#!/bin/sh

#
# File upgrade
#
# Purpose: ECaccess upgrade script - 2011090601
#          (v2.0.1-v3.3.1 -> v4.0.0)
#
# This script will upgrade any Gateway from v2.0.1-v3.3.1
# to v4.0.0. The configuration will be imported from the
# initial installation. It is a safe upgrade, the initial
# ECaccess installation is not altered and the start-up
# scripts are not modified (to be done manually). If this
# is required the script can also handle simultaneously a
# Java upgrade (the Database is converted and the script
# also deals with the Java keystore conversion).
#
# To do the upgrade simply:
# - Copy this script to the bin directory of your existing
#   Gateway (e.g. ecaccess-v<version>/gateway/bin).
# - Run this script as the UID under which the Gateway
#   is running.
#
# In case of problem, a copy of the output of this script
# should be sent to ecaccess@ecmwf.int.
#
# (c) Copyright ECMWF 2011 - syi@ecmwf.int
#

###########################################################
## Part 1: You may want to change some of these definitions
###########################################################

#################################
## Commands used from this script
#################################
awk=awk
cat=cat
cd=cd
cp=cp
echo=echo
find=find
ftp=ftp
grep=grep
gunzip=gunzip
more=more
mv=mv
rm=rm
sed=sed
tar=tar

#######################################################################
## Part 2: You probably don't want to change anything beyond this point
#######################################################################

##############
## New version
##############
VERSION=ecaccess-v4.0.0

########################
## Current ECaccess home
########################
VXX_HOME=../..

####################
## New ECaccess home
####################
V40_HOME=$VXX_HOME/../$VERSION

###########################
## Read values from gateway
###########################
readGateway() {
  value=`$grep "^$1=" ./gateway | \
	$awk -F"=" '{printf($2)}' 2>/dev/null`
}

####################################
## Read values from ecmwf.properties
####################################
readProperties() {
  value=`$more $conf/ecmwf.properties | $sed -n '/^\['$1'\]/,/^\[/p' \
	| $grep "^$2=" | $awk -F"=" '{printf($2)}' 2>/dev/null`
}

#####################
## Set new properties
#####################
replace() {
  $more $file | $sed -e 's/'$1'/'$2'/g' > $file.replace
  $cp $file.replace $file
  $rm -f $file.replace
}

##########################
## Get params from gateway
##########################
readGateway java; export java; java=$value
readGateway ECACCESS_HOME; export ECACCESS_HOME; ECACCESS_HOME=$value

###############
## Java change?
###############

$echo ""
$echo "***********************************"
$echo "If you have installed a new version"
$echo "of Java and want to use it with the"
$echo "new ECaccess Gateway,  please enter"
$echo "the  full path  of the Java  binary"
$echo "file (e.g. /usr/java160/bin/java):"
$echo "***********************************"
$echo ""

$echo -n "Java binary (empty if no change): "
read JAVA

###################################
## Check Java is a valid executable
###################################
if [ "$JAVA" != "" -a ! -x "$JAVA" ]; then
  $echo "Not a valid Java binary. Exit 1"
  exit 1
fi

##################
## Set Java binary
##################
if [ "$JAVA" != "" -a "$JAVA" != "$java" ]; then
  $echo "Java binary update ..."
else
  JAVA=$java
fi

#############################
## Check if Java is supported
#############################
version=`$JAVA -version 2>&1`
is15X=`$echo $version | $grep "1.5"`
is16X=`$echo $version | $grep "1.6"`
if [ "$is15X" = "" -a "$is16X" = "" ]; then
  $echo ""
  $echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
  $echo "The ECaccess Gateway v4.0.0 support"
  $echo "only Java v1.5.x - v1.6.x. In order"
  $echo "to upgrade,  please first install a"
  $echo "newer release of Java."
  $echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!"
  $echo ""
  exit 1
fi


