cmake_minimum_required(VERSION 3.10)
project(credentials-fetcher VERSION 1.3.8)

include(GNUInstallDirs)

set(CMAKE_MODULE_PATH ${PROJECT_SOURCE_DIR}/cmake)

set(CFLAGS "${CFLAGS} -std=c++17 -Wall -fstack-protector-all -pthread")
set(CFLAGS "${CFLAGS} -fstack-clash-protection -fPIE -fPIC")
set(CMAKE_CXX_FLAGS ${CFLAGS})
set(CMAKE_EXE_LINKER_FLAGS "${LDFLAGS} -z noexecstack -z relro -z now")
set(CMAKE_SHARED_LINKER_FLAGS "${LDFLAGS} -z noexecstack -z relro -z now")

# cmake ../ -DENABLE_DEBUGGING=ON
option(ENABLE_DEBUGGING "Enable debugging" OFF)
if(ENABLE_DEBUGGING)
    message("Enable debugging")
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g")
else()
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wl,--strip-all -Wformat -Wformat-security")
    set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -O2 -D_FORTIFY_SOURCE=2")
endif()

# cmake ../ -DCODE_COVERAGE=ON
option(CODE_COVERAGE "Enable code coverage" OFF)

if(CODE_COVERAGE)
    # GCC/Clang
    if(CMAKE_CXX_COMPILER_ID MATCHES "GNU|Clang")
        set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} --coverage -fprofile-arcs -ftest-coverage -lgcov -DEXIT_USING_FILE")
        set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} --coverage -fprofile-arcs -ftest-coverage -lgcov ")
    endif()
endif()

# cmake -DBUILD_INTEGRATION_TESTS=ON
option(BUILD_INTEGRATION_TESTS "Build integration tests" OFF)

set(protobuf_MODULE_COMPATIBLE TRUE)
find_package(Protobuf CONFIG)
if(NOT Protobuf_FOUND)
    find_package(Protobuf REQUIRED)
endif()
find_package(gRPC REQUIRED)
set(_PROTOBUF_LIBPROTOBUF protobuf::libprotobuf)
set(_REFLECTION gRPC::grpc++_reflection)
if(${Protobuf_VERSION} VERSION_LESS "3.21.0.0")
    find_program(_PROTOBUF_PROTOC protoc)
endif()
find_program(_GRPC_CPP_PLUGIN_EXECUTABLE grpc_cpp_plugin)

cmake_host_system_information(RESULT PRETTY_NAME QUERY DISTRIB_PRETTY_NAME)
message(STATUS "${PRETTY_NAME}")

cmake_host_system_information(RESULT DISTRO QUERY DISTRIB_INFO)

foreach(VAR IN LISTS DISTRO)
    message(STATUS "${VAR}=`${${VAR}}`")
endforeach()

if((${DISTRO_ID} MATCHES "amzn"))
    add_definitions(-DAMAZON_LINUX_DISTRO=1)
endif()

set(CMAKE_VERBOSE_MAKEFILE ON)

set(configuration)
add_subdirectory(configuration)
set(api)
add_subdirectory(api)
set(renewal)
add_subdirectory(renewal)
set(daemon)
add_subdirectory(daemon)
set(metadata)
add_subdirectory(metadata)

if (NOT CF_KRB_DIR)
    set(CF_KRB_DIR "/var/credentials-fetcher/krbdir")
endif()

if (NOT CF_UNIX_DOMAIN_SOCKET_DIR)
    set(CF_UNIX_DOMAIN_SOCKET_DIR "/var/credentials-fetcher/socket")
endif()

if (NOT CF_LOGGING_DIR)
    set(CF_LOGGING_DIR "/var/credentials-fetcher/logging")
endif()

if (NOT CF_TEST_DOMAIN_NAME)
    set(CF_TEST_DOMAIN_NAME "contoso.com")
endif()

if (NOT CF_TEST_GMSA_ACCOUNT)
    set(CF_TEST_GMSA_ACCOUNT "webapp01")
endif()

configure_file(${CMAKE_SOURCE_DIR}/configuration/config.h.in
        ${CMAKE_BINARY_DIR}/config.h @ONLY)


