#!/bin/sh

############
# CHANGELOG
#===========
# 2011/02/24    CRMS00295884    Claire Dechriste
#               reset CTL_ACTIVATE_CA_DEPLOYMENT if the usb key is not plugged or not valid
#
# 2011/04/05    CRMS00305684    Claire Dechriste
#               remove the reset to default value of WEBAPP_DEPLOYMENT_MODE
#
# 2011/04/12    CRMS00307047     C. DECHRISTE
#               move /etc/cert/Customer to /config/cert/Customer

mountLockFile="/tmp/.mountedFlash"
# usb init service
USB_INIT='/etc/init.d/usb'
# usb scanning timeout
USB_TIMEOUT=10
MOUNT_POINT="/mnt/removable/usb_disk"
CTL_USB=$(getICTinfo CTL UNSIGNED)
CTL="$MOUNT_POINT/$CTL_USB"

#CRMS00307047
CERT_CUSTOMER_DIR=cert/Customer/
. /etc/init.d/rc.config

start_usb()
{
# verify if usb service is started
    service=`$USB_INIT status`
    echo "USB service status=$service"
    if [ "$service" != "started" ]; then
	# start the service
	echo "Starting USB service ..."
	$USB_INIT start >/dev/null 2>&1

	# loop until USB_TIMEOUT is reached
	echo "Waiting for USB key mounting ..."
	timeout=$USB_TIMEOUT
	while [ $timeout -gt 0 ]; do
		# wait one second
		sleep 1

		# check for mount lock
		if [ -f "$mountLockFile" ]; then
			# lock has been found, we leave the timeout loop
			echo "USB key lock file has been found"
			break
		fi

		# decrementing the timer
		timeout=`expr $timeout - 1`
		echo "$timeout seconds remaining ..."
	done
    fi
}

#CRMS00307047+
#########################################
# create customer certificate directory
#########################################
mkdir -p $NV_ROOT/$CERT_CUSTOMER_DIR 2>/dev/null
#CRMS00307047-



##################################
# clean CTL_ACTIVATE_CA_DEPLOYMENT
##################################

activate_ca_deployment=`CLISettings get local CTL_ACTIVATE_CA_DEPLOYMENT`

if [ "$activate_ca_deployment" == "true" ]; then
    #verify that an usb key is mounted with a CTL on it
    #if yes, the signing process can continue, else clean up
    start_usb
    if [ ! -f $mountLockFile ]; then
        echo "CTL_ACTIVATE_CA_DEPLOYMENT is set to true and USB key not mounted">/dev/console
        echo "resetting CTL_ACTIVATE_CA_DEPLOYMENT to false">/dev/console
        CLISettings set local CTL_ACTIVATE_CA_DEPLOYMENT false
    elif [ ! -f $CTL ]; then
        echo "CTL_ACTIVATE_CA_DEPLOYMENT is set to true and ctl pem file on USB key does not exist">/dev/console
        echo "resetting CTL_ACTIVATE_CA_DEPLOYMENT to false">/dev/console
        CLISettings set local CTL_ACTIVATE_CA_DEPLOYMENT false
    fi
fi


######################
# build main CA
######################
/usr/sbin/cert/buildCA

#crms00305684: following lines are not needed as dmconfig clean is called in CTL erase command
# In case, the CTL is erased directly on the terminal after next reset
# Force webapp_deployment_mode to OPEN, when the terminal is in INSECURED state
#secure_mode=$(getICTinfo PKI STATUS DM)
#if [ "$secure_mode" == "INSECURED" ];then
#    CLISettings set DM WEBAPP_DEPLOYMENT_MODE OPEN
#fi
