#!/bin/bash
# Create a debian package for the client vantage point

set -e -o pipefail

VP=$1

if [ "${VP}" = "" ] ;then
  echo "Usage: $0 vantage-point-name > package.deb" 1>&2
  echo "  Example: $0 san8-us > natp-ssh.deb" 1>&2
  exit 1
fi

if echo "${VP}" | grep -Eqv "^[a-z_][a-z0-9_-]{0,31}$"; then
  echo "ERROR: Vantage point name $VP must be usable as a username" 1>&2
  echo "(lower case ascii letters, numbers, underscores, hyphens)" 1>&2
  echo "  Example: san8-us" 1>&2
  exit 1
fi

cd /opt/natp-ssh/etc || exit 1
. ./conf

if [ "${CLIENTPACKAGENAME}" = "" ] ;then
  CLIENTPACKAGENAME=natp-ssh
fi

if [ "${SERVER}" != "${SERVER##.}" ] ;then
  # begins with "." so prepend the VP name
  SERVER=${VP}${SERVER}
fi

PORT=$(oidc_query \
            --token-file /etc/ark/.arkmon-offline.token \
            arkmon-offline \
            "https://api.arkmon.caida.org/monitors/${VP}" \
            2>/dev/null \
            | jq ".natpport")

if [ -z "$PORT" ]; then
  echo "ERROR: Failed to query dory for natpport" 1>&2
  exit 1
fi

if [ "$PORT" == "null" ]; then
  echo "ERROR: ${VP} does not have a port defined in dory" 1>&2
  exit 1
fi

# DEBD=/opt/natp-ssh/client
DEBD=/tmp/natp-ssh-$$
mkdir -p ${DEBD}
cp --recursive --preserve --no-dereference /opt/natp-ssh/client/* ${DEBD}/

OPTDIR=${DEBD}/opt/${CLIENTPACKAGENAME}
mv ${DEBD}/opt/CLIENTPACKAGENAME ${OPTDIR}
SERVICEFILE=${DEBD}/lib/systemd/system/${CLIENTPACKAGENAME}.service
mv ${DEBD}/lib/systemd/system/CLIENTPACKAGENAME.service ${SERVICEFILE}

for FILENAME in ${DEBD}/DEBIAN/* ${SERVICEFILE} ;do
  sed -i "
    s/HOST/${VP}/g
    s/SERVERNAME/${SERVER}/g
    s/CLIENTPACKAGENAME/${CLIENTPACKAGENAME}/g
    " ${FILENAME}
done

VERS=`grep '^Version: ' ${DEBD}/DEBIAN/control | sed 's/^.*: //'`
SERVERPORT=$(grep '^Port ' sshd_config | awk '{ print $2 }')
PERSISTENTNAME="natp-${PORT}"

if getent passwd "$PERSISTENTNAME" > /dev/null; then
    ACTUALNAME=$PERSISTENTNAME
elif getent passwd "$VP" > /dev/null; then
    ACTUALNAME=$VP
else
    echo "ERROR: no account matching ${PERSISTENTNAME} or ${VP}" 1>&2
    exit 1
fi

rm -rf ${OPTDIR}/.ssh
mkdir -p ${OPTDIR}/.ssh
sed "
  s/SERVERPORT/${SERVERPORT}/g
  s/VANTAGEPOINT/${ACTUALNAME}/g
  s/RETURNPORT/${PORT}/g
  s/CLIENTPACKAGENAME/${CLIENTPACKAGENAME}/g
  " ssh_config.template > ${OPTDIR}/.ssh/config
#grep '^[A-Za-z]' conf | sed "
#	s/^SERVER=.*/SERVER=${SERVER}/
#	" > ${DEBD}/opt/natp-ssh/.ssh/env
echo "SERVER=${SERVER}" > ${OPTDIR}/.ssh/env
echo "SERVERPORT=${SERVERPORT}" >> ${OPTDIR}/.ssh/env

sed "
  s/^/${SERVER} /
  s/ [\\.a-zA-Z0-9]*@[\\.a-zA-Z0-9]*$//
    " ssh_host_ed25519_key.pub > ${OPTDIR}/.ssh/known_hosts
cp "private-keys/${ACTUALNAME}" "${OPTDIR}/.ssh/${ACTUALNAME}"

umask 077
dpkg-deb -b ${DEBD} deb/natp-ssh-${VP}-${VERS}.deb 1>&2
R=$?
# dpkg-deb knows smarter than umask about file permissions! Fix it.
chmod 600 deb/natp-ssh-${VP}-${VERS}.deb 2>>/dev/null || true
if [ "${R}" != "0" ] ;then
  echo "ERROR: dpkg-deb build failed: $R" 1>&2
  exit $R
fi
if [ ! -t 1 ] ;then 
  # if output is directed to a file, send the contents of the debian package
  cat deb/natp-ssh-${VP}-${VERS}.deb
fi
rm -rf ${DEBD}
exit 0

