#!/bin/sh

SOFTHSM_UTIL=/usr/bin/softhsm2-util
export SOFTHSM_UTIL

check_root() {
	id|grep root >/dev/null 2>&1
	if [ $? != 0 ];then
		echo "This command can only be run by the administrator"
		exit 1
	fi
}

case "$1" in
  "status")
	grep forbidden_functions /etc/pkcs11proxyd/filter-softhsm.conf|grep C_Create >/dev/null 2>&1
	if test "$?" = 0;then
		echo locked
	else
		echo unlocked
	fi
	;;
  "add")
  	check_root

	if test -z "$2";then
		echo "You need to provide the name of the token to add"
		exit 1
	fi
	label=$2

	set -e
	SOFTHSM2_CONF=/var/lib/pkcs11proxyd/softhsm.conf
	export SOFTHSM2_CONF
	su pkcs11proxyd -p -s /bin/sh <<__EOF__
#!/bin/sh
SLOT=`$SOFTHSM_UTIL --show-slots|grep ^Slot|tail -1|cut -d ' ' -f 2`
if test -z "\$SLOT";then
	echo "Cannot determine an empty slot"
	exit 1
fi
$SOFTHSM_UTIL --init-token --slot \$SLOT --label "$label"
__EOF__

	;;
  "lock")
	check_root

	ln -sf /var/lib/pkcs11proxyd/filter-softhsm-locked.conf /etc/pkcs11proxyd/filter-softhsm.conf
	systemctl restart pkcs11proxyd-softhsm
	;;
  "unlock")
  	check_root

	ln -sf /var/lib/pkcs11proxyd/filter-softhsm-unlocked.conf /etc/pkcs11proxyd/filter-softhsm.conf
	systemctl restart pkcs11proxyd-softhsm
	;;
  *)
	echo "$0: [status|lock|unlock]"
	echo "$0: [add] token-name"
	;;
esac

exit 0
