#!/bin/sh

. /etc/PG.conf

BASE_URL="https://suep.ctsgw.damddos.com:50443"
ACCESS_KEY="pw7a3kD4jI8K"
SECRET="PaEaw5sKMl6mkLv5c9ioI0hBf8sCfJ8W"
THREAT_PATH="${DATAPATH}/pamalc"
FLOWEYE="/usr/ramdisk/bin/floweye"

if [ -f ${PGETC}/web/pamalc_sync_url.conf ]; then
    BASE_URL=`cat ${PGETC}/web/pamalc_sync_url.conf`
fi

if [ -f "/usr/pabin/pacu" ]; then
	CURL="/usr/pabin/pacu"
else
	CURL="`which curl | tail -1`"
fi

DEV_SN=`${FLOWEYE} key info | cut -d" " -f2 | cut -d"=" -f2`
DB_VERSION=`${FLOWEYE} malc get db=3 | grep version  | cut -d"=" -f2`
[ "${DB_VERSION}" = "NULL" ] && DB_VERSION=""


get_auth_info()
{
    local method="$1"
    local uri="$2"
    local body_str="$3"
    local tonce="$4"

	if [ "`uname`" = "FreeBSD" ]; then
		body_md5=$(printf "%s" "$body_str" | md5 | awk '{print $1}')
		signature="${method}|${uri}|${tonce}|${ACCESS_KEY}||${body_md5}"
		auth_info=$(printf "%s" "$signature" | openssl dgst -sha256 -hmac "$SECRET")
	else
		body_md5=$(printf "%s" "$body_str" | md5sum | awk '{print $1}')
		signature="${method}|${uri}|${tonce}|${ACCESS_KEY}||${body_md5}"
		auth_info=$(printf "%s" "$signature" | openssl dgst -sha256 -hmac "$SECRET" | awk '{print $2}')
	fi
	
    printf "%s" "${ACCESS_KEY}:$auth_info" | openssl base64 | tr -d '\n'
}


send_request()
{
    local url="$1"
    local uri="$2"
    local method="$3"
    local body="$4"
    local save_path="$5"

    tonce=$(date +%s)
    auth_info=$(get_auth_info "$method" "$uri" "$body" "$tonce")

    if [ -n "$save_path" ]; then
        ${CURL} -sk -X "$method" "$url$uri" \
            -H "X-Rpc-Tonce: $tonce" \
            -H "Content-Type: application/json;charset=utf-8" \
            -H "Authorization: $auth_info" \
            --data "$body" \
            -o "$save_path"
    else
        ${CURL} -sk -X "$method" "$url$uri" \
            -H "X-Rpc-Tonce: $tonce" \
            -H "Content-Type: application/json;charset=utf-8" \
            -H "Authorization: $auth_info" \
            --data "$body"
    fi
}


mkdir -p ${THREAT_PATH}


# Step 1: Get Version
body_version='{
    "manufacturerId": "A04",
    "deviceType": "auditgw",
    "deviceSn": "'"${DEV_SN}"'",
    "softwareVersion": "*",
    "deviceModel": "*",
    "hardwareVersion": "*",
    "libType": 5,
    "engineVersion": "*",
    "currentVersion": "'"${DB_VERSION}"'",
    "licenseInfo": {
        "customName": "Panabit",
        "licenseType": "app",
        "exipiredTime": 23232323232
    }
}'

resp=$(send_request "$BASE_URL" "/uep-api/south/api/v1/signature/checkVersion" "POST" "$body_version")
file_name=$(echo "$resp" | grep -o '"fileName"[^"]*"[^"]*"' | cut -d '"' -f4)
download_path=$(echo "$resp" | grep -o '"downloadPath"[^"]*"[^"]*"' | cut -d '"' -f4)

if [ -z "$file_name" ] || [ -z "$download_path" ]; then
    echo "Failed to parse fileName or downloadPath from response"
    echo "Response: $resp"
    exit 1
fi

uri_download=$(echo "$download_path" | sed "s#${BASE_URL}##")
echo "File to download: $file_name"

# Step 2: Download File
body_download=$(printf '{"platformId":"A04","deviceSn":"%s","libType":"5","fileName":"%s"}' ${DEV_SN} "$file_name")
save_file_path="${THREAT_PATH}/$file_name"
send_request "$BASE_URL" "$uri_download" "POST" "$body_download" "$save_file_path"
echo "Download done."

# Step 3: Import to Panabit
tar zxf ${THREAT_PATH}/${file_name} -C ${THREAT_PATH}
dbname=`echo "${file_name}" | awk -F"." '{printf "%s.%s.db", $1, $2}'`
mv ${THREAT_PATH}/${dbname} ${THREAT_PATH}/PanabitMALC_ctel.db

${FLOWEYE} malc load db=3 file=${THREAT_PATH}/PanabitMALC_ctel.db

rm -rf ${THREAT_PATH}/${file_name}

echo "Import done"
