#!/usr/bin/env perl

use strict;
use warnings;
use FindBin qw($Bin);
use lib "$Bin/";
use SB::Defaults qw($CONFIG $SB_CONFIG);
use SB::SSO qw(enableSso unregisterApplication changeSsoServer updateSsoApplicationData exportUser importAdmin);
use SB::Utils qw(parseIni);
use Getopt::Long;
use SB::Logging qw(INFO DEBUG $Logger);

sub booleanFilter($) {
	my $value = shift;
	if (defined($value) && ($value =~ m/^(on|true)$/i || $value eq "1")) {
		return 1;
	}
	else {
		return 0;
	}
}

sub valuesDiffer {
	my ($oldValue, $newValue) = @_;
	if (defined($newValue) && !defined($oldValue)) {
		$oldValue = "";
	}
	return defined($oldValue) && defined($newValue) &&	$oldValue ne $newValue;
}

sub printHelp {
	print "Usage: \n";
	print "\t--disable_sso            Disable SSO and unregister application from SSO server\n";
	print "\t--enable_sso             Enable SSO\n";
	print "\t--server_url=URL         Use the specified SSO server\n";
	print "\t--application_url=URL    Use the specified application URL\n";
	print "\t--export_user            Export user\n";
	print "\t--import_admin           Import default admin user from /etc/sso/defaults\n";
	print "\t--help                   Print this message\n";
	print "\n";
	print "export_user takes the following argument: currentUserName:ssoUserName[:password].\nThis option can be used multiple times\n";
	print "\nExample: \n";
	print "\tsso_config --enable_sso --server_url=https://sso.example.com:11443/ \\ \n\t\t--export_user=alice:ssoalice:secret --export_user=bob:bob\n";
	return;
}

sub main() {
	my $currentConfig = parseIni($SB_CONFIG, $SB::Defaults::CONFIG);
	my $config = SB::Defaults::makeConfigCopy($currentConfig);
	my @exported_users;
	my $help = 0;
	my $import_admin = 0;
	my $disable_sso = 0;

	my $result = GetOptions(
		"disable_sso|disable-sso" => \$disable_sso,
		"enable_sso|enable-sso" => \$config->{'sso'}->{'enabled'},
		"server_url=s" 		=> \$config->{'sso'}->{'server'},
		"application_url=s" => \$config->{'general'}->{'application_url'},
		"export_user=s"		=> \@exported_users,
		"import_admin"		=> \$import_admin,
		"help"				=> \$help
	);

	if ($help || $result == 0) {
		printHelp();
		return 0;
	}

	$SB::Defaults::CONFIG = $config;

	$Logger->init($SB::Defaults::SB_PREFIX . "/tmp/sso_config.log");
	$Logger->setShowLogName(1);

	if ($disable_sso) {
		unregisterApplication();
		return 0;
	}

	if (booleanFilter($config->{'sso'}->{'enabled'}) == 1) {
		if (booleanFilter($currentConfig->{'sso'}->{'enabled'}) == 0) {
			enableSso();
		}
		elsif (valuesDiffer($currentConfig->{'sso'}->{'server'},
							$config->{'sso'}->{'server'})) {
			changeSsoServer();
		}
		if (valuesDiffer($currentConfig->{'general'}->{'application_url'},
						$config->{'general'}->{'application_url'})
			&& booleanFilter($currentConfig->{'sso'}->{'enabled'}) == 1) {
		
			updateSsoApplicationData();
		}
		SB::Utils::writeIni($SB_CONFIG, $config);
	}
	unless (booleanFilter($config->{'sso'}->{'enabled'}) && 
			(@exported_users || $import_admin)) {
		return 0;
	}

	$Logger->Log(DEBUG, "Exporting " . (scalar @exported_users) . " user(s)");
	foreach (@exported_users) {
		my ($username, $sso_username, $sso_password) = split /:/;
		next unless ($username && $sso_username);
		exportUser($username, $sso_username, $sso_password);
	}
	
	if ($import_admin) {
		importAdmin();
	}
	$Logger->Log(INFO, "Done");
	return 0;
}

exit(main());

