#!/bin/bash

## Copyright (C) 2019 - 2025 ENCRYPTED SUPPORT LLC <adrelanos@whonix.org>
## See the file COPYING for copying conditions.

## usage:
## sudo client=1 anon-server-to-client-install

#set -x

set -e

error_handler() {
   local exit_code="$?"
   echo "ERROR: exit_code: $exit_code | BASH_COMMAND: $BASH_COMMAND"
   exit 1
}

trap error_handler ERR

SCRIPTNAME="$(basename "$BASH_SOURCE")"

if [ "$(id -u)" != "0" ]; then
    echo "ERROR: This must be run as root (sudo)!"
    echo "INFO: You can start $SCRIPTNAME by entering..."
    echo "      sudo $SCRIPTNAME"
    exit 1
fi

[ -n "$torconfdir" ] || torconfdir="/usr/local/etc/torrc.d"

[ -n "$torconffile" ] || torconffile="${torconfdir}/43_clientonionauthdir.conf"

[ -n "$torunit" ] || torunit="tor@default"

[ -n "$unitaction" ] || unitaction="reload"
[ -n "$unitruntest" ] || unitruntest="is-active"

[ -n "$unittool" ] || unittool="systemctl"

[ -n "$unitcmd" ] || unitcmd="$unittool $unitaction $torunit"

[ -n "$unitruntestcmd" ] || unitruntestcmd="$unittool $unitruntest $torunit"

[ -n "$user_name" ] || user_name="$SUDO_USER"

[ -n "$tor_user" ] || tor_user="debian-tor"
[ -n "$tor_group" ] || tor_group="debian-tor"

[ -n "$client" ] || client="1"

[ -n "$tor_dir" ] || tor_dir="/var/lib/tor"

[ -n "$client_onion_auth_dir" ] || client_onion_auth_dir="${tor_dir}/authdir"

[ -n "$auth_private_file_name" ] || auth_private_file_name="${client}.auth_private"

[ -n "$sourcefile" ] || sourcefile="/home/${user_name}/${auth_private_file_name}"

[ -n "$auth_private_file_full_target_path" ] || auth_private_file_full_target_path="${client_onion_auth_dir}/${auth_private_file_name}"

[ -n "$client_onion_auth_full_path" ] || client_onion_auth_full_path="${client_onion_auth_dir}/${auth_private_file_name}"

[ -n "$tor_user_sudo" ] || tor_user_sudo="sudo --non-interactive -u $tor_user"

which touch tee mkdir chown cp sudo id groups "$unittool" sleep >/dev/null

id "$tor_user" >/dev/null
groups "$tor_group" >/dev/null

if ! $unitruntestcmd &>/dev/null ; then
   echo "ERROR: Tor is not running. Start Tor first."
   exit 1
fi

if ! test -r "$sourcefile" ; then
   echo "ERROR: sourcefile '$sourcefile' does not exist!" >&2
   exit 1
fi

if ! test -d "$tor_dir" ; then
   echo "ERROR: tor_dir '$tor_dir' does not exist!" >&2
   exit 1
fi

mkdir -p "$client_onion_auth_dir"
chown "${tor_user}:${tor_group}" "$client_onion_auth_dir"
cp "$sourcefile" "$auth_private_file_full_target_path"
chown "${tor_user}:${tor_group}" "$auth_private_file_full_target_path"

echo "INFO: Installed \".auth_private\" file (private key) '$sourcefile' to '$auth_private_file_full_target_path'."

test -d "$torconfdir"
rm -f "$torconffile"
touch "$torconffile"

echo "\
# This file is generated by by $0
# User configuration should go to /usr/local/etc/torrc.d/50_user.conf, not here.
# However, deleting this file will be fine since a new plain file will be generated the next time you run $SCRIPTNAME

# Also Whonix package anon-gw-anonymizer-config already ships file
# /etc/torrc.d/65_gateway.conf which also includes
# ClientOnionAuthDir /var/lib/tor/authdir
ClientOnionAuthDir $client_onion_auth_dir
" | tee "$torconffile" >/dev/null

echo "INFO: Created torconffile '$torconffile'."

echo "INFO: Reloading Tor to activate \".auth_private\" file (private key)."

## Reload Tor to so Tor will load client_authorization_full_path.
## by default:
## systemctl reload tor@default
$unitcmd

echo "INFO: Success."
