#!/bin/bash

set -e

KATELLO_SERVER=capsule.8htcb.sandbox2425.opentlc.com
PORT=443

KATELLO_SERVER_CA_CERT=katello-server-ca.pem
KATELLO_DEFAULT_CA_CERT=katello-default-ca.pem

CERT_DIR=/etc/rhsm/ca
PREFIX=/rhsm
CFG=/etc/rhsm/rhsm.conf
CFG_BACKUP=$CFG.kat-backup
CA_TRUST_ANCHORS=/etc/pki/ca-trust/source/anchors

read -r -d '' KATELLO_DEFAULT_CA_DATA << EOM || true
-----BEGIN CERTIFICATE-----
MIIHBTCCBO2gAwIBAgIUJ/b7VoVCHkiJ+E6xGfTqo9pGWmowDQYJKoZIhvcNAQEL
BQAwgYMxCzAJBgNVBAYTAlVTMRcwFQYDVQQIDA5Ob3J0aCBDYXJvbGluYTEQMA4G
A1UEBwwHUmFsZWlnaDEQMA4GA1UECgwHS2F0ZWxsbzEUMBIGA1UECwwLU29tZU9y
Z1VuaXQxITAfBgNVBAMMGHNhdGVsbGl0ZS5zeGZmMi5pbnRlcm5hbDAeFw0yNDEx
MDQxNDQ0MjJaFw0zODAxMTgxNDQ0MjJaMIGDMQswCQYDVQQGEwJVUzEXMBUGA1UE
CAwOTm9ydGggQ2Fyb2xpbmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB0th
dGVsbG8xFDASBgNVBAsMC1NvbWVPcmdVbml0MSEwHwYDVQQDDBhzYXRlbGxpdGUu
c3hmZjIuaW50ZXJuYWwwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDn
7tV/UUjn05RthwTFMUbOwSQUu4UY/keE0Z70ShY4IkbDwccn5JutXyWyAviq7xUp
iYfxWcC96USOYCsli/XVBO6Uz//cA9RjWy1AWcAD9Sp6OtFVos5oXscMrR+m/beY
1nPdx4jkAIs53N8oSxVs2hds6BPHNWYkhUuuNBbshchvGKenJ0BeyQSTrOK9oSCa
H/SFe/AO1GEB2kz4uLW1hK3ZmoCxdCHwWl5WYwwInF0QYV3T7xI75L0pyrN9EMO4
idHXqzy4X40s88QtKwrOM7+ckLSV63pRYCoGcDq1uLwZykrgwJH6bLZeTXhYuJx6
/d/PasmgdmCaKGjF6oSTnjaMQ45m0qyKtc3ieN/+ckFj3SW1qYTcWyTikL9bpdyp
pQHuaeEfFs12hJ/OCFcH31wCWpAJKHtb3mlld7RWnr8ZmiBlI/OXkCcAlmkYPeMP
zWnFQbSltCTVfCiGSTwNr90YpoXoumP87AQTuaY2zs3xVT1VkyvfOY7pKW43I7Hd
r7xBRjmAXTRlpp/KmdKyGqboWKvao7FyjMCEsPsLFx3313XbrfLu7vJXJ+7nqRNC
c8sH9TKBvAgXPHtuv9l5yEsP6MNKtBg2ysSJJmFek7rdmQQrc5hhjKtJY/+RmlzT
aNCO/ZW/iFT+NPxJI9RpVTd8uIs0ISJNZggCJNxgHQIDAQABo4IBbTCCAWkwDAYD
VR0TBAUwAwEB/zALBgNVHQ8EBAMCAaYwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsG
AQUFBwMCMBEGCWCGSAGG+EIBAQQEAwICRDA1BglghkgBhvhCAQ0EKBYmS2F0ZWxs
byBTU0wgVG9vbCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFFLvjGIp
DF29b1n+Ft9HeJHPcIVIMIHDBgNVHSMEgbswgbiAFFLvjGIpDF29b1n+Ft9HeJHP
cIVIoYGJpIGGMIGDMQswCQYDVQQGEwJVUzEXMBUGA1UECAwOTm9ydGggQ2Fyb2xp
bmExEDAOBgNVBAcMB1JhbGVpZ2gxEDAOBgNVBAoMB0thdGVsbG8xFDASBgNVBAsM
C1NvbWVPcmdVbml0MSEwHwYDVQQDDBhzYXRlbGxpdGUuc3hmZjIuaW50ZXJuYWyC
FCf2+1aFQh5IifhOsRn06qPaRlpqMA0GCSqGSIb3DQEBCwUAA4ICAQBxyNMPbd28
GCdj2pfD+ouDKhto0uXGJZ54MQZi0WcTF9ZwDNFADrz0Wso5nT1cZtgZ6ps3ZjWQ
y4opU3SHEd6axkKpZTcBYX4/dmMMGTa0NDtm9ghK/CDeqJSLqTdbCGyAiFSdXgUJ
/Gb9ddSueXtXdCybnjjZKs1WdYloIN+CQjgBdLyqg/mIqbL0rgn1vU4zxiiiUHI3
EHQ8duJOXAq+dRKWMR1hk+mD6WnYbaqMZqmG4qTba6WviYh0rLX02tQRYDVJzuei
1nRA9fKdqMai7xjE7FbLku0hcaZM9ivchRpQLkSfb8d4HExFqez+VwFTwMJony++
872CBhZw1+Qs6fmtSt1Dbs1ZeALDIMDPo9ps/bcmUmycknGFyBk+oLVyOBzppltT
7CBIcGwpESY4GIpsLvdYkPhhxsekaOBUUBxnydYfU934RXqB1xH3lqL0el4d7D68
XqLHC+rXPZj9IBAs9QkCUCdfs+94yvr5DxJYIfnCdhirQVkqdsltELtsHbk81r+9
vcMMEsGknoou7TvtWNCwyFEGlrR+IqNYQQIf+Y+KyXzWJf2pSSiQ/ApGO5xGWJyd
bQRl9jCtlfGXlvwlMD7EVBCWxA+Hfc+sOj3N5jkt+ef6w/00bu9alUT+AjHaNErw
B600Sv8N33+fkgpiCwXnSgdHUnVQ5gAl/A==
-----END CERTIFICATE-----

