#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/build_mail_sni                  Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

package scripts::build_mail_sni;

use strict;

use Cpanel::Usage                     ();
use Cpanel::Config::LoadCpConf        ();
use Cpanel::MailUtils::SNI            ();
use Cpanel::AdvConfig::dovecot::utils ();
use Try::Tiny;

exit run(@ARGV) unless caller();

sub run {
    my @cmdline_args = @_;
    my $opts;

    my $usage_args = {
        'fix_ssl_perms'            => \$opts->{'fix_ssl_perms'},
        'rebuild_dovecot_sni_conf' => \$opts->{'rebuild_dovecot_sni_conf'},
        'restartsrvs'              => \$opts->{'restartsrvs'},
        'verbose'                  => \$opts->{'verbose'},
    };

    Cpanel::Usage::wrap_options( \@cmdline_args, \&usage, $usage_args );
    my $verbose        = delete $opts->{'verbose'};
    my $dispatch_table = {
        'fix_ssl_perms'            => \&fix_ssl_perms,
        'rebuild_dovecot_sni_conf' => \&rebuild_dovecot_sni_conf,
        'restartsrvs'              => \&restartsrvs,
    };

    foreach (qw( fix_ssl_perms rebuild_dovecot_sni_conf restartsrvs )) {
        $dispatch_table->{$_}->($verbose) if $opts->{$_};
    }
    return;
}

sub rebuild_dovecot_sni_conf {
    my $cpconf = Cpanel::Config::LoadCpConf::loadcpconf();
    if ( $cpconf->{'mailserver'} ne 'dovecot' ) {
        print "[!] Dovecot is not the configured mailserver. Rebuild of Dovecot SNI configuration skipped...\n";
        return 1;
    }

    print "[*] Rebuilding Dovecot SNI configuration file...\n";
    if ( !eval { Cpanel::MailUtils::SNI->rebuild_dovecot_sni_conf($Cpanel::MailUtils::SNI::CHECK_SYNTAX) } ) {
        die "[!] Failed to build Dovecot SNI configuration: " . $@ . "\n";
    }
    print "[+] Successfully built Dovecot SNI configuration: " . Cpanel::AdvConfig::dovecot::utils::find_dovecot_sni_conf() . "\n";
    return 1;
}

sub fix_ssl_perms {
    my $verbose = shift;
    $verbose = $verbose ? 'v' : '';

    print "[*] Fixing SSL permissions...\n";
    print "\n" if $verbose;
    if ( -d '/var/cpanel/ssl/installed/certs' ) {
        system 'chgrp', '-R' . $verbose, 'mail', '/var/cpanel/ssl/installed/certs';
        system 'chmod', '-R' . $verbose, '640',  '/var/cpanel/ssl/installed/certs';
        system 'chmod', '751',           '/var/cpanel/ssl/installed/certs';
    }
    if ( -d '/var/cpanel/ssl/installed/cabundles' ) {
        system 'chgrp', '-R' . $verbose, 'mail', '/var/cpanel/ssl/installed/cabundles';
        system 'chmod', '-R' . $verbose, '640',  '/var/cpanel/ssl/installed/cabundles';
        system 'chmod', '751',           '/var/cpanel/ssl/installed/cabundles';
    }
    if ( -d '/var/cpanel/ssl/installed/keys' ) {
        system 'chgrp', '-R' . $verbose, 'mail', '/var/cpanel/ssl/installed/keys';
        system 'chmod', '-R' . $verbose, '640',  '/var/cpanel/ssl/installed/keys';
        system 'chmod', '751',           '/var/cpanel/ssl/installed/keys';
    }
    print "\n" if $verbose;
    print "[+] Fixed SSL permissions.\n";
    return 1;
}

sub restartsrvs {
    print "[*] Restarting mail services...\n\n";
    system '/usr/local/cpanel/scripts/restartsrv', '--wait', 'exim';
    system '/usr/local/cpanel/scripts/restartsrv', '--wait', 'imap';
    print "\n[+] Restarted mail services.\n";
    return 1;
}

sub usage {
    my $prog = $0;
    print <<USAGE;
$0

Utility to rebuild the SNI map file and configuration for mail services.

    --fix_ssl_perms            => Fix permissions for the SSL files in the path: /var/cpanel/ssl/installed/
    --rebuild_dovecot_sni_conf => Rebuild the dovecot SNI include file.
    --restartsrvs              => Restart mail services (dovecot/exim).
USAGE
    exit 1;
}