#######################
## Starting the upgrade
#######################
$echo ""
$echo "***********************************"
$echo "Upgrading the Gateway  installed in"
$echo "the following root directory:"
$echo ""
$echo $value
$echo ""
$echo "Please in case of problem email the"
$echo "script output to ecaccess@ecmwf.int"
$echo "***********************************"
$echo ""
$echo "Getting initial setup ... "

######################################
## Set values for ECACCESS directories
######################################
conf=$VXX_HOME/gateway/conf
lib=$VXX_HOME/gateway/lib
bin=$VXX_HOME/gateway/bin
db=$VXX_HOME/gateway/db
tmp=$VXX_HOME/gateway/tmp

#############################################
## Get Login parameters from ecmwf.properties
#############################################
readProperties Login hostName; export _hostName; _hostName=$value
readProperties Login password; export _password; _password=$value

#############################################
## Get Ports parameters from ecmwf.properties
#############################################
readProperties Ports ftp; export _ftp; _ftp=$value
readProperties Ports http; export _http; _http=$value
readProperties Ports https; export _https; _https=$value
readProperties Ports telnet; export _telnet; _telnet=$value
readProperties Ports callBack; export _callBack; _callBack=$value
readProperties Ports unimars; export _unimars; _unimars=$value
readProperties Ports database; export _database; _database=$value
readProperties Ports ssh; export _ssh; _ssh=$value

###################################################
## Get ProxySocket parameters from ecmwf.properties
###################################################
readProperties ProxySocket host; export _host; _host=$value

#################
## Check the host
#################
if [ "$_host" = "\${Login[ecaccessServer]}" ]; then
  readProperties Login ecaccessServer; export _host; _host=$value
fi

##############################################
## Get the external name from ecmwf.properties
##############################################
_rmiHostName=`$grep "^#property java.rmi.server.hostname=" $conf/ecmwf.properties \
	| $awk -F"=" '{printf($2)}' 2>/dev/null`

##########################
## Check the external name
##########################
if [ "$_rmiHostName" = "\${Login[externalAddress]}" ]; then
  readProperties Login externalAddress; export _rmiHostName; _rmiHostName=$value
fi

########################
## Default value for ssh
########################
if [ "$_ssh" = "" ]; then
  _ssh=9022
fi

#####################
## Display parameters
#####################
$echo " ->[Login]"
$echo "  hostName=$_hostName"
$echo "  password=$_password"
$echo " ->[Ports]"
$echo "  ftp=$_ftp"
$echo "  http=$_http"
$echo "  https=$_https"
$echo "  telnet=$_telnet"
$echo "  callBack=$_callBack"
$echo "  unimars=$_unimars"
$echo "  database=$_database"
$echo "  ssh=$_ssh"
$echo " ->[JNDI]"
$echo "  rmiHostname=$_rmiHostName"
$echo " ->[ProxySocket]"
$echo "  host=$_host"

$echo "Checking current installation ... "

##################################
## Check the ECaccess distribution
##################################
if [ ! -d $conf -o ! -d $lib -o ! -d $bin -o \
	! -d $tmp -o ! -d $db ]; then
  $echo "Not a valid initial ECaccess distribution. Exit 1"
  exit 1
fi

$echo "Loading ECaccess patch (few minutes) ... "

#####################################
## Load the new ECaccess distribution
#####################################
session=`$ftp -v -n -d 2>/dev/null <<****
open $_hostName $_ftp
quote USER dist
quote PASS 000000
binary
get /echome/ecaccess-gateway-v4.0.0.tar.gz $tmp/gw400.tar.gz
get /echome/upgrade.jar $tmp/upgrade.jar
bye
****`

$echo "Checking distribution ... "

#####################
## Analyse ftp output
#####################
if [ $? != 0 -o "`$echo "$session" | $grep '^226 T'`" = "" ]; then
  $echo "Patch loading error. Exit 2 ($session)"
  exit 2
fi

$echo "Stopping the Gateway ... "

###################################
## Make sure the gateway is stopped
###################################
stop=`./gateway stop`
if [ $? != 0 ]; then
  $echo "Error stopping the gateway. Exit 3 ($stop)"
  exit 3
fi

