#!/bin/sh
##  BEGIN COPYRIGHT BLOCK
##  (C) 2008 Red Hat, Inc.
##  All rights reserved.
##  END COPYRIGHT BLOCK

##  Always switch into this base directory
##  prior to script execution so that all
##  of its output is written to this directory

cd `dirname $0`


##
##  This script MUST be run as root!
##

ROOTUID=0

OS=`uname`
if [ "${OS}" = "Linux" ] ; then
    MY_EUID=`/usr/bin/id -u`
    MY_UID=`/usr/bin/id -ur`
    USERNAME=`/usr/bin/id -un`
else
    printf "ERROR:  Unsupported operating system '${OS}'!\n"
    exit 255
fi

if [ "${MY_UID}"  != "${ROOTUID}" ] &&
   [ "${MY_EUID}" != "${ROOTUID}" ] ; then
    printf "ERROR:  The '$0' script must be run as root!\n"
    exit 255
fi



##
##  Define DEFAULT PKI Instances
##

PKI_DIR="/var/lib"

PKI_CA="pki-ca"
PKI_DRM="pki-kra"
PKI_OCSP="pki-ocsp"
PKI_TKS="pki-tks"
PKI_RA="pki-ra"
PKI_TPS="pki-tps"



##
##  Ask user if any PKI instances need to be removed
##

printf "REMINDER:  PKI instances contain user's PKI data, and consist of\n"
printf "           DEFAULT PKI instances and CUSTOMIZED PKI instances.\n\n"
printf "           DEFAULT PKI instances are automatically created whenever\n"
printf "           one of the PKI subsystems are installed UNLESS that\n"
printf "           particular PKI subsystem's DEFAULT PKI instance\n"
printf "           already exists.\n\n"
printf "           DEFAULT PKI instances consist of the following:\n\n"
printf "               CA   - ${PKI_DIR}/${PKI_CA}\n"
printf "               DRM  - ${PKI_DIR}/${PKI_DRM}\n"
printf "               OCSP - ${PKI_DIR}/${PKI_OCSP}\n"
printf "               RA   - ${PKI_DIR}/${PKI_RA}\n"
printf "               TKS  - ${PKI_DIR}/${PKI_TKS}\n"
printf "               TPS  - ${PKI_DIR}/${PKI_TPS}\n\n"
printf "           Please use the 'remove_default_pki_instances' script\n"
printf "           to remove ALL of these DEFAULT PKI instances, OR\n"
printf "           use the 'pkiremove' utility to remove INDIVIDUAL\n"
printf "           DEFAULT PKI instances.\n\n"
printf "           CUSTOMIZED PKI instances may be named anything and\n"
printf "           may be located anywhere.  Please use the 'pkiremove'\n"
printf "           utility to remove any CUSTOMIZED PKI instances.\n\n"
printf "           IMPORTANT:  NEITHER CUSTOMIZED PKI instances,\n"
printf "                       NOR DEFAULT PKI instances will be\n"
printf "                       REMOVED by this script!\n\n"
while :
do
    printf "Do any DEFAULT or CUSTOMIZED PKI instances need to be removed\n"
    printf "PRIOR to uninstalling ALL of the PKI components?  [yn]  "
    read ANSWER
    printf "\n"
    if [ "${ANSWER}" = "Y" ] ||
       [ "${ANSWER}" = "y" ] ; then
        printf "\n"
        printf "Please REMOVE the desired CUSTOMIZED and/or DEFAULT\n"
        printf "PKI instances PRIOR to re-running this script.\n\n"
        exit 255
    elif [ "${ANSWER}" = "N" ] ||
         [ "${ANSWER}" = "n" ] ; then
        printf "\n"
        break
    else
        continue
    fi
done



##
##  Check for PKI components present on this operating system
##

printf "Processing PKI components present on system . . . "
    # (1) grab all PKI components
    PKI_COMPONENTS=`rpm -qa --queryformat '%{NAME}\n' | grep pki`

    # (2) check for symkey (legacy package)
    `rpm -q --quiet symkey`
    SYMKEY_PRESENCE=$?
    if [ "${SYMKEY_PRESENCE}" = "0" ] ; then
        PKI_COMPONENTS="${PKI_COMPONENTS} symkey"
    fi
printf "done.\n\n"



##
##  Place the PKI components into a list
##

PKI_COMPONENT_LIST=""
for COMPONENT in ${PKI_COMPONENTS} ; do
    if [ "${COMPONENT}" = "bouncycastle-pkix" ] ; then
        continue
    fi
    if [ "${PKI_COMPONENT_LIST}" = "" ] ; then
        PKI_COMPONENT_LIST="${COMPONENT}"
    else
        PKI_COMPONENT_LIST="${PKI_COMPONENT_LIST} ${COMPONENT}"
    fi
done



##
##  Remove ALL PKI components in the list
##

if [ "${PKI_COMPONENT_LIST}" != "" ] ; then
    printf "Removing the following PKI packages:\n"
    printf "    ${PKI_COMPONENT_LIST}\n\n"
    rpm -ev ${PKI_COMPONENT_LIST}
    printf "\n"
else
    printf "No PKI packages need to be removed.\n\n"
fi

exit 0

