#!/bin/bash

# Prepare a deployment for execution:
# * generate the configuration and setup database
# * put keys in the right place
# * set bank password for the exchange
# * sign the exchange's wire response
# * run some sanity checks (FIXME: not done yet!)

set -eu

source "$HOME/activate"

# $1 = {yes,no} indicates WITH_DB_RESET.  Defaults to no.
# Helps avoiding color Y destroying the DB while color X is in
# production.
WITH_DB_RESET=${1-no}

if [[ -z ${TALER_ENV_NAME+x} ]]; then
  echo "TALER_ENV_NAME not set"
  exit 1
fi

if [[ -z ${TALER_CONFIG_CURRENCY+x} ]]; then
  echo "TALER_CONFIG_CURRENCY not set"
  exit 1
fi

# The script stops what started along the flow.
# This function should help against processes left
# somehow running.
function stop_running() {
  taler-deployment-stop
  for n in `jobs -p`
  do
      kill $n 2> /dev/null || true
  done
  wait
}

trap "stop_running" EXIT

function generate_config() {
  EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")

  mkdir -p "$HOME/.config"

  taler-deployment-config-generate \
    --exchange-pub "$EXCHANGE_PUB" \
    --currency "$TALER_CONFIG_CURRENCY" \
    --outdir "$HOME/.config" \
    --envname "$TALER_ENV_NAME" \
    --frontends-apitoken "$TALER_ENV_FRONTENDS_APITOKEN"
}

##
## Step 1: Generate config
##

case $TALER_ENV_NAME in
  tanker|demo|test|int|local)
    generate_config
    ;;
  *)
    echo "Not generating config for env $TALER_ENV_NAME"
    ;;
esac

##
## Step 1b: initialize database
##

if test $WITH_DB_RESET = yes; then
  taler-exchange-dbinit --reset
fi

##
## Step 2: Copy key material and update denom keys
##

# For demo, make sure the link to shared data between demo-blue and demo-green is
# set up properly.
case $TALER_ENV_NAME in
  demo)
    echo "linking taler-data"
    ln -sfT ~demo/shared-data ~/taler-data
    # Check if we won't mess up permissions later
    if [[ ! -g ~/taler-data ]]; then
      echo "the shared-data directory should have the set-group-id bit set"
      exit 1
    fi
  ;;
esac

case $TALER_ENV_NAME in
  demo|test|int|local)
    EXCHANGE_PUB=$(gnunet-ecc -p "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv")
    EXCHANGE_PRIV_FILE=$(taler-config -f -s exchange-offline -o master_priv_file)
    if [[ -e "$EXCHANGE_PRIV_FILE" ]]; then
      EXCHANGE_PUB2=$(gnunet-ecc -p "$EXCHANGE_PRIV_FILE")
      if [[ "$EXCHANGE_PUB" != "$EXCHANGE_PUB2" ]]; then
        echo "Warning: Different exchange private key already exists, not copying"
      fi
    else
      mkdir -p "$(dirname "$EXCHANGE_PRIV_FILE")"
      cp "$HOME/deployment/private-keys/${TALER_ENV_NAME}-exchange-master.priv" "$EXCHANGE_PRIV_FILE"
    fi
    ;;
  *)
    echo "Not copying key material for env $TALER_ENV_NAME"
    ;;
esac

EXCHANGE_MASTER_PUB=$(taler-config -s exchange -o master_public_key)
taler-auditor-exchange \
  -m "$EXCHANGE_MASTER_PUB" \
  -u "$(taler-config -s exchange -o base_url)" || true

