
                print "Invalid certificate counter string"
                exit -1
        }
        preAvailStrLen = RLENGTH;
        # Parse number of issued certificates
        issuedLen = preAvailStrStart - preIssuedStrLen - 1;
        issued = substr($0, preIssuedStrLen + 1, issuedLen);
        # Parse (random) TRAIL_AVAIL_STRING
        trailAvailStrLen = 30;
	trailAvailStrLen = 30;
        trailAvailStrStart = length($0) - trailAvailStrLen + 1;
        trailAvailStr = substr($0, trailAvailStrStart, trailAvailStrLen);
        # Parse number of available certificate licenses
        availLen = trailAvailStrStart - preIssuedStrLen - preAvailStrLen - issuedLen - 1;
        avail = substr($0, preAvailStrStart + preAvailStrLen, availLen);
        # Add the new licenses to the old ones
        avail += certNum
        licFile = "/etc/opt/SUNWut/http/ski/license";
        printf "%s%s%s%s%s", preIssuedStr, issued, preAvailStr, avail, trailAvailStr > licFile }' certNum=$1
}

#
# create_cert_cnt_file
#
# DESCRIPTION:
#       Create new certificate license file and store
#       10 certificate licenses in it.
#
create_cert_cnt_file () {
        /usr/bin/printf \
        "92jsp03220222500292kew0w21002-20202100002187798acbd312302fd431adf4578" \
        >> $licFile
#       /usr/bin/chmod 600 $licFile
        /usr/bin/chmod 777 $licFile
        /usr/bin/chgrp sys $licFile
#       echo ""
#       echo "NOTE: In order to be able to issue certificates from this machine,"
#       echo "you must set the file ownership and file group ownership of the"
#       echo "'/etc/opt/SUNWut/http/ski/license' file appropriately, using chmod(1) and chgrp(1)."
#       echo ""
#       echo "In order to do this, you have to determine who will be issuing"
#       echo "certificates from this machine, i.e., you have to determine the user"
#       echo "names of the Certificate Authorities (CAs) running on this machine."
#       echo ""
#       echo "Make sure that you have set the file ownership and file group ownership"
#       echo "flags for the '/etc/opt/SUNWut/http/ski/license' file appropriately BEFORE any of the"
#       echo "commands that issue certificates (i.e., 'utcrca', 'ccreds',"
#       echo "and 'certify') are executed from this machine."
#       echo ""
#       echo "Example: If your Root CA operates on this machine, and your Root CA"
#       echo "is run as user 'rootca', the '/etc/opt/SUNWut/http/ski/license' file must be owned"
#       echo "by 'rootca', and 'rootca' must be able to update (i.e., read from"
#       echo "and write to) this file."
#       echo ""
}

#
# START
#
echo ""
echo "Certificate License Installation"

# Check if certificate counter file exists
if [ -s $licFile ]; then
        # certificate counter file exists and is not empty; update it
        /usr/bin/cat "/etc/opt/SUNWut/http/ski/license" | update_cert_cnt_file $cert_lic_num
else
        # certificate file does not exist or is empty; create it
        create_cert_cnt_file
fi
status=$?
if [ $status -ne 0 ]; then
        exit 1
fi

echo "## Done ##"
exit 0