EOM

read -r -d '' KATELLO_SERVER_CA_DATA << EOM || true
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFBjCCAu6gAwIBAgIRAMISMktwqbSRcdxA9+KFJjwwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjQwMzEzMDAwMDAw
WhcNMjcwMzEyMjM1OTU5WjAzMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDEMMAoGA1UEAxMDUjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
CgKCAQEA2pgodK2+lP474B7i5Ut1qywSf+2nAzJ+Npfs6DGPpRONC5kuHs0BUT1M
5ShuCVUxqqUiXXL0LQfCTUA83wEjuXg39RplMjTmhnGdBO+ECFu9AhqZ66YBAJpz
kG2Pogeg0JfT2kVhgTU9FPnEwF9q3AuWGrCf4yrqvSrWmMebcas7dA8827JgvlpL
Thjp2ypzXIlhZZ7+7Tymy05v5J75AEaz/xlNKmOzjmbGGIVwx1Blbzt05UiDDwhY
XS0jnV6j/ujbAKHS9OMZTfLuevYnnuXNnC2i8n+cF63vEzc50bTILEHWhsDp7CH4
WRt/uTp8n1wBnWIEwii9Cq08yhDsGwIDAQABo4H4MIH1MA4GA1UdDwEB/wQEAwIB
hjAdBgNVHSUEFjAUBggrBgEFBQcDAgYIKwYBBQUHAwEwEgYDVR0TAQH/BAgwBgEB
/wIBADAdBgNVHQ4EFgQUALUp8i2ObzHom0yteD763OkM0dIwHwYDVR0jBBgwFoAU
ebRZ5nu25eQBc4AIiMgaWPbpm24wMgYIKwYBBQUHAQEEJjAkMCIGCCsGAQUFBzAC
hhZodHRwOi8veDEuaS5sZW5jci5vcmcvMBMGA1UdIAQMMAowCAYGZ4EMAQIBMCcG
A1UdHwQgMB4wHKAaoBiGFmh0dHA6Ly94MS5jLmxlbmNyLm9yZy8wDQYJKoZIhvcN
AQELBQADggIBAI910AnPanZIZTKS3rVEyIV29BWEjAK/duuz8eL5boSoVpHhkkv3
4eoAeEiPdZLj5EZ7G2ArIK+gzhTlRQ1q4FKGpPPaFBSpqV/xbUb5UlAXQOnkHn3m
FVj+qYv87/WeY+Bm4sN3Ox8BhyaU7UAQ3LeZ7N1X01xxQe4wIAAE3JVLUCiHmZL+
qoCUtgYIFPgcg350QMUIWgxPXNGEncT921ne7nluI02V8pLUmClqXOsCwULw+PVO
ZCB7qOMxxMBoCUeL2Ll4oMpOSr5pJCpLN3tRA2s6P1KLs9TSrVhOk+7LX28NMUlI
usQ/nxLJID0RhAeFtPjyOCOscQBA53+NRjSCak7P4A5jX7ppmkcJECL+S0i3kXVU
y5Me5BbrU8973jZNv/ax6+ZK6TM8jWmimL6of6OrX7ZU6E2WqazzsFrLG3o2kySb
zlhSgJ81Cl4tv3SbYiYXnJExKQvzf83DYotox3f0fwv7xln1A2ZLplCb0O+l/AK0
YE0DS2FPxSAHi0iwMfW2nNHJrXcY3LLHD77gRgje4Eveubi2xxa+Nmk/hmhLdIET
iVDFanoCrMVIpQ59XWHkzdFmoHXHBV7oibVjGSO7ULSQ7MJ1Nz51phuDJSgAIU7A
0zrLnOrAj/dfrlEWRhCvAgbuwLZX1A2sjNjXoPOHbsPiy+lO1KF8/XY7
-----END CERTIFICATE-----