# Make configuration accessible to auditor
chmod 750 "$HOME/.config"


##
## Step 3: Set up the exchange key material
##

taler-deployment-arm -s

# Quickly start+shutdown exchange httpd and crypto SM helpers
taler-deployment-arm -i taler-exchange
taler-deployment-arm -i taler-exchange-secmod-rsa
taler-deployment-arm -i taler-exchange-secmod-eddsa

sleep 2 # FIXME: poll keys?
if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
    echo "Exchange didn't start, cannot set up keys"
    exit 1
fi
if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
    echo "Exchange (RSA module) didn't start, cannot set up keys."
    exit 1
fi

if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
    echo "Exchange (EDDSA module) didn't start, cannot set up keys."
    exit 1
fi

taler-exchange-offline download sign upload

payto_uri=$(taler-config -s exchange-account-1 -o payto_uri)
taler-exchange-offline enable-account "$payto_uri" upload

# Set up wire fees for next 5 years
year=$(date +%Y)
curr=$TALER_CONFIG_CURRENCY
for y in $(seq $year $((year + 5))); do
  taler-exchange-offline wire-fee $y x-taler-bank "$curr:0.01" "$curr:0.01" upload
done

taler-deployment-arm -k taler-exchange
taler-deployment-arm -k taler-exchange-secmod-rsa
taler-deployment-arm -k taler-exchange-secmod-eddsa

# Give time to store to disk.
sleep 5

##
## Step 4:  Set up the bank
##

# Delete existing data from bank.
if test $WITH_DB_RESET = yes; then
  echo "yes" | taler-bank-manage django flush
fi

case $TALER_ENV_NAME in
  demo|test|int|local|tanker)
    taler-bank-manage django provide_accounts
    taler-bank-manage django changepassword_unsafe Exchange x
    taler-bank-manage django changepassword_unsafe Survey x
    ;;
  *)
    echo "Not setting unsafe Exchange bank account password for env $TALER_ENV_NAME"
    ;;
esac


##
## Step 5: Adjust some permissions
##

case $TALER_ENV_NAME in
  demo|test|int)
    # Make sure the web server can read ~/local
    chmod og+rx ~/local

    # Make sure that shared files created by this user
    # are group writable and readable.
    find ~/taler-data/ -user "$USER" -exec chmod g+rw {} \;
    ;;
  *)
    ;;
esac

##
## Step 6: Set up merchant
##

if test $WITH_DB_RESET = yes; then
  taler-merchant-dbinit --reset
else
  taler-merchant-dbinit
fi

# Making sure ARM is not running yet.
taler-deployment-arm -e

# Need the following services to config instances and tip reserve:
taler-deployment-arm -s
taler-deployment-arm -i taler-merchant
taler-deployment-arm -i taler-demobank

taler-deployment-arm -i taler-exchange
taler-deployment-arm -i taler-exchange-secmod-rsa
taler-deployment-arm -i taler-exchange-secmod-eddsa
sleep 5

if ! taler-deployment-arm -I | grep "^taler-merchant" | grep "status=started" > /dev/null; then
    echo "Merchant didn't start, cannot configure instances / create tip reserve."
    exit 1
fi

if ! taler-deployment-arm -I | grep "^taler-demobank" | grep "status=started" > /dev/null; then
    echo "Bank didn't start, cannot create tip reserve."
    exit 1
fi

if ! taler-deployment-arm -I | grep "^taler-exchange" | grep "status=started" > /dev/null; then
    echo "Exchange didn't start, cannot create tip reserve."
    exit 1
fi

if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-rsa" | grep "status=started" > /dev/null; then
    echo "Exchange (RSA module) didn't start, cannot create tip reserve."
    exit 1
fi

if ! taler-deployment-arm -I | grep "^taler-exchange-secmod-eddsa" | grep "status=started" > /dev/null; then
    echo "Exchange (EDDSA module) didn't start, cannot create tip reserve."
    exit 1
fi

echo "Configuring instances"
taler-deployment-config-instances

echo "Creating tip reserve"
taler-deployment-config-tips

taler-deployment-arm -k taler-merchant
taler-deployment-arm -k taler-demobank
taler-deployment-arm -k taler-exchange
taler-deployment-arm -k taler-exchange-secmod-rsa
taler-deployment-arm -k taler-exchange-secmod-eddsa
taler-deployment-arm -e

##
## Step 7: Set up anastasis
##

anastasis-dbinit