$echo "Converting the DataBase ... "

##################################
## Make sure the sql file is empty
##################################
$rm -f $tmp/convert.sql
$rm -f $tmp/encrypt.sql

#####################################
## Create the missing tables (v2.0.1)
#####################################
if [ "`$grep 'CREATE TABLE MSU_ECU' $db/ecaccess.script`" = "" ]; then
$cat >> $tmp/convert.sql <<****
CREATE TABLE MSU_ECU(MSU_NAME VARCHAR(128) NOT NULL,ECU_NAME VARCHAR(128) NOT NULL,CONSTRAINT SYS_PK_MSU_ECU PRIMARY KEY(MSU_NAME,ECU_NAME),CONSTRAINT SYS_FK_94 FOREIGN KEY(ECU_NAME) REFERENCES ECUSER(ECU_NAME),CONSTRAINT SYS_FK_95 FOREIGN KEY(MSU_NAME) REFERENCES MSUSER(MSU_NAME));
ALTER TABLE MSUSER ADD COLUMN ECD_NAME VARCHAR(128) DEFAULT 'genericFtp' BEFORE MSU_PASSWD;
ALTER TABLE MSUSER ADD COLUMN MSU_LOGIN VARCHAR(1024) DEFAULT NULL BEFORE MSU_PASSWD;
ALTER TABLE MSUSER ADD COLUMN MSU_DATA VARCHAR(1024) DEFAULT NULL;
ALTER TABLE MSUSER ADD CONSTRAINT SYS_FK_60 FOREIGN KEY(ECD_NAME) REFERENCES ECTRANS_DESTINATION(ECD_NAME);
UPDATE MSUSER SET MSU_DATA = NULL WHERE MSU_DATA = '';
UPDATE MSUSER SET MSU_LOGIN = MSU_NAME;
****
fi

##################################
## If HTTP_CONTEXT exist remove it
##################################
if [ "`$grep HTTP_CONTEXT $db/ecaccess.script`" != "" ]; then
$cat >> $tmp/convert.sql <<****
DROP TABLE HTTP_CONTEXT;
****
fi

###############################################
## Insert the SFTP module (v2.0.1 & v2.0.2_003)
###############################################
if [ "`$grep 'genericSftp' $db/ecaccess.script`" = "" ]; then
$cat >> $tmp/convert.sql <<****
INSERT INTO ECTRANS_MODULE VALUES('sftp','ecmwf.common.ectrans.module.JSftpModule','\${ecmwf.dir}/gateway/lib/ectrans',true);
INSERT INTO ECTRANS_DESTINATION VALUES('genericSftp','sftp','\$msuser[login]:\$msuser[passwd]@\$msuser[host]/\$msuser[dir]\$target',true,false,true,'Generic SFTP access from the gateway');
****
fi

#####################################
## Insert the FTPS module (<= v3.0.0)
#####################################
if [ "`$grep 'genericFtps' $db/ecaccess.script`" = "" ]; then
$cat >> $tmp/convert.sql <<****
INSERT INTO ECTRANS_MODULE VALUES('ftps','ecmwf.common.ectrans.module.FtpsModule','\${ecmwf.dir}/gateway/lib/ectrans',true);
INSERT INTO ECTRANS_DESTINATION VALUES('genericFtps','ftps','\$msuser[login]:\$msuser[passwd]@\$msuser[host]/\$msuser[dir]\$target',true,false,true,'Generic FTPS access from the gateway');
****
fi

