#!/bin/sh
#
# altsign-agent-module    Alt signer module agent daemon
#
# chkconfig: - 90 10
# description: Agent daemon for altsign-agent module signing service. \
#              Provides secure access to remote code signing server.
# processname: altsign-agent
# config: /etc/sysconfig/altsign-agent-module
# pidfile: /var/run/altsign-agent-module/altsign-agent-module.pid

# Do not load RH compatibility interface.
WITHOUT_RC_COMPAT=1

# Source function library.
. /etc/init.d/functions

NAME=altsign-agent-module
DAEMON=/usr/bin/altsign-agent
DAEMON_USER=altsign-module
DAEMON_GROUP=altsign-module
LOCKFILE=/var/lock/subsys/$NAME
RUNDIR=/run/altsign-module
PIDFILE=$RUNDIR/$NAME.pid
RETVAL=0

# Source config
SourceIfNotEmpty /etc/sysconfig/$NAME

# Check required parameter
check_config() {
    if [ -z "$ALTSIGN_AGENT_SERVER" ]; then
        echo "$NAME: ALTSIGN_AGENT_SERVER is not set in /etc/sysconfig/$NAME" >&2
        return 1
    fi
    return 0
}

# Admin group (hardcoded, must match tmpfiles.d configuration)
ADMIN_GROUP=altsign-module-admin

# Build command line arguments from config
build_daemon_opts() {
    DAEMON_OPTS="--module --server $ALTSIGN_AGENT_SERVER"

    # Admin group
    DAEMON_OPTS="$DAEMON_OPTS --admin-group $ADMIN_GROUP"

    # Syslog enabled by default, disabled only if explicitly set to 0/no/false
    case "${ALTSIGN_AGENT_SYSLOG:-1}" in
        0|[Nn]o|[Nn][Oo]|[Ff]alse|[Ff][Aa][Ll][Ss][Ee]) ;;
        *) DAEMON_OPTS="$DAEMON_OPTS --syslog" ;;
    esac

    # Verbose enabled by default, disabled only if explicitly set to 0/no/false
    case "${ALTSIGN_AGENT_VERBOSE:-1}" in
        0|[Nn]o|[Nn][Oo]|[Ff]alse|[Ff][Aa][Ll][Ss][Ee]) ;;
        *) DAEMON_OPTS="$DAEMON_OPTS --verbose" ;;
    esac

    # Optional socket paths
    [ -n "$ALTSIGN_AGENT_SOCKET" ] && DAEMON_OPTS="$DAEMON_OPTS --socket $ALTSIGN_AGENT_SOCKET"
    [ -n "$ALTSIGN_AGENT_SESSION_SOCKET" ] && DAEMON_OPTS="$DAEMON_OPTS --session-socket $ALTSIGN_AGENT_SESSION_SOCKET"
}

start() {
    check_config || return 1
    build_daemon_opts

    # Create runtime directories
    mkdir -p "$RUNDIR"
    chown "$DAEMON_USER:$ADMIN_GROUP" "$RUNDIR"
    chmod 0750 "$RUNDIR"

    mkdir -p "$RUNDIR/session"
    chown "$DAEMON_USER:$DAEMON_GROUP" "$RUNDIR/session"
    chmod 0750 "$RUNDIR/session"

    mkdir -p "$RUNDIR/session/sockdir"
    chown "$DAEMON_USER:$DAEMON_GROUP" "$RUNDIR/session/sockdir"
    chmod 0755 "$RUNDIR/session/sockdir"

    start_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" \
        --user "$DAEMON_USER" --make-pidfile -- \
        "$DAEMON" $DAEMON_OPTS
    RETVAL=$?
    return $RETVAL
}

stop() {
    stop_daemon --pidfile "$PIDFILE" --lockfile "$LOCKFILE" -- "$DAEMON"
    RETVAL=$?
    return $RETVAL
}

restart() {
    stop
    start
}

# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        restart
        ;;
    condstop)
        if [ -e "$LOCKFILE" ]; then
            stop
        fi
        ;;
    condrestart)
        if [ -e "$LOCKFILE" ]; then
            restart
        fi
        ;;
    status)
        status --pidfile "$PIDFILE" -- "$DAEMON"
        RETVAL=$?
        ;;
    *)
        msg_usage "${0##*/} {start|stop|restart|condstop|condrestart|status}"
        RETVAL=1
esac

exit $RETVAL
