#!/bin/bash

# COmanage Registry Shibboleth SP Dockerfile entrypoint
#
# Portions licensed to the University Corporation for Advanced Internet
# Development, Inc. ("UCAID") under one or more contributor license agreements.
# See the NOTICE file distributed with this work for additional information
# regarding copyright ownership.
#
# UCAID licenses this file to you under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with the
# License. You may obtain a copy of the License at:
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

if [ -n "$COMANAGE_DEBUG" ]
then
    OUTPUT=/dev/stdout
else
    OUTPUT=/dev/null
fi

# Configuration details that may be injected through environment
# variables or the contents of files.
#
# SHIBBOLETH_SP_METADATA_PROVIDER_XML may also be injected in the
# same way but because of the presence of special characters in the
# XML it is handled differently.

injectable_config_vars=( 
    SHIBBOLETH_SP_ENTITY_ID
    SHIBBOLETH_SP_CERT
    SHIBBOLETH_SP_PRIVKEY
    SHIBBOLETH_SP_SAMLDS_URL
)

# If the file associated with a configuration variable is present then 
# read the value from it into the appropriate variable. So for example
# if the variable COMANAGE_REGISTRY_DATASOURCE_FILE exists and its
# value points to a file on the file system then read the contents
# of that file into the variable COMANAGE_REGISTRY_DATASOURCE.

for config_var in "${injectable_config_vars[@]}"
do
    eval file_name=\$"${config_var}_FILE";

    if [ -e "$file_name" ]; then
        payload=`cat $file_name`
        declare "${config_var}"="${payload}"
    fi
done

# If no shibboleth2.xml file is present then create one using 
# injected information or defaults that are not particularly
# useful in a federated context but will allow shibd to start.
if [ ! -e /etc/shibboleth/shibboleth2.xml ]; then
    cp /etc/shibboleth/shibboleth2.xml.template /etc/shibboleth/shibboleth2.xml
    sed -i -e s@%%SHIBBOLETH_SP_ENTITY_ID%%@"${SHIBBOLETH_SP_ENTITY_ID:-https://comanage.registry/shibboleth}"@ /etc/shibboleth/shibboleth2.xml
    sed -i -e s@%%SHIBBOLETH_SP_SAMLDS_URL%%@"${SHIBBOLETH_SP_SAMLDS_URL:-https://localhost/registry/pages/eds/index}"@ /etc/shibboleth/shibboleth2.xml

    # The metadata provider injected input most likely contains special characters
    # so use a sed script instead of simple substitution on the command line.

    if [ -n "$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE" ]; then
        xml_content_file="$SHIBBOLETH_SP_METADATA_PROVIDER_XML_FILE"
    else
        xml_content_file=`/bin/mktemp`
        echo ${SHIBBOLETH_SP_METADATA_PROVIDER_XML:-} > ${xml_content_file}
    fi

    sed_script_file=`/bin/mktemp`
    cat > ${sed_script_file}<<EOF
/%%SHIBBOLETH_SP_METADATA_PROVIDER_XML%%/ {
    r ${xml_content_file}
    d
}
EOF

    sed -i -f ${sed_script_file} /etc/shibboleth/shibboleth2.xml
    
    chmod 0644 /etc/shibboleth/shibboleth2.xml
fi

# If defined use configured location of Shibboleth SP SAML certificate and key.
if [ -n "$SHIBBOLETH_SP_CERT" ]; then
    cp "$SHIBBOLETH_SP_CERT" /etc/shibboleth/sp-cert.pem
    chown shibd /etc/shibboleth/sp-cert.pem
    chmod 0644 /etc/shibboleth/sp-cert.pem
fi

if [ -n "$SHIBBOLETH_SP_PRIVKEY" ]; then
    cp "$SHIBBOLETH_SP_PRIVKEY" /etc/shibboleth/sp-key.pem
    chown shibd /etc/shibboleth/sp-key.pem
    chmod 0600 /etc/shibboleth/sp-key.pem
fi

# If ENV or USERTOKEN as injected by the deployer contain a semi-colon remove it.
if [[ $ENV =~ .*";".* ]]; then
    ENV=`echo $ENV | tr -d ';'`
    export ENV
fi

if [[ $USERTOKEN =~ .*";".* ]]; then
    USERTOKEN=`echo $USERTOKEN | tr -d ';'`
    export USERTOKEN
fi

# If ENV or USERTOKEN as injected by the deployer contain a space remove it.
if [[ $ENV =~ [[:space:]] ]]; then
    ENV=`echo $ENV | tr -d [:space:]`
    export ENV
fi

if [[ $USERTOKEN =~ [[:space:]] ]]; then
    USERTOKEN=`echo $USERTOKEN | tr -d [:space:]`
    export USERTOKEN
fi

# Start the daemon.
export LD_LIBRARY_PATH=/opt/shibboleth/lib64
exec /usr/sbin/shibd -f -u shibd -g shibd -c /etc/shibboleth/shibboleth2.xml -p /var/run/shibboleth/shibd.pid -F