###############################
## Recreate main logging tables
###############################
$cat >> $tmp/convert.sql <<****
DROP TABLE OJB_HL_SEQ;
DROP TABLE ECTRANS_HISTORY;
DROP TABLE EVENT;
DROP TABLE ACTIVITY;
CREATE TABLE ACTIVITY(ACT_ID NUMERIC NOT NULL PRIMARY KEY,ECU_NAME VARCHAR(128) NOT NULL,ACT_PLUGIN VARCHAR(1024) NOT NULL,ACT_HOST VARCHAR(1024),ACT_AGENT VARCHAR(1024),CONSTRAINT SYS_FK_53 FOREIGN KEY(ECU_NAME) REFERENCES ECUSER(ECU_NAME));
CREATE TABLE EVENT(EVE_ID NUMERIC NOT NULL PRIMARY KEY,ACT_ID NUMERIC NOT NULL,EVE_DATE DATE NOT NULL,EVE_TIME TIME NOT NULL,EVE_ACTION VARCHAR(1024) NOT NULL,EVE_COMMENT VARCHAR(1024),EVE_ERROR BIT NOT NULL,CONSTRAINT SYS_FK_65 FOREIGN KEY(ACT_ID) REFERENCES ACTIVITY(ACT_ID));
CREATE TABLE ECTRANS_HISTORY(ECH_ID NUMERIC NOT NULL PRIMARY KEY,ECD_NAME VARCHAR(128) NOT NULL,MSU_NAME VARCHAR(128) NOT NULL,ECH_DATE DATE NOT NULL,ECH_TIME TIME NOT NULL,ECH_LOCATION VARCHAR(1024),ECH_REMOTE VARCHAR(1024) NOT NULL,ECH_URL VARCHAR(1024),ECH_COMMENT VARCHAR(1024),ECH_ACTION VARCHAR(1024) NOT NULL,ECH_ERROR BIT NOT NULL,CONSTRAINT SYS_FK_88 FOREIGN KEY(ECD_NAME) REFERENCES ECTRANS_DESTINATION(ECD_NAME),CONSTRAINT SYS_FK_89 FOREIGN KEY(MSU_NAME) REFERENCES MSUSER(MSU_NAME));
CREATE TABLE OJB_HL_SEQ(TABLENAME VARCHAR(175) NOT NULL,MAX_KEY INTEGER,GRAB_SIZE INTEGER,VERSION INTEGER,CONSTRAINT SYS_PK_OJB_HL_SEQ PRIMARY KEY(TABLENAME));
****

#####################################
## Add genericExec module is required
#####################################
if [ "`$grep 'genericExec' $db/ecaccess.script`" = "" ]; then
$cat >> $tmp/convert.sql <<****
INSERT INTO ECTRANS_DESTINATION VALUES('genericExec','exec','\${ecmwf.dir}/gateway/ectrans/\$msuser[name]/\$msuser[dir]',true,false,false,'Save and execute scripts on the gateway');
****
fi

########################################
## ECtrans modules for gateways < v3.0.0
########################################
$cat >> $tmp/convert.sql <<****
UPDATE ECTRANS_DESTINATION SET ECD_VALUE = '\$msuser[login]:\$msuser[passwd]@\$msuser[host]/\$msuser[dir]\$target' WHERE ECD_NAME = 'genericFtp';
UPDATE ECTRANS_MODULE SET ECM_ARCHIVE = '\${ecmwf.dir}/gateway/lib/ectrans';
UPDATE ECTRANS_MODULE SET ECM_CLASSE = 'ecmwf.common.ectrans.FileModule' where ECM_NAME = 'file';
UPDATE ECTRANS_MODULE SET ECM_CLASSE = 'ecmwf.common.ectrans.module.ExecModule' where ECM_NAME = 'exec';
UPDATE ECTRANS_MODULE SET ECM_CLASSE = 'ecmwf.common.ectrans.module.FtpModule' where ECM_NAME = 'ftp';
UPDATE ECTRANS_MODULE SET ECM_CLASSE = 'ecmwf.common.ectrans.module.JSftpModule' where ECM_NAME = 'sftp';
****

####################################
## Decrypt the database and finalize
####################################
$cat >> $tmp/convert.sql <<****
UPDATE MSUSER SET MSU_PASSWD = "ecmwf.client.upgrade.Upgrade.decrypt"(MSU_PASSWD);
UPDATE MSUSER SET MSU_DATA = "ecmwf.client.upgrade.Upgrade.decrypt"(MSU_DATA);
SHUTDOWN COMPACT;
****

