#!/usr/bin/ksh
#
# Copyright 2003 Sun Microsystems, Inc. All Rights Reserved.
#
# @(#)postinstall	1.23 03/11/07
#

# Define the paths used by this script
SCRIPT=$0
SCRNAME=`basename $SCRIPT`
COMPONENT_DIR=`dirname $0`

# Include function libraries
. $ESM_LIB/esm_lib.ksh
. $ESM_LIB/configvars_lib.ksh
. $ESM_LIB/watch_lib.ksh

# set JAVA_HOME 1.4 before sourcing the rest libs 
#
el_set_java_home
if [ $? -ne 0 ]; then
    el_log 1 "$SCRIPT ERROR: JAVA2 JAVA_HOME is not found. Unable to execute $SCRIPT"
    exit 1
fi
. $ESM_LIB/user_role_lib.ksh

. $COMPONENT_DIR/component_lib.ksh
. $COMPONENT_DIR/sstr_lib.ksh
. $COMPONENT_DIR/keytool_lib.ksh

#
# globals
#
US_BASE=/usr/sbin
SM_BASE=/usr/share/webconsole
CRE_HOME=$ESM_BASE/sssm/util/cre
SECURITY_HOME=$ESM_BASE/sssm/util/cre/security
propfile=$CRE_HOME/security/keystore.props
retcode=0

#
#jw ESM_IMQ_LOG=$ESM_TMP/imqconf.log

#---------------------------------------
# Display the usage message
# Arguments: 
#---------------------------------------
usage () {

    echo $SCRIPT: "INFO: usage: $progname [options]

    where options are:

        -? | -h | --help       Display this message
"
    exit 0
}

#---------------------------------------
# Arguments: 
#  $1 command line arguments (see usage function above)
#---------------------------------------
#jw main () {
#jw
#jw IMQ is disabled for ESM 2.0
#jw
#jw 	el_secho 1 $ESM_LOG y "=== $CL_NAME $CL_VERSION Begin: Postinstall for $CL_NAME"
#jw 	el_secho 1 $ESM_LOG n "=== Configuring IMQ"
#jw 
#jw 	# dump it into temp log
#jw 	[ -d "$ESM_TMP" ] || /usr/bin/mkdir -p $ESM_TMP
#jw 	$COMPONENT_DIR/imqconf >> $ESM_IMQ_LOG 2>&1
#jw 	el_log 1 "INFO: Please see $ESM_IMQ_LOG for imqconf output." 
#jw 
#jw 	el_secho 1 $ESM_LOG y "=== $CL_NAME $CL_VERSION End:   Postinstall for $CL_NAME"
#jw }

#
# Build the database.
#
_build_database ()
{
    PATH="/usr/bin:/usr/sbin"

    DB=$ESM_BASE/sssm/util/pgsql/nsm1

    # create nsm1 db 
    /usr/bin/su - sstr001 -c ${DB}/bin/dbinstall.sh > /dev/null 2>> $ESM_TMP/sm_db_install.log

    # If the user has choosen NOT to start ESM, stop the database.
    _inststart=`el_configvar_get "InstallStart"`
    if [ `el_checkboolean $_inststart` = "no" ]; then
	$SSTR_PGSQL stop
    fi

    # create the root crontab entry to clean the database nightly.
    # This improves the database performance.
    # Note: This entry is removed at uninstall time.

    el_log 2 "INFO: Adding watch entry for PostgreSQL database..."
    el_watch_add postgresql x '5 0 * * * /opt/SUNWstm/sssm/sbin/ct_dbclean.sh'

}

#
# Prepare the /usr/share/webconsole/esm directory for use by the SMI Common
# Console
_prep_esmdir ()
{
    # Copy the esm.war file to lockhart webconsole directory" >> $LOGFILE
    /bin/cp $ESM_BASE/sssm/lib/esm.war $SM_BASE/esm

    # Expand the esm.war file in $SM_BASE/esm
    cd $SM_BASE/esm
    $JAVA_HOME/bin/jar -xf esm.war >> $LOGFILE

    # Copy selected files to be used by ESM in the context of the SMI Common
    # Console JVM

    /bin/cp $ESM_BASE/sssm/lib/castor-0.9.4.3.jar $SM_BASE/esm/WEB-INF/lib 
    /bin/cp $ESM_BASE/sssm/lib/alarmservice.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/alarmservice-dl.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/diva.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/esm-topology.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/notification.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/preference.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/struts.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/asset.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/discovery-impl.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/discovery.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/esm-common.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/esm-jade.car $SM_BASE/esm/WEB-INF/lib/esm-jade.jar
    /bin/cp $ESM_BASE/sssm/util/cre/components/esm-model.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/eventapi.car $SM_BASE/esm/WEB-INF/lib/eventapi.jar
    /bin/cp $ESM_BASE/sssm/util/cre/components/hba.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/hds.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/idresolver.car $SM_BASE/esm/WEB-INF/lib/idresolver.jar
    /bin/cp $ESM_BASE/sssm/util/cre/components/jaxb-api.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/jaxb-libs.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/jaxb-ri.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/minnow2600.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/oob_util.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/postgresql.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/rhbad.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/rhbad_xml.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/serack.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/services-api.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/lib/stdevents-dl.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/stdevents.car $SM_BASE/esm/WEB-INF/lib/stdevents.jar
    /bin/cp $ESM_BASE/sssm/util/cre/components/switch.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/t3.jar $SM_BASE/esm/WEB-INF/lib
    /bin/cp $ESM_BASE/sssm/util/cre/components/wbem.jar $SM_BASE/esm/WEB-INF/lib

    # Link $SM_BASE/esm/index.html to all esm sub-directories.
    # "index.html" contains code that redirects to the SMICC login screen.

