#!/usr/bin/env ruby

# -------------------------------------------------------------------------- #
# Copyright 2002-2015, OpenNebula Project (OpenNebula.org), C12G Labs        #
#                                                                            #
# Licensed under the Apache License, Version 2.0 (the "License"); you may    #
# not use this file except in compliance with the License. You may obtain    #
# a copy of the License at                                                   #
#                                                                            #
# http://www.apache.org/licenses/LICENSE-2.0                                 #
#                                                                            #
# Unless required by applicable law or agreed to in writing, software        #
# distributed under the License is distributed on an "AS IS" BASIS,          #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #
# See the License for the specific language governing permissions and        #
# limitations under the License.                                             #
#--------------------------------------------------------------------------- #

ONE_LOCATION=ENV["ONE_LOCATION"]

if !ONE_LOCATION
    RUBY_LIB_LOCATION="/usr/lib/one/ruby"
    ETC_LOCATION="/etc/one/"
else
    RUBY_LIB_LOCATION=ONE_LOCATION+"/lib/ruby"
    ETC_LOCATION=ONE_LOCATION+"/etc/"
end

$: << RUBY_LIB_LOCATION

require 'opennebula/x509_auth'
require 'scripts_common'

user   = ARGV[0] # username as registered in OpenNebula
pass   = ARGV[1] # DN registered for this user
secret = ARGV[2] # Base64 encoded text and certificate chain text:cert_0:cert_1:..., certs in pem format

#OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")

begin
    dsecret = Base64::decode64(secret)
    asecret = dsecret.split(':')

    token = asecret[0]
    certs = asecret[1..-1]

    x509_auth = OpenNebula::X509Auth.new(:certs_pem=>certs)

    rc = x509_auth.authenticate(user, pass, token)
rescue => e
    OpenNebula.error_message e.message
    exit -1
end

if rc == true
    exit 0
else
    OpenNebula.error_message rc 
    exit -1
end
