#!/usr/bin/perl
use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;

local $::SERVICE_NAME = "apache_shibboleth";
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $data = perunServicesInit::getHashedHierarchicalData;

my $dir = "$DIRECTORY/$::SERVICE_NAME";
mkdir $dir or die "Can't create dir $dir: $!";

#Constants
our $A_U_EPPNS;               *A_U_EPPNS =                 \'urn:perun:user:attribute-def:virt:eduPersonPrincipalNames';
our $A_U_D_NAME;              *A_U_D_NAME =                \'urn:perun:user:attribute-def:core:displayName';
our $A_R_APACHE_AUTHZ_FILE;   *A_R_APACHE_AUTHZ_FILE =     \'urn:perun:resource:attribute-def:def:apacheAuthzFile';

my $i = 0;

my %allApacheAuthzDirNames;

foreach my $resourceId ($data->getResourceIds()) {
	# Check if there are not two same apacheAuthzDirs
	my $apacheAuthzFile = $data->getResourceAttributeValue(attrName => $A_R_APACHE_AUTHZ_FILE, resource => $resourceId);
	if(defined $allApacheAuthzDirNames{$apacheAuthzFile}) {
		die "Duplicate apacheAuthzFile detected: $apacheAuthzFile";
	} else {
		$allApacheAuthzDirNames{$apacheAuthzFile} = $resourceId;
	}
}

foreach my $apacheAuthzFile (sort keys %allApacheAuthzDirNames) {
	my $resourceId = $allApacheAuthzDirNames{$apacheAuthzFile};

	$i++;
	my $authzFileDir = "$dir/$i";

	mkdir $authzFileDir or die "Can't create dir $authzFileDir: $!";

	my $pathFile = "$authzFileDir/path";

	open FILE,">$pathFile" or die "Cannot open $pathFile: $!";
	print FILE $apacheAuthzFile;
	close FILE or die "Cannot close $pathFile: $!";

	my $authzFile = "$authzFileDir/authz";
	open FILE,">$authzFile" or die "Cannot open $authzFile: $!";

	my @output = ();
	foreach my $memberId ($data->getMemberIdsForResource(resource => $resourceId)) {
		my @eppns = @{$data->getUserAttributeValue(attrName => $A_U_EPPNS, member => $memberId)};
		@eppns = sort @eppns;
		push @output, "require user " . join(" ", @eppns) . " # " . $data->getUserAttributeValue(attrName => $A_U_D_NAME, member => $memberId);
	}

	if(@output) {
		@output = map { convertNonAsciiToEscapedUtf8Form $_ }  @output;
		s/\\x/\\\\x/g foreach @output;  #replace \x with \\x  (escape unicode chars)
		@output = sort @output;
		print FILE join "\n", @output;
		print FILE "\n";
	}

	close(FILE) or die "Cannot close $authzFile: $!";
}

perunServicesInit::finalize;
