#!/usr/bin/perl
use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;

local $::SERVICE_NAME = "apache_ssl";
local $::PROTOCOL_VERSION = "3.0.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $DIRECTORY = perunServicesInit::getDirectory;
my $data = perunServicesInit::getHashedHierarchicalData;

my $dir = "$DIRECTORY/$::SERVICE_NAME";
mkdir $dir or die "Can't create dir $dir: $!";

#Constants
our $A_U_CERT_DNS;            *A_U_CERT_DNS =              \'urn:perun:user:attribute-def:virt:userCertDNs';
our $A_R_APACHE_AUTHZ_FILE;   *A_R_APACHE_AUTHZ_FILE =     \'urn:perun:resource:attribute-def:def:apacheAuthzFile';

my $i = 0;

my %allApacheAuthzDirNames;

foreach my $resourceId ($data->getResourceIds()) {
	# Check if there are not two same apacheAuthzDirs
	my $apacheAuthzFile = $data->getResourceAttributeValue(attrName => $A_R_APACHE_AUTHZ_FILE, resource => $resourceId);
	if(defined $allApacheAuthzDirNames{$apacheAuthzFile}) {
		die "Duplicate apacheAuthzFile detected: $apacheAuthzFile";
	} else {
		$allApacheAuthzDirNames{$apacheAuthzFile} = $resourceId;
	}
}

foreach my $apacheAuthzFile (sort keys %allApacheAuthzDirNames) {
	my $resourceId = $allApacheAuthzDirNames{$apacheAuthzFile};

	$i++;
	my $authzFileDir = "$dir/$i";

	mkdir $authzFileDir or die "Can't create dir $authzFileDir: $!";

	my $pathFile = "$authzFileDir/path";

	open FILE,">$pathFile" or die "Cannot open $pathFile: $!";
	print FILE $apacheAuthzFile, "\n";
	close FILE or die "Cannot close $pathFile: $!";

	my $authzFile = "$authzFileDir/authz";
	open FILE,">$authzFile" or die "Cannot open $authzFile: $!";

	my @output = ();
	foreach my $memberId ($data->getMemberIdsForResource(resource => $resourceId)) {
		my $userCertDns = $data->getUserAttributeValue(attrName => $A_U_CERT_DNS, member => $memberId);
		foreach my $subjectDN (keys %$userCertDns) {
			my $caDN = $userCertDns->{$subjectDN};
			#strip prefixes from subjectDN
			my $subjectDNWithoutPrefix = $subjectDN;
			$subjectDNWithoutPrefix =~ s/^[0-9]+[:]//;
			push @output, '( %{SSL_CLIENT_I_DN} == "' . $caDN .'" && %{SSL_CLIENT_S_DN} == "' .  $subjectDNWithoutPrefix . '" )';
		}
	}

	if(@output) {
		@output = map { convertNonAsciiToEscapedUtf8Form $_ }  @output;
		s/\\x/\\\\x/g foreach @output;  #replace \x with \\x  (escape unicode chars)
		print FILE "SSLRequire \\\n";
		@output = sort @output;
		print FILE join " \\\n|| ", @output;
		print FILE "\n";
	}

	close(FILE) or die "Cannot close $authzFile: $!";
}

perunServicesInit::finalize;
