#! /bin/sh

#DEBUG=true
#SECURITY_DEBUG=true
#DEBUG=false

javapath=""
big=0
correctjavapath=""
version=0

getVersion() {
    javapath=$1/bin/java
    version=$($javapath -version  2>&1 >/dev/null | tr -d '"' | awk '/java version/{print $3 }')
    if $big -lt $version; then
            big=$version
            correctjavapath=$javapath
    fi
}

setjavalocation() {
  for i in /usr /usr/local /usr/java /usr/local/java /opt  /opt/java /opt ; do
      for j in $i/*sdk* $i/*jdk* $i/*java* $i/*jre* $i; do
         if [ -x $j/bin/java ] ; then
            getVersion $j
         fi
      done
  done
  java_location=$correctjavapath
}

args=$*

#Check if java already exists in PATH
if which java >/dev/null 2>&1; then
    java_location=java
else
    #If not, then check if JAVA_HOME is defined
    if [ -z "$JAVA_HOME" ]; then
        setjavalocation
    elif [ -x "$JAVA_HOME/bin/java" ]; then
        java_location="$JAVA_HOME/bin/java"
    else
        setjavalocation
    fi
fi
#If we find any of the dir above
if [ -z "$java_location" ]; then
    echo "JAVA_HOME not defined. java doesnot exist in PATH " >&2
    echo "Also java not found in usual places" >&2
    echo "Make sure java is installed. Exiting ..."  >&2
    return 1
fi

#echo "java_location is: $java_location"
if [ -z "$SRM_PATH" ]; then
    echo SRM_PATH is not set >&2
    exit 1
fi

SRM_CP="${SRM_PATH}/lib/*"

if [ -z "${SRM_JAVA_OPTIONS}" ]; then
    SRM_JAVA_OPTIONS="-Xms64m -Xmx178m -XX:+TieredCompilation -XX:TieredStopAtLevel=1"
fi

OPTIONS=" ${SRM_JAVA_OPTIONS} -Djava.protocol.handler.pkgs=org.globus.net.protocol"

SRMCP_OPTIONS=""
if [ "$DEBUG" = "true" ]; then
    OPTIONS=" ${OPTIONS} \"-Dlogback.configurationFile=${SRM_PATH}/conf/logback-axis.xml\""
    OPTIONS=" ${OPTIONS} -Delectric.logging=SOAP,HTTP"
elif [ "$SECURITY_DEBUG" = "true" ]; then
    OPTIONS=" ${OPTIONS} \"-Dlogback.configurationFile=${SRM_PATH}/conf/logback-security.xml\""
else
    OPTIONS=" ${OPTIONS} \"-Dlogback.configurationFile=${SRM_PATH}/conf/logback.xml\""
fi

if [ -n "$SRM_CONFIG" -a  "$SRM_CONFIG" != "NONE" -a  ! -f "$SRM_CONFIG" ]; then
    SRM_CONFIG_PARENT=$(dirname $SRM_CONFIG)
    mkdir -p "$SRM_CONFIG_PARENT"
fi


# if env variable for user proxy  is defined, use it
if [ -n "$X509_USER_PROXY" ]; then
    x509_user_proxy="$X509_USER_PROXY"
elif [ -r /tmp/x509up_u$(id -u) ]; then
    x509_user_proxy=/tmp/x509up_u$(id -u)
fi

if [ -n "$x509_user_proxy" ]; then
    SRMCP_OPTIONS="$SRMCP_OPTIONS -x509_user_proxy=$x509_user_proxy"
fi

if [ -n "$X509_CERT_DIR" ]; then
   x509_user_trusted_certs=$X509_CERT_DIR
elif [ -d "$HOME/.globus/certificates" ]; then
   x509_user_trusted_certs=$HOME/.globus/certificates
elif [ -d /etc/grid-security/certificates ]; then
   x509_user_trusted_certs=/etc/grid-security/certificates
else
   #use /etc/grid-security/certificates anyway
   x509_user_trusted_certs=/etc/grid-security/certificates
fi

if [ -n "$x509_user_proxy" ]; then
    SRMCP_OPTIONS="$SRMCP_OPTIONS -x509_user_trusted_certificates=$x509_user_trusted_certs"
fi

if [ -n "$SRM_CONFIG" -a "$SRM_CONFIG" != "NONE" ]; then
    if [ ! -f "$SRM_CONFIG" ]; then
      echo configuration file not found, configuring srmcp >&2
      use_proxy=true
      url_copy="$SRM_PATH/sbin/url-copy.sh"

      cmd="$java_location -cp $SRM_CP $OPTIONS gov.fnal.srm.util.SRMDispatcher \
        \"-urlcopy=$url_copy\" \
        -x509_user_proxy=$x509_user_proxy \
        -x509_user_key=$HOME/.globus/userkey.pem \
        -x509_user_cert=$HOME/.globus/usercert.pem \
        -x509_user_trusted_certificates=$x509_user_trusted_certs \
        -use_proxy=$use_proxy \
        \"-srmcphome=$SRM_PATH\" \
        -save_conf=$SRM_CONFIG \
        $args"

      if [ "$DEBUG" = "true" ]; then
          echo $cmd
      fi

      if $cmd; then
         echo "created configuration file in $SRM_CONFIG" >&2
      fi
   fi
fi

if [ -n "$SRM_CONFIG" -a  "$SRM_CONFIG" != "NONE" -a -f "$SRM_CONFIG" ]; then
    SRMCP_OPTIONS="-conf=$SRM_CONFIG $SRMCP_OPTIONS"
fi

for arg in "$@"; do
  case "$arg" in
      -delegate|-delegate=true)
          # CBC protection works around the TLS 1.0 BEAST attack; it does this by splitting the first
          # payload into a 1 byte and a n-1 byte chunk. This breaks GSI delegation for JGlobus as
          # JGlobus expects the certificate as a single TLS frame.
          OPTIONS="-Djsse.enableCBCProtection=false ${OPTIONS}"
          break
          ;;
  esac
done

cmd="$java_location $OPTIONS gov.fnal.srm.util.SRMDispatcher $SRMCP_OPTIONS $args"
if [ "$DEBUG" = "true" ]; then
    echo "CLASSPATH: $SRM_CP"
    echo
    echo "$cmd"
fi
CLASSPATH="$SRM_CP" sh -c "$cmd"

