# Copyright 05/03/99 Sun Microsystems, Inc. All Rights Reserved.
#pragma ident  "@(#)postinstall	1.36 99/05/03 Sun Microsystems"
#
# Purpose:              SUNWrprox package postinstall script
# Author:               Dan Gordon
# Creation date:        07/20/98
#
# Details:
#
# Fills config files with information previously collected.
#
# This script is meant to be run as part of the SUNWrprox package
# installation. It assumes that the following variables have already
# been gathered and made available by the "request" script.
#
#	BASEDIR
#	RELBASEDIR
#	CHROOTED
#	CHROOTDIR
#	FQDNHOSTNAME
#	RPROXYPORT
#	EPROXYPORT
#	AUTHSSLMODE
#	RELRPPATH
#	ABSRPPATH
#	NSPROXYHOST_AND_PORT
#	USENSPROXY
#	FQDNAUTHSERVER
#	AUTHHOST
#	AUTHPORT
#	AUTHSSLPORT
#	PREFHOST
#	PREFPORT
#	TOPDOMAIN
#	SUBDOMAINS
#	CERTTEMPFILE
#
# Change History:
#
# 09/28/98 - dan.gordon - Added editing of startup script.
#
# 09/30/98 - dan.gordon - Added config of rpconfig files.
#


PATH=/bin:/usr/bin:/sbin:/usr/sbin
EDITFILES="$ABSRPPATH/config/HTMLTranslator.config \
           $ABSRPPATH/config/HTTPSService.config \
	   $ABSRPPATH/config/ReverseProxy.config \
	   $ABSRPPATH/config/DomainWebProxy.config \
	   $ABSRPPATH/config/EProxy.config \
	   /etc/opt/SUNWstnr/platform.conf \
	   $ABSRPPATH/policy/reverseproxy.policy \
	   $ABSRPPATH/bin/rproxy_admin \
	   $ABSRPPATH/bin/iplanet_gw_start \
	   $ABSRPPATH/bin/certstore \
		$ABSRPPATH/bin/certadmin \
	   $ABSRPPATH/config/CFGConfig.config \
	   $ABSRPPATH/config/rpconfig.def \
	   $ABSRPPATH/bin/iplanet_gw \
	   $ABSRPPATH/bin/rpconfig"
RPCONFIGFILE="${RELRPPATH}/config/ReverseProxy.config"
ECONFIGFILE="${RELRPPATH}/config/EProxy.config"
CFGCONFIGFILE="${RELRPPATH}/config/CFGConfig.config"
INITDFILE="/etc/init.d/iplanet_gw"
STOPRPFILE="$ABSRPPATH/bin/iplanet_gw_stop"

cd $ABSRPPATH

# Determine how $COMPLETEFQDNHOST will look based on EPROXYPORT setting
# We do this since 443 is the default for https and if its defined already
# then things get confused.  Instead of going back to RPROXYPORT, we want
# it to go through eproxy, so use EPROXYPORT

if [ "$EPROXYPORT" = "$RPROXYPORT" ]
then
	exit 1
fi

if [ "$EPROXYPORT" = "443" ]
then
   COMPLETEFQDNHOST=${FQDNHOSTNAME}
else
   COMPLETEFQDNHOST=${FQDNHOSTNAME}:${EPROXYPORT}
fi

#
# check if platform.conf has been configured by another pkg, if so
# just SED it, otherwise copy it from platform.conf.orig
#
if [ ! -f /etc/opt/SUNWstnr/platform.conf ]; then
	cp /etc/opt/SUNWstnr/platform.conf.orig /etc/opt/SUNWstnr/platform.conf
fi

PROTOCOL=http
if [ "$AUTHSSLMODE" = "1" ]; then
    PROTOCOL="https"
fi


GATEWAY_IP_ADDRESS=`getent hosts $FQDNHOSTNAME | awk '{print $1}'` 

if [ "$EPROXYPORT" = "443" ]
then
   COMPLETEGATEWAY_IP=${GATEWAY_IP_ADDRESS}
else
   COMPLETEGATEWAY_IP=${GATEWAY_IP_ADDRESS}:${EPROXYPORT}
fi

AUTH_IP_ADDRESS=`getent hosts $FQDNAUTHSERVER | awk '{print $1}'` 
if [ "$GATEWAY_IP_ADDRESS" = "" ]; then
    echo ERROR could not resolve the Gateway IP Address
fi
if [ "$AUTH_IP_ADDRESS" = "" ]; then
    echo ERROR could not resolve the Auth Server IP Address
fi