-----BEGIN CERTIFICATE-----
MIIFBTCCAu2gAwIBAgIQWgDyEtjUtIDzkkFX6imDBTANBgkqhkiG9w0BAQsFADBP
MQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFy
Y2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBYMTAeFw0yNDAzMTMwMDAwMDBa
Fw0yNzAzMTIyMzU5NTlaMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBF
bmNyeXB0MQwwCgYDVQQDEwNSMTMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQClZ3CN0FaBZBUXYc25BtStGZCMJlA3mBZjklTb2cyEBZPs0+wIG6BgUUNI
fSvHSJaetC3ancgnO1ehn6vw1g7UDjDKb5ux0daknTI+WE41b0VYaHEX/D7YXYKg
L7JRbLAaXbhZzjVlyIuhrxA3/+OcXcJJFzT/jCuLjfC8cSyTDB0FxLrHzarJXnzR
yQH3nAP2/Apd9Np75tt2QnDr9E0i2gB3b9bJXxf92nUupVcM9upctuBzpWjPoXTi
dYJ+EJ/B9aLrAek4sQpEzNPCifVJNYIKNLMc6YjCR06CDgo28EdPivEpBHXazeGa
XP9enZiVuppD0EqiFwUBBDDTMrOPAgMBAAGjgfgwgfUwDgYDVR0PAQH/BAQDAgGG
MB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDATASBgNVHRMBAf8ECDAGAQH/
AgEAMB0GA1UdDgQWBBTnq58PLDOgU9NeT3jIsoQOO9aSMzAfBgNVHSMEGDAWgBR5
tFnme7bl5AFzgAiIyBpY9umbbjAyBggrBgEFBQcBAQQmMCQwIgYIKwYBBQUHMAKG
Fmh0dHA6Ly94MS5pLmxlbmNyLm9yZy8wEwYDVR0gBAwwCjAIBgZngQwBAgEwJwYD
VR0fBCAwHjAcoBqgGIYWaHR0cDovL3gxLmMubGVuY3Iub3JnLzANBgkqhkiG9w0B
AQsFAAOCAgEAUTdYUqEimzW7TbrOypLqCfL7VOwYf/Q79OH5cHLCZeggfQhDconl
k7Kgh8b0vi+/XuWu7CN8n/UPeg1vo3G+taXirrytthQinAHGwc/UdbOygJa9zuBc
VyqoH3CXTXDInT+8a+c3aEVMJ2St+pSn4ed+WkDp8ijsijvEyFwE47hulW0Ltzjg
9fOV5Pmrg/zxWbRuL+k0DBDHEJennCsAen7c35Pmx7jpmJ/HtgRhcnz0yjSBvyIw
6L1QIupkCv2SBODT/xDD3gfQQyKv6roV4G2EhfEyAsWpmojxjCUCGiyg97FvDtm/
NK2LSc9lybKxB73I2+P2G3CaWpvvpAiHCVu30jW8GCxKdfhsXtnIy2imskQqVZ2m
0Pmxobb28Tucr7xBK7CtwvPrb79os7u2XP3O5f9b/H66GNyRrglRXlrYjI1oGYL/
f4I1n/Sgusda6WvA6C190kxjU15Y12mHU4+BxyR9cx2hhGS9fAjMZKJss28qxvz6
Axu4CaDmRNZpK/pQrXF17yXCXkmEWgvSOEZy6Z9pcbLIVEGckV/iVeq0AOo2pkg9
p4QRIy0tK2diRENLSF2KysFwbY6B26BFeFs3v1sYVRhFW9nLkOrQVporCS0KyZmf
wVD89qSTlnctLcZnIavjKsKUu1nA1iU0yYMdYepKR7lWbnwhdx3ewok=
-----END CERTIFICATE-----

