#!/usr/bin/perl

use strict;
use warnings;
use perunServicesInit;
use perunServicesUtils;
use File::Basename;

local $::SERVICE_NAME = basename($0);
local $::PROTOCOL_VERSION = "3.1.0";
my $SCRIPT_VERSION = "3.0.1";

perunServicesInit::init;
my $data = perunServicesInit::getHashedHierarchicalData;
my $DIRECTORY = perunServicesInit::getDirectory;

our $A_PRINCIPALS;                    				*A_PRINCIPALS =                       		 		\'urn:perun:user:attribute-def:def:kerberosLogins';
our $A_MEMBER_STATUS;                 				*A_MEMBER_STATUS =                      			\'urn:perun:member:attribute-def:core:status';
our $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX;	*A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX =		\'urn:perun:resource:attribute-def:def:kerberosPrincipalsFileSuffix';

my $principalsDirectory = "$DIRECTORY/kerberos_renewal_principals";
mkdir $principalsDirectory or die "kerberos_renewal_principals directory can't be created: $!";

my $fileStructureWithData;

foreach my $resourceId ($data->getResourceIds()) {
	my $fileSuffix = $data->getResourceAttributeValue( resource => $resourceId, attrName => $A_RESOURCE_KERBEROS_PRINCIPALS_FILE_SUFFIX );
	my $fileName = $fileSuffix ? "kerberos_renewal_principals_${fileSuffix}" : "kerberos_renewal_principals";
	my %userPrincipals;
	foreach my $memberId ($data->getMemberIdsForResource( resource => $resourceId )) {
		next if $data->getMemberAttributeValue( member => $memberId, attrName => $A_MEMBER_STATUS ) ne 'VALID';
		for my $principal (@{$data->getUserAttributeValue( member => $memberId, attrName => $A_PRINCIPALS )}) {
			$userPrincipals{$principal} = 1;
		}
	}

	if (defined $fileStructureWithData->{$fileName}) {
		foreach my $key (keys %userPrincipals) {
			$fileStructureWithData->{$fileName}->{$key} = 1;
		}
	} else {
		$fileStructureWithData->{$fileName} = \%userPrincipals;
	}
}

foreach my $file (sort keys %$fileStructureWithData) {
	my $principals = $fileStructureWithData->{$file};
	my $service_file_name = "$principalsDirectory/$file";
	open SERVICE_FILE,">$service_file_name" or die "Cannot open $service_file_name: $! \n";

	print SERVICE_FILE "target_clients =\n";
	print SERVICE_FILE join("\n", sort keys %$principals), "\n";
	print SERVICE_FILE ";\n";

	close(SERVICE_FILE);
}

perunServicesInit::finalize;