    /bin/find ./[A-Za-z]* -type d -exec /bin/ln -s $SM_BASE/esm/index.html {} \;

    # Change file permissions: 
    cd $SM_BASE/esm
    /bin/chmod -R 755 .

    # Change file ownership
    _file=$SM_BASE/esm/WEB-INF/system.properties
    if [ -f "$_file" ]; then
        /usr/bin/chown noaccess $_file
    fi
}


#
# register ESM in smicc

_esmReg ()
{
    _ret=0

    _prep_esmdir

    $US_BASE/smreg add -a $SM_BASE/esm >> $ESM_LOG 2>&1
    if [ $? -ne 0 ]; then
	el_log 1 "$SCRIPT ERROR: Unable to register esm with SMICC."
	_ret=1
    else
	# Enable SMICC to start when Solaris Boots
	el_secho 3 $ESM_LOG y "Enabling SMICC at boot time..."
	$US_BASE/smreg add -p ENABLE=yes  >> $ESM_LOG 2>&1
	if [ $? -ne 0 ]; then
	    el_log 1 "$SCRIPT ERROR: smreg ENABLE=yes failed." 
	    _ret=1
	fi
    fi

    return $_ret
}

#
# RBAC security configuration
#
_handleRBAC ()
{
    _retcode=0

    # assign ESM rights to ESM User role
    el_log 1 "Assigning root user the ESMUser role..."
    _setRoleESMRts
    # 1: failed
    if [ $? -eq 1 ]; then
	_retcode=1
    fi

    # assign ESM role to the root user
    _setRootRole
    if [ $? -eq 1 ]; then
	_retcode=1
	el_secho 1 $ESM_LOG y "$SCRIPT ERROR: Assigning ESM User role to the root user failed."
    fi

    return $_retcode
}

#
# create a store prop file
#
_create_props ()
{
    echo "\
keystore_pwd   = $1
truststore_pwd = $2" > $propfile
    /usr/bin/chown root:sys $propfile
    /usr/bin/chmod 400 $propfile
}

#
# handle keystore and truststore
#
_createStores ()
{
    _ret=0

    # obtain passwords
    _keypwd=`el_configvar_get "TR_KS_PWD"`
    _trustpwd=`el_configvar_get "TR_TS_PWD"`

    # handle keystore creation
    el_log 1 "Creating Keystore and Truststore..."

    cl_handleStores "$_keypwd" "$_trustpwd"
    # 1: failed
    if [ $? -eq 1 ]; then
	_ret=$?		
    fi
	
    # create props file
    if [ ! -f "$propfile" ]; then
	el_secho 1 $ESM_LOG n "Creating Keystore and Truststore Property file..."
	_create_props "$_keypwd" "$_trustpwd"
    fi

    # register SSL
    el_log 1 "Registering Keystore and Truststore..."
    $US_BASE/smreg add -p -e \
        esm_util_rmi_keystore=$SECURITY_HOME/keystore \
        esm_util_rmi_truststore=$SECURITY_HOME/truststore \
        esm_util_rmi_keystore_pwd=$_keypwd \
        esm_util_rmi_truststore_pwd=$_trustpwd >> $ESM_LOG 2>&1

    if [ $? -ne 0 ]; then
        el_log 1 "$SCRIPT ERROR: Unable to register keystore and truststore with SMICC."
	_ret=1
    fi

    # restart nscd only 
    _restartNSCD

    return $_ret
}

#
# main function
#
main ()
{
    _retval=0

    # Update the secondary configuration files
    cl_update_secondary_config_file
    [ $? -ne 0 ] && _retval=1

    # Build the PostgreSQL database
    _build_database
    [ $? -ne 0 ] && _retval=1

    # configure RBAC for root
    _handleRBAC
    [ $? -ne 0 ] && _retval=1

    # register ESM on smicc
    _esmReg
    [ $? -ne 0 ] && _retval=1

    # create keystore and truststore
    _createStores 
    [ $? -ne 0 ] && _retval=1

    # restart smicc
    SMSERVER=$US_BASE/smcwebserver
    if [ -f "$SMSERVER" ]; then
	el_log 1 "Restarting smcwebserver..."
	$US_BASE/smcwebserver restart >> $ESM_LOG 2>&1
    else
	el_log 1 "$SCRIPT ERROR: Unable to restart $SMSERVER"
    fi

    return $_retval
}

#
# start main
#

main $*

# return code
#
retcode=$?

if [ "$DEBUG" = "1" ]; then
    echo "Environment Variables:"
    echo "    ESM_LOG       |$ESM_LOG|"
    echo "    ESM_LOG_LEVEL |$ESM_LOG_LEVEL|"
    echo "    ESM_ON        |$ESM_ON|"
    echo "    ESM_SILENT    |$ESM_SILENT|"
    echo " "
    echo "    COMPONENT_DIR |$COMPONENT_DIR|"
    echo "    INTERACTIVE   |$INTERACTIVE|"
    echo "    ESM_BASE      |$ESM_BASE|"
    echo "    SCRIPT        |$SCRIPT|"

    cl_debug
fi

# show return code
exit $retcode 