EOM

is_debian()
{
  if [ -r "/etc/os-release" ]
  then
    ID="$(sed -n -e "s/^ID\s*=\s*\(.*\)/\1/p" /etc/os-release)"
    ID_LIKE="$(sed -n -e "s/^ID_LIKE\s*=\s*\(.*\)/\1/p" /etc/os-release)"

    if [ "$ID" = "debian" ] ||       # Debian
       [ "$ID_LIKE" = "debian" ] ||  # e.g Ubuntu
       [ "$ID_LIKE" = "ubuntu" ]     # e.g. Linux Mint
    then
      return 0
    fi
  fi
  return 1
}

# exit on non-RHEL systems or when rhsm.conf is not found
test -f $CFG || exit
type -P subscription-manager >/dev/null || type -P subscription-manager-cli >/dev/null || exit

# backup configuration during the first run
test -f $CFG_BACKUP || cp $CFG $CFG_BACKUP

# create the cert
echo "$KATELLO_SERVER_CA_DATA" > $CERT_DIR/$KATELLO_SERVER_CA_CERT
chmod 644 $CERT_DIR/$KATELLO_SERVER_CA_CERT

echo "$KATELLO_DEFAULT_CA_DATA" > $CERT_DIR/$KATELLO_DEFAULT_CA_CERT
chmod 644 $CERT_DIR/$KATELLO_DEFAULT_CA_CERT

if is_debian
then
  # Debian setup
  BASEURL=https://$KATELLO_SERVER/pulp/deb

  subscription-manager config \
    --server.hostname="$KATELLO_SERVER" \
    --server.prefix="$PREFIX" \
    --server.port="$PORT" \
    --rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
    --rhsm.baseurl="$BASEURL"
else
  # rhel setup
  BASEURL=https://$KATELLO_SERVER/pulp/content/

  subscription-manager config \
    --server.hostname="$KATELLO_SERVER" \
    --server.prefix="$PREFIX" \
    --server.port="$PORT" \
    --rhsm.repo_ca_cert="%(ca_cert_dir)s$KATELLO_SERVER_CA_CERT" \
    --rhsm.baseurl="$BASEURL"

  # Older versions of subscription manager may not recognize
  # report_package_profile and package_profile_on_trans options.
  # So set them separately and redirect out & error to /dev/null
  # to fail silently.
  subscription-manager config --rhsm.package_profile_on_trans=1 > /dev/null 2>&1 || true
  subscription-manager config --rhsm.report_package_profile=1 > /dev/null 2>&1 || true

  if grep --quiet full_refresh_on_yum $CFG; then
    sed -i "s/full_refresh_on_yum\s*=.*$/full_refresh_on_yum = 1/g" $CFG
  else
    full_refresh_config="#config for on-premise management\nfull_refresh_on_yum = 1"
    sed -i "/baseurl/a $full_refresh_config" $CFG
  fi
fi

# also add the katello ca cert to the system wide ca cert store
if [ -d $CA_TRUST_ANCHORS ]; then
  update-ca-trust enable
  cp $CERT_DIR/$KATELLO_SERVER_CA_CERT $CA_TRUST_ANCHORS
  update-ca-trust
fi

# restart yggdrasild if it is installed and running
systemctl try-restart yggdrasil >/dev/null 2>&1 || true

exit 0