# make all replacements in all required files
echo "Editing configuration files . . ."
for file in $EDITFILES
do
   cp -p $file $file.tmpl
   sed -e "s/COMPLETEFQDNHOST/$COMPLETEFQDNHOST/g" \
       -e "s/AUTHSSLPORT/$AUTHSSLPORT/g" \
       -e "s/RPROXYPORT/$RPROXYPORT/g" \
       -e "s#PLATDIR#$BASEDIR#g" \
       -e "s/PROTOCOL/$PROTOCOL/g" \
       -e "s/SSLPORT/$AUTHSSLPORT/g" \
       -e "s/EPROXYPORT/$EPROXYPORT/g" \
       -e "s/GATEPORT/$EPROXYPORT/g" \
       -e "s:RELRPPATH:$RELRPPATH:g" \
       -e "s/NSPROXYHOST_AND_PORT/$NSPROXYHOST_AND_PORT/g" \
       -e "s/USENSPROXY/$USENSPROXY/g" \
       -e "s/FQDNAUTHSERVER/$FQDNAUTHSERVER/g" \
       -e "s/FQDNGATEWAY/$FQDNHOSTNAME/g" \
       -e "s/AUTHHOST/$AUTHHOST/g" \
       -e "s/AUTHPORT/$AUTHPORT/g" \
       -e "s/PREFHOST/$PREFHOST/g" \
       -e "s/PREFPORT/$PREFPORT/g" \
       -e "s:RPCONFIGFILE:$RPCONFIGFILE:g" \
       -e "s:ECONFIGFILE:$ECONFIGFILE:g" \
       -e "s:CFGCONFIGFILE:$CFGCONFIGFILE:g" \
       -e "s:TOPDOMAIN:$TOPDOMAIN:g" \
       -e "s:SUBDOMAIN:$SUBDOMAIN:g" \
       -e "s/GATEWAY_IP_ADDRESS/$COMPLETEGATEWAY_IP/g" \
       -e "s:IPAUTHSERVER:$AUTH_IP_ADDRESS:g" \
       $file.tmpl > $file
   rm -f $file.tmpl
done

# clean up reversepolicy file if ssl port is default of 443
if [ "$AUTHSSLPORT" = "443" ]
then
        cp -p $ABSRPPATH/policy/reverseproxy.policy $ABSRPPATH/policy/reverseproxy.policy.tmpl
	sed -e "s/:$AUTHSSLPORT//g" \
	$ABSRPPATH/policy/reverseproxy.policy.tmpl > $ABSRPPATH/policy/reverseproxy.policy
	rm -f $ABSRPPATH/policy/reverseproxy.policy.tmpl
fi

TMPSSLPORT=
if [ "$PROTOCOL" = "https" ]
then
	if [ "$AUTHSSLPORT" != "443" ]; then
	    TMPSSLPORT=:$AUTHSSLPORT
	fi
        cp -p /etc/opt/SUNWstnr/platform.conf /etc/opt/SUNWstnr/platform.conf.$$
	sed -e "s/profileURL=http:\/\/$FQDNAUTHSERVER:$AUTHPORT\/sessioninfo/profileURL=https:\/\/$FQDNAUTHSERVER$TMPSSLPORT\/sessioninfo/g" /etc/opt/SUNWstnr/platform.conf.$$ > /etc/opt/SUNWstnr/platform.conf
	rm -f /etc/opt/SUNWstnr/platform.conf.$$
fi


# create ForwardCookieURL filter
cp /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf.tmpl
if [ "$AUTHSSLPORT" = "443" ]
then
	echo "https://FQDNAUTHSERVER:$AUTHSSLPORT" >> /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf.tmpl
	echo "https://IPAUTHSERVER:$AUTHSSLPORT" >> /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf.tmpl
fi
sed	-e "s/FQDNAUTHSERVER/$FQDNAUTHSERVER/g" \
	-e "s/AUTHPORT/$AUTHPORT/g" \
        -e "s:IPAUTHSERVER:$AUTH_IP_ADDRESS:g" \
        -e "s/AUTHSSLPORT/$TMPSSLPORT/g" \
	/etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf.tmpl > /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf
rm /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf.tmpl

# create secureURL filter if using ssl to platform server
# this file is identical to ForwardCookie during install so
# just use it, if SSL mode is not on during install
# save it as secureURL.conf.bak for later
if [ "$AUTHSSLMODE" -eq 1 ]
then
	cp /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf /etc/opt/SUNWstnr/gateway/secureURL.conf
else
	cp /etc/opt/SUNWstnr/gateway/ForwardCookieURL.conf /etc/opt/SUNWstnr/gateway/secureURL.conf.bak
	cp /dev/null /etc/opt/SUNWstnr/gateway/secureURL.conf
fi


# Make edits to stoprproxy

cp -p $STOPRPFILE $STOPRPFILE.tmpl
sed -e "s:ABSRPPATH_V:$ABSRPPATH:g" \
    $STOPRPFILE.tmpl > $STOPRPFILE
rm -f $STOPRPFILE.tmpl

# Now make edits to init.d file and put in place

cp -p $INITDFILE $INITDFILE.tmpl
sed -e "s:RELRPPATH:$RELRPPATH:g" \
    -e "s:PLATDIR:$BASEDIR:g" \
    -e "s:ABSRPPATH_V:$ABSRPPATH:g" \
    -e "s:CHROOTED_V:$CHROOTED:g" \
    -e "s:CHROOTDIR_V:$CHROOTDIR:g" \
    $INITDFILE.tmpl > $INITDFILE
rm -f $INITDFILE.tmpl

# create test certificate
if [ "X$CERTTEMPFILE" != "X" ]
then
	if [ -f $CERTTEMPFILE ]
	then
		rm -f /keys
		echo "Creating test self-signed certificate..."
		$ABSRPPATH/bin/certstore -auto $CERTTEMPFILE -selfcert > /dev/null
		echo
	fi
fi


if [ "$CHROOTED" -eq 1 ] ; then
echo
echo "######################################################################"
echo
echo " Don't forget to:"
echo "   - put your hostname and IP in the ${CHROOTDIR}/etc/hosts file."
echo "   - put your authserver hostname and IP in the ${CHROOTDIR}/etc/hosts file."
echo "   - put your proxy hostname and IP in the ${CHROOTDIR}/etc/hosts file."
echo
echo "######################################################################"
echo
fi

exit 0