##@cooked comments # -*- coding: utf-8 mode: sh -*- vim:sw=4:sts=4:et:ai:si:sta:fenc=utf-8
## Support de la signature des jars pour WebObjects
##@cooked nocomments
##@require webobjects
uprovide wosign
urequire webobjects

WOSIGN_KEYSTORE=
WOSIGN_STOREPASS=
WOSIGN_KEYALIAS=

function wosign_setup_maybe() {
    WOSIGN_CONFDIR="$WOCONFIGURATION/Signatures"
    WOSIGN_CONF="$WOSIGN_CONFDIR/signature.conf"
    if [ -f "$WOSIGN_CONF" ]; then
        eval "$(
            keystore=
            storepass=
            keyalias=
            source "$WOSIGN_CONF"
            echo_setv WOSIGN_KEYSTORE "$keystore"
            echo_setv WOSIGN_STOREPASS "$storepass"
            echo_setv WOSIGN_KEYALIAS "$keyalias"
        )"

        [ -n "$WOSIGN_XTMPDIR" ] || ac_set_tmpdir WOSIGN_XTMPDIR
        [ -n "$WOSIGN_JTMPDIR" ] || ac_set_tmpdir WOSIGN_JTMPDIR
        return 0
    else
        return 1
    fi
}

function __issjar() {
    [ "${1%.sjar}" != "$1" ]
}

function __tosjar() {
    local jarname="$(basename "$1")"
    local jardir="${1%$jarname}"
    local sjarname= jarbn="$(basename "$jarname" .jar)"
    if [ "$jarbn" != "$jarname" ]; then
        sjarname="$jarbn.sjar"
    else
        sjarname="$jarname.sjar"
    fi
    echo "$jardir$sjarname"
}

function __tojar() {
    local jarname="$(basename "$1")"
    local jardir="${1%$jarname}"
    local jarbn="$(basename "$jarname" .sjar)"
    [ "$jarbn" != "$jarname" ] && jarname="$jarbn.jar"
    echo "$jardir$jarname"
}

function wosign_jar() {
    local default=1 sign= unsign=
    while [ -n "$1" ]; do
        case "$1" in
        -s) default=; sign=1;;
        -d) default=; unsign=1;;
        *) break;;
        esac
        shift
    done
    [ -n "$default" ] && sign=1

    local curdir="$(pwd)"
    local jar="$(abspath "$1")"
    local cjar="$WOSIGN_JTMPDIR/$(basename "$jar")"
    local sjar="$(__tosjar "$jar")"

    cd "$WOSIGN_XTMPDIR"
    rm -rf *
    jar xf "$jar"
    rm -f META-INF/*.{SF,RSA,DSA}

    jar cf "$cjar" *
    if [ -n "$unsign" ]; then
        cp "$cjar" "$jar"
    fi

    if [ -n "$sign" ]; then
        rm -f "$sjar"
        jarsigner -keystore "$WOSIGN_KEYSTORE" ${WOSIGN_STOREPASS:+-storepass "$WOSIGN_STOREPASS" }-signedjar "$sjar" "$cjar" $WOSIGN_KEYALIAS
    fi

    cd "$curdir"
}

function wosignable() {
    if [ -z "$WOSIGN_KEYSTORE" ]; then
        echo "Il faut spécifier le paramètre keystore"
        return 1
    elif [ -z "$WOSIGN_KEYALIAS" ]; then
        echo "Il faut spécifier le parammètre keyalias"
        return 1
    fi

    local srcdir="$1"
    if endswith "$srcdir" .woa; then
        srcdir="$srcdir/Contents/WebServerResources/Java"
    elif endswith "$1" .framework; then
        srcdir="$srcdir/WebServerResources/Java"
    fi
    if [ -d "$srcdir" ]; then
        if [ -z "$(list_files "$srcdir" "*.jar")" ]; then
            echo "Il n'y a pas de jars à signer"
            return 1
        fi
    elif [ -f "$srcdir" ]; then
        if ! endswith "$srcdir" .jar; then
            echo "Le fichier spécifié n'est pas un jar"
            return 1
        fi
    else
        echo "Il faut spécifier un répertoire ou un jar individuel"
        return 1
    fi
}

function __may_sign() {
    # Si l'option -f est spécifiée, retourner true
    # Si ce jar a une version signée associée, retourner true
    # Si ce jar n'a pas de version signée associée, retourner true
    # Si ce jar est la version signée d'un autre jar, retourner false
    [ "$1" != "-f" ] && __issjar "$1" && [ -f "$(__tojar "$1")" ] && return 1
    return 0
}

function __should_sign() {
    # Si l'option -f est spécifiée, retourner true
    # Sinon retourner true si la version signée n'existe pas
    # On assume que __may_sign est vrai.
    [ "$1" != "-f" ] && [ -f "$(__tosjar "$1")" ] && return 1
    return 0
}

function wosign() {
    # Signer un bundle, les jars d'un répertoire, ou un jar
    # L'option -f force la resignature des jars d'un répertoire ou d'un
    # bundle. Elle force aussi la signature d'un jar, même s'il semble qu'il
    # soit la version signée d'un autre jar
    # on présuppose que wosignable a retourné true
    local default=1 sign= unsign= resign=
    while [ -n "$1" ]; do
        case "$1" in
        -s) default=; sign=1;;
        -d) default=; unsign=1;;
        -f) resign=1;;
        *) break;;
        esac
        shift
    done
    [ -n "$default" ] && sign=1

    local srcdir="$1"
    local candidates jars jar jarname jardir

    if endswith "$srcdir" .woa; then
        srcdir="$srcdir/Contents/WebServerResources/Java"
    elif endswith "$1" .framework; then
        srcdir="$srcdir/WebServerResources/Java"
    fi

    if [ -d "$srcdir" ]; then
        array_from_lines candidates "$(list_files "$srcdir" "*.jar")"
        jars=()
        for jar in "${candidates[@]}"; do
            __may_sign "$srcdir/$jar" && jars=("${jars[@]}" "$srcdir/$jar")
        done
        for jar in "${jars[@]}"; do
            if __should_sign ${resign:+-f }"$jar"; then
                ebegin "$(ppath "$jar")"
                wosign_jar ${sign:+-s }${unsign:+-d }"$jar" &
                ewait $!
                eend
            fi
        done
    elif [ -f "$srcdir" ]; then
        jar="$srcdir"
        if ! __may_sign ${resign:+-f }"$jar"; then
            jardir="$(dirname "$jar")"
            jarname="$(basename "$jar")"
            eerror "$(ppath "$jar"): Ce jar est la version signée de $(ppath "$jardir/${jarname#s}")"
        elif __should_sign ${resign:+-f }"$jar"; then
            ebegin "$(ppath "$jar")"
            wosign_jar ${sign:+-s }${unsign:+-d }"$jar" &
            ewait $!
            eend
        fi
    fi
}