#!/bin/bash

command="$1"

# Source function library.
. /etc/init.d/functions

PKI_REGISTRY_FILE=[PKI_REGISTRY_FILE]

# Enable nullglob, if set then shell pattern globs which do not match any
# file returns the empty string rather than the unmodified glob pattern.
shopt -s nullglob

OS=`uname -s`
ARCHITECTURE=`uname -i`

# Source values associated with this particular PKI instance
if [ -f $PKI_REGISTRY_FILE ]; then
    . ${PKI_REGISTRY_FILE}
else
    echo "No PKI registry file ($PKI_REGISTRY_FILE)"
    case $command in
        status)
            exit 4
            ;;
        *)
            exit 1
            ;;
    esac
fi

prog=$PKI_INSTANCE_ID
lockfile=$PKI_LOCK_FILE
pidfile=$PKI_PID_FILE


STARTUP_WAIT=30
SHUTDOWN_WAIT=30

start()
{
    rv=0

    echo -n $"Starting ${prog}: "

    if [ -f ${lockfile} ] ; then
	if [ -f ${pidfile} ]; then
	    read kpid < ${pidfile}
	    if checkpid $kpid 2>&1; then
		echo
		echo "${PKI_INSTANCE_ID} (pid ${kpid}) is already running ..."
		echo
                return 0
	    else
		echo
		echo -n "lock file found but no process "
		echo -n "running for pid $kpid, continuing"
		echo
		echo
		rm -f ${lockfile}
	    fi
	fi
    fi

    # restore context for ncipher hsm
    [ -x /sbin/restorecon ] && [ -d /dev/nfast ] && /sbin/restorecon -R /dev/nfast

    if [ ${ARCHITECTURE} = "x86_64" ] ; then
        # NOTE:  "daemon" is incompatible with "httpd" on 64-bit architectures
        LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS}
        rv=$?
    else
        LANG=${PKI_HTTPD_LANG} daemon ${httpd} ${PKI_OPTIONS}
        rv=$?
        # overwrite output from "daemon"
        echo -n $"Starting ${prog}: "
    fi

    if [ ${rv} = 0 ] ; then
	touch ${lockfile}
	chown ${PKI_USER}:${PKI_GROUP} ${lockfile}
	chmod 00600 ${lockfile}

	count=0;

	let swait=$STARTUP_WAIT
	until	[ -s ${pidfile} ] ||
	[ $count -gt $swait ]
	do
	    echo -n "."
	    sleep 1
	    let count=$count+1;
	done

	echo_success
        echo

	# Set permissions of log files
	for file in ${pki_logs_directory}/*; do
            if [ `basename $file` != "signedAudit" ]; then
	        chown ${PKI_USER}:${PKI_GROUP} ${file}
	        chmod 00640 ${file}
            fi
	done

        if [ -d ${pki_logs_directory}/signedAudit ]; then
	    for file in ${pki_logs_directory}/signedAudit/*; do
		chown ${PKI_USER} ${file}
		chmod 00640 ${file}
            done
        fi

    else
	echo_failure
        echo
    fi

	
    return ${rv}
}

stop()
{
    rv=0

    echo -n "Stopping ${prog}: "

    if [ -f ${lockfile} ] ; then
	${httpd} ${PKI_OPTIONS} -k stop
	rv=$?

	if [ ${rv} = 0 ]; then
	    count=0;
            
	    if [ -f ${pidfile} ]; then
		read kpid < ${pidfile}
		let kwait=$SHUTDOWN_WAIT
                
		until	[ `ps -p $kpid | grep -c $kpid` = '0' ] ||
		[ $count -gt $kwait ]
		do
		    echo -n "."
		    sleep 1
		    let count=$count+1;
		done
                
		if [ $count -gt $kwait ]; then
		    kill -9 $kpid
		fi
	    fi
            
	    rm -f ${lockfile}
	    rm -f ${pidfile}
            
	    echo_success
            echo
	else
	    echo_failure
            echo
	    rv=${default_error}
	fi
    else
	echo
	echo "process already stopped"
	rv=0
    fi
    
    return ${rv}
}

reload()
{
    rv=0
    
    echo -n $"Reloading ${prog}: "
    
    if ! LANG=${PKI_HTTPD_LANG} ${httpd} ${PKI_OPTIONS} -t >&/dev/null; then
	rv=$?
	echo $"not reloading due to configuration syntax error"
	failure $"not reloading ${httpd} due to configuration syntax error"
    else
	killproc -p ${pidfile} ${httpd} -HUP
	rv=$?
    fi
    echo

    return ${rv}
}

instance_status()
{
    status -p ${pidfile} ${prog}
    rv=$?
    return $rv
}

# See how we were called.
case $command in
    status)
        instance_status
        exit $?
        ;;
    start)
	start
	exit $?
	;;
    restart)
	restart
	exit $?
	;;
    stop)
	stop
	exit $?
	;;
    condrestart|force-restart|try-restart)
        [ ! -f ${lockfile} ] || restart
        exit $?
        ;;
    reload)
        echo "The 'reload' action is an unimplemented feature."
        exit 3
        ;;
    condrestart|force-restart|try-restart)
	[ ! -f ${lockfile} ] || restart
	exit $?
	;;
    *)
	echo "unknown action ($command)"
	exit 2
	;;
esac