########
## Clean
########
$rm -fr $tmp/db

#######################
## Set the starter path
#######################
LIBPATH=
for n in `$find $lib/*.jar`; do
  LIBPATH=$LIBPATH":"$n
done

#######################
## Convert the database
#######################
$cp -r $db $tmp
$rm -f $tmp/db/ecaccess.lck
$more $db/ecaccess.script | $grep -v "INSERT INTO EVENT" | $grep -v "INSERT INTO ACTIVITY" | $grep -v "INSERT INTO ECTRANS_HISTORY" | \
	$grep -v "INSERT INTO HTTP_CONTEXT" > $tmp/db/ecaccess.script
convert=`$java -cp "$LIBPATH" \
        -Decmwf.dir=$VXX_HOME \
	-Decmwf.properties=$conf/ecmwf.properties \
	-Dlog4j.configuration=$conf/log4j.properties \
	ecmwf.common.starter.Starter "$conf:$lib/ext:$tmp/upgrade.jar" \
	org.hsqldb.util.ScriptTool \
	-database $tmp/db/ecaccess -script $tmp/convert.sql`

########
## Clean
########
$rm -f $tmp/convert.sql
$mv $tmp/db/ecaccess.script $tmp
$rm -fr $tmp/db

###################
## Check conversion
###################
if [ "`$echo $convert | $grep Error`" != "" ]; then
  $echo "DataBase conversion error. Exit 4 ($convert)"
  exit 4
fi

$echo "Installing new files ... "

#######################
## Decompress the patch
#######################
$rm -f $tmp/gw400.tar

##########################
## Gunzip the distribution
##########################
$gunzip $tmp/gw400.tar.gz
if [ $? != 0 ]; then
  $echo "Gunzip error. Exit 5"
  exit 5
fi

#########################
## Untar the distribution
#########################
$tar xf $tmp/gw400.tar
if [ $? != 0 ]; then
  $echo "Tar error. Exit 6"
  exit 6
fi

######################################
## Clean and move the new distribution
######################################
$rm -f $tmp/gw400.tar
$rm -fr $V40_HOME
$mv $VERSION $V40_HOME

$echo "Configuring new Gateway ... "

#############
## Copy files
#############
$mv $tmp/ecaccess.script $V40_HOME/gateway/db
$cp $conf/$_hostName.keystore $V40_HOME/gateway/conf

####################
## Update properties
####################
file=$V40_HOME/gateway/conf/ecmwf.properties
replace "^hostName=YourHostName" "hostName=$_hostName"
replace "^password=YourPassword" "password=$_password"
replace "^ftp=9021" "ftp=$_ftp"
replace "^http=9080" "http=$_http"
replace "^https=9443" "https=$_https"
replace "^telnet=9023" "telnet=$_telnet"
replace "^callBack=9000" "callBack=$_callBack"
replace "^unimars=9108" "unimars=$_unimars"
replace "^database=9090" "database=$_database"
replace "^ssh=9022" "ssh=$_ssh"
replace "^ecaccessServer=ecaccess.ecmwf.int" "ecaccessServer=$_host"
replace '^externalAddress=${Login[hostName]}' "hostname=$_rmiHostName"

############################
## Start the unimars plugin?
############################
if [ "`$grep '^unimars=ecmwf' $conf/ecmwf.properties`" != "" ]; then
  replace "^#unimars=ecmwf" "unimars=ecmwf"
  replace "^##include" "#include"
fi

############################
## Take care of the SSH keys
############################
if [ -f $conf/ssh/server-key.public -a -f $conf/ssh/server-key.private ]; then
  $echo "WARNING: ssh host key replaced (you might inform your users)!"
else
  if [ -f $conf/ssh/server-key.pub -a -f $conf/ssh/server-key ]; then
    $cp -f $conf/ssh/server-key.pub $V40_HOME/gateway/conf/ssh
    $cp -f $conf/ssh/server-key $V40_HOME/gateway/conf/ssh
  fi
fi

