#!/bin/sh

# Check if ldap can be connected to
ldap_host=$(awk -F'/' '/idp.authn.LDAP.ldapURL=/ {print $3}' /opt/shibboleth-idp/conf/ldap.properties)
if ! nc -w 3 -z $ldap_host 636; then
  echo "Unable to connect to ldaps://$ldap_host"
  exit 1
fi
 
# if there is a metadata file for the test sp, enable it.
if [ -f /metadata/sp-metadata.xml ]; then
  sed -i -e '/sp.nordu.dev/ s/<!--//' -e '/sp.nordu.dev/ s/-->//' /opt/shibboleth-idp/conf/metadata-providers.xml
fi

IDP_PROPERTIES=${IDP_PROPERTIES:-/opt/shibboleth-idp/conf/idp.properties}
if [ -n "$IDP_HOSTNAME" ]; then
  sed -i -e "s/idp.nordu.dev/$IDP_HOSTNAME/" $IDP_PROPERTIES
fi
if [ -n "$IDP_SCOPE" ]; then
  sed -i -e "/idp.scope=/ s/nordu.dev/$IDP_HOSTNAME/" $IDP_PROPERTIES
fi
# log to /opt/data/logs
if [ -e /opt/data ]; then
  if ! grep -q "idp.logfiles=" $IDP_PROPERTIES; then
    mkdir /opt/data/logs
    echo "idp.logfiles=/opt/data/logs" >> $IDP_PROPERTIES
  fi
fi


# Set sessiontimeout
if [ -n "$IDP_SESSION_TIMEOUT" ]; then
  sed -i -e "/#idp.session.timeout\s*=/ s/^#//" \
    -e "/#idp.authn.defaultLifetime\s*=/ s/^#//" "$IDP_PROPERTIES"

  sed -i -e "/idp.session.timeout\s*=/ s/=.*/= $IDP_SESSION_TIMEOUT/" \
    -e "/idp.authn.defaultLifetime\s*=/ s/=.*/= $IDP_SESSION_TIMEOUT/" "$IDP_PROPERTIES"

fi
if [ -n "$IDP_AUTHN_TIMEOUT" ]; then
  sed -i -e "/#idp.authn.defaultTimeout\s*=/ s/^#//" "$IDP_PROPERTIES"

  sed -i -e "/idp.authn.defaultTimeout\s*=/ s/=.*/= $IDP_AUTHN_TIMEOUT/" "$IDP_PROPERTIES"
fi

# Default property changes
# Use secure cookies (https only)
sed -i -e "/idp.cookie.secure/ s/^#//" -e "/idp.cookie.secure/ s/false/true/" $IDP_PROPERTIES

# Make encrytping optional (some SPs don't have encryption)
if [ $IDP_ENCRYPTION_OPTIONAL ]; then
  sed -i -e '/idp.encryption.optional/ s/^#//' -e '/idp.encryption.optional/ s/false/true/' $IDP_PROPERTIES
fi

# FTICKS
if [ -n "$FTICKS_FEDERATION" ]; then
  sed -i -e '/idp.fticks.federation=/ s/^#//' \
         -e "/idp.fticks.federation=/ s/MyFederation/$FTICKS_FEDERATION/" \
         -e '/idp.fticks.algorithm=/ s/^#//' $IDP_PROPERTIES
  if [ -n "$FTICKS_SALT" ]; then
    sed -i -e '/idp.fticks.salt=/ s/^#//' \
           -e "/idp.fticks.salt=/ s/=.*/=$FTICKS_SALT/" $IDP_PROPERTIES
  fi

  if [ -n "$FTICKS_HOST" ]; then
    sed -i -e '/idp.fticks.loghost=/ s/^#//' \
           -e "/idp.fticks.loghost=/ s/=.*/=$FTICKS_HOST/" $IDP_PROPERTIES
  fi
  if [ -n "$FTICKS_PORT" ]; then
    sed -i -e '/idp.fticks.logport=/ s/^#//' \
           -e "/idp.fticks.logport=/ s/=.*/=$FTICKS_PORT/" $IDP_PROPERTIES
  fi
fi