############################
## Create starter.properties
############################
file=$V40_HOME/gateway/conf/starter.properties
if [ "`$grep '^ADM_' $bin/gateway`" != "" ]; then
  $echo "starter.listenAddress=127.0.0.1" > $file
  $more $bin/gateway | $grep "^ADM_" >> $file
  replace "ADM_PORT" "starter.port"
  replace "ADM_USER" "starter.user"
  replace "ADM_PASSWORD" "starter.password"
  $echo "starter.addShutdownHook=true" >> $file
  $echo "starter.start=true" >> $file
else
  if [ -f $bin/starter.properties ]; then
    $more $bin/starter.properties > $file
    if [ "`$grep listenAddress $bin/starter.properties`" = "" ]; then
      $echo "starter.listenAddress=127.0.0.1" >> $file
    fi
  else
    if [ -f $conf/starter.properties ]; then
      $more $conf/starter.properties > $file
      if [ "`$grep listenAddress $conf/starter.properties`" = "" ]; then
        $echo "starter.listenAddress=127.0.0.1" >> $file
      fi
    fi
  fi
fi

##########################################
## Set values for new ECACCESS directories
##########################################
conf=$V40_HOME/gateway/conf
lib=$V40_HOME/gateway/lib
bin=$V40_HOME/gateway/bin
db=$V40_HOME/gateway/db

#######################
## Set the starter path
#######################
LIBPATH=
for n in `$find $lib/*.jar`; do
  LIBPATH=$LIBPATH":"$n
done

############################################
## Create the encryptdb script (if required)
############################################
$cat > $tmp/encrypt.sql <<****
UPDATE MSUSER SET MSU_PASSWD = "ecmwf.client.upgrade.Upgrade.encrypt"(MSU_PASSWD);
UPDATE MSUSER SET MSU_DATA = "ecmwf.client.upgrade.Upgrade.encrypt"(MSU_DATA);
SHUTDOWN COMPACT
****

#######################
## Convert the database
#######################
if [ -f $tmp/encrypt.sql ]; then
convert=`$JAVA -cp "$LIBPATH" \
        -Decmwf.dir=$V40_HOME \
	-Decmwf.properties=$conf/ecmwf.properties \
	-Dlog4j.configuration=$conf/log4j.properties \
	ecmwf.common.starter.Starter "$conf:$tmp/upgrade.jar:$lib/ext" \
	org.hsqldb.util.ScriptTool \
	-database $db/ecaccess -script $tmp/encrypt.sql`
fi

########
## Clean
########
$rm -f $tmp/encrypt.sql $tmp/upgrade.jar

###################
## Check conversion
###################
if [ "`$echo $convert | $grep Error`" != "" ]; then
  $echo "DataBase encryption error. Exit 4 ($convert)"
  exit 4
fi

########################
## Start the new Gateway
########################
$echo ""
$echo "***********************************"
$echo "Your new ECaccess Gateway  has been"
$echo "successfully  installed in the fol-"
$echo "lowing root directory:"
$echo ""
$echo "$V40_HOME"
$echo ""
$echo "Please, update the following script"
$echo "with the absolute path for ECACCESS"
$echo "HOME and the absolute path for your"
$echo "Java binary. Then make a copy of it"
$echo "in your 'init.d' directory:"
$echo ""
$echo "$V40_HOME/gateway/bin/gateway"
$echo ""
$echo "Your existing  ECaccess Gateway has"
$echo "been stopped. Please use your stan-"
$echo "dard  procedure to  start  the  new"
$echo "ECaccess gateway, usually through:"
$echo ""
$echo "./gateway start"
$echo ""
$echo "Refer to the  ECaccess  administra-"
$echo "tors guide for further details."
$echo "***********************************"
$echo ""

#######
## Done
#######
exit 0