# PersistentID

if [ -n "$IDP_PERSISTENTID_SALT" ]; then
  if ! grep -q '<ref bean="shibboleth.SAML2PersistentGenerator"  />' /opt/shibboleth-idp/conf/saml-nameid.xml ; then
    sed -i -e '/<util:list id="shibboleth.SAML2NameIDGenerators">/ a <ref bean="shibboleth.SAML2PersistentGenerator"  />' /opt/shibboleth-idp/conf/saml-nameid.xml
  fi

  source_attr=${IDP_PERSISTENTID_SOURCE:-uid}
  sed -i -e '/idp.persistentId.sourceAttribute/ s/^#//' \
         -e "/idp.persistentId.sourceAttribute/ s/changethistosomethingreal/$source_attr/" \
         -e '/idp.persistentId.salt/ s/^#//' \
         -e "/idp.persistentId.salt/ s/changethistosomethingrandom/$IDP_PERSISTENTID_SALT/"  /opt/shibboleth-idp/conf/saml-nameid.properties
  # add xml conf to attribute-resolver
  if ! grep -q "%{idp.persistentId.sourceAttribute}" /opt/shibboleth-idp/conf/attribute-resolver.xml ; then
    sed -i '/<!-- eduPersonTargetdID placeholder -->/r /opt/templates/config/edupersontargetdid.xml.add' /opt/shibboleth-idp/conf/attribute-resolver.xml
  fi
fi

if [ -n "$IDP_DEBUG" ]; then
  if ! grep -q "idp.loglevel.messages=DEBUG" $IDP_PROPERTIES ; then
    echo "idp.loglevel.messages=DEBUG" >> $IDP_PROPERTIES
    echo "idp.loglevel.encryption=DEBUG" >> $IDP_PROPERTIES
  fi
fi

DATADIR=/opt/data
# overwrite signing keys if present
if [ -f ${DATADIR}/credentials/idp-signing.key -a -f ${DATADIR}/credentials/idp-signing.crt ]; then
  cp ${DATADIR}/credentials/idp-signing.key /opt/shibboleth-idp/credentials/idp-signing.key
  cp ${DATADIR}/credentials/idp-signing.crt /opt/shibboleth-idp/credentials/idp-signing.crt
fi
# overwrite encryption keys if present
if [ -f ${DATADIR}/credentials/idp-encryption.key -a -f ${DATADIR}/credentials/idp-encryption.crt ]; then
  cp ${DATADIR}/credentials/idp-encryption.key /opt/shibboleth-idp/credentials/idp-encryption.key
  cp ${DATADIR}/credentials/idp-encryption.crt /opt/shibboleth-idp/credentials/idp-encryption.crt
fi

# overwrite idp-metadata if present
if [ -f ${DATADIR}/idp-metadata.xml ]; then
  cp ${DATADIR}/idp-metadata.xml /opt/shibboleth-idp/metadata/
fi

if [ -e ${DATADIR}/messages ]; then
  cp $DATADIR/messages/* /opt/shibboleth-idp/messages/
fi

# SP add
if [ -e ${DATADIR}/sp-metadata ]; then
  cp ${DATADIR}/sp-metadata/*.xml /opt/shibboleth-idp/metadata/
  for sp_file in ${DATADIR}/sp-metadata/*.xml; do
    SP_XML=$(basename "$sp_file")
    SP_NAME=${SP_XML%.*}
    ENTITY_ID=$(grep -o 'entityID=".*"' "$sp_file" | sed -e 's/entityID="//' -e 's/".*$//')

    if ! grep -q "$SP_XML" /opt/shibboleth-idp/conf/metadata-providers.xml ; then
      sed -i '/<!-- local SPs -->/r /opt/templates/config/sp.xml.add' /opt/shibboleth-idp/conf/metadata-providers.xml
      sed -i -e "s/SP_NAME/$SP_NAME/" -e "s/SP_XML/$SP_XML/" /opt/shibboleth-idp/conf/metadata-providers.xml

      # Release attributes
      sed -i "/<!-- local SPs -->/a <Rule xsi:type=\"Requester\" value=\"$ENTITY_ID\" />" /opt/shibboleth-idp/conf/attribute-filter.xml
    fi
  done
fi

# Start jetty
exec /docker-entrypoint.sh java -jar /usr/local/jetty/start.jar