if(${DISTRO_ID} MATCHES "amzn")
    file(WRITE scripts/systemd/credentials-fetcher.service
            "[Unit]\n"
            "Description=credentials-fetcher systemd service unit file.\n\n"
            "[Service]\n"
            "StandardError=journal\n"
            "StandardOutput=journal\n"
            "StandardInput=null\n"
            "ExecStartPre=mkdir -p ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStartPre=chgrp ec2-user /var/credentials-fetcher ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStartPre=chmod 755 /var/credentials-fetcher ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStart=/usr/sbin/credentials-fetcherd\n"
            "ExecStartPost=chgrp ec2-user /var/credentials-fetcher/socket/credentials_fetcher.sock\n"
            "ExecStartPost=chmod 660 /var/credentials-fetcher/socket/credentials_fetcher.sock\n"
            "Environment=\"CREDENTIALS_FETCHERD_STARTED_BY_SYSTEMD=1\"\n"
            "Type=notify\n"
            "NotifyAccess=main\n"
            "WatchdogSec=120s\n"
            "Restart=on-failure\n\n"
            "[Install]\n"
            "WantedBy=multi-user.target\n"
    )
elseif (${DISTRO_ID} MATCHES "ubuntu")
    file(WRITE scripts/systemd/credentials-fetcher.service
            "[Unit]\n"
            "Description=credentials-fetcher systemd service unit file.\n\n"
            "[Service]\n"
            "StandardError=journal\n"
            "StandardOutput=journal\n"
            "StandardInput=null\n"
            "ExecStartPre=mkdir -p ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStartPre=chgrp ubuntu /var/credentials-fetcher ${CF_KRB_DIR}
            ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStartPre=chmod 755 /var/credentials-fetcher ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStart=/usr/sbin/credentials-fetcherd\n"
            "ExecStartPost=chgrp ubuntu
          /var/credentials-fetcher/socket/credentials_fetcher.sock\n"
            "ExecStartPost=chmod 660 /var/credentials-fetcher/socket/credentials_fetcher.sock\n"
            "Environment=\"CREDENTIALS_FETCHERD_STARTED_BY_SYSTEMD=1\"\n"
            "Type=notify\n"
            "NotifyAccess=main\n"
            "WatchdogSec=120s\n"
            "Restart=on-failure\n\n"
            "[Install]\n"
            "WantedBy=multi-user.target\n"
    )
else()
    file(WRITE scripts/systemd/credentials-fetcher.service
            "[Unit]\n"
            "Description=credentials-fetcher systemd service unit file.\n\n"
            "[Service]\n"
            "StandardError=journal\n"
            "StandardOutput=journal\n"
            "StandardInput=null\n"
            "ExecStartPre=mkdir -p ${CF_KRB_DIR} ${CF_UNIX_DOMAIN_SOCKET_DIR} ${CF_LOGGING_DIR}\n"
            "ExecStart=/usr/sbin/credentials-fetcherd\n"
            "Environment=\"CREDENTIALS_FETCHERD_STARTED_BY_SYSTEMD=1\"\n"
            "Environment=\"CF_CRED_SPEC_FILE=/var/credentials-fetcher/credspec.json\"\n"
            "Type=notify\n"
            "NotifyAccess=main\n"
            "WatchdogSec=120s\n"
            "Restart=on-failure\n\n"
            "[Install]\n"
            "WantedBy=multi-user.target\n"
    )
endif()

set(sources ${daemon} ${configuration} ${renewal})

add_executable(credentials-fetcherd ${sources})

cmake_policy(SET CMP0083 NEW)
include(CheckPIESupported)
check_pie_supported()
if (CMAKE_C_LINK_PIE_SUPPORTED)
    set_property(TARGET credentials-fetcherd
            PROPERTY POSITION_INDEPENDENT_CODE TRUE)
    set_property(TARGET cf_gmsa_service_private
            PROPERTY POSITION_INDEPENDENT_CODE TRUE)
endif ()

find_path(GLIB_INCLUDE_DIR glib.h "/usr/include" "/usr/include/glib-2.0")
find_path(GLIB_CONFIG_DIR glibconfig.h "/usr/include" "/usr/lib64/glib-2.0/include" "/usr/lib/x86_64-linux-gnu/glib-2.0/include/")

target_include_directories(credentials-fetcherd
        PUBLIC
        common
        ${GLIB_INCLUDE_DIR}
        ${GLIB_CONFIG_DIR}
        ${CMAKE_CURRENT_BINARY_DIR})

find_program(DOTNET dotnet ~/.dotnet /usr/bin)
if (NOT DOTNET)
    message(FATAL_ERROR ".NET compiler is not found")
endif()

add_custom_command(
        TARGET credentials-fetcherd
        PRE_LINK
        COMMAND bash -c "CURR_DIR=$PWD && echo $CURR_DIR && cd ${CMAKE_CURRENT_SOURCE_DIR}/auth/kerberos/src/utf16_decode && ./build-using-csc.sh Program.cs && cp Program.exe $CURR_DIR/credentials_fetcher_utf16_private.exe && cp Program.runtimeconfig.json $CURR_DIR/credentials_fetcher_utf16_private.runtimeconfig.json"
        VERBATIM)
target_include_directories(credentials-fetcherd PUBLIC common)

if(${Protobuf_VERSION} VERSION_GREATER_EQUAL "3.21.0.0")
    list(APPEND _PROTOBUF_LIBPROTOBUF proto-objects)
endif()

if(${DISTRO_ID} MATCHES "ubuntu")
    message(STATUS "Linux distro detected as ubuntu")
    target_link_libraries(credentials-fetcherd
            PUBLIC systemd krb5 glib-2.0 cf_gmsa_service_private
            crypto ${_PROTOBUF_LIBPROTOBUF} kadm5srv_mit kdb5 gssrpc gssapi_krb5 gssrpc k5crypto com_err krb5support resolv utf8_validity)
else()
    target_link_libraries(credentials-fetcherd
            PUBLIC systemd krb5 glib-2.0 cf_gmsa_service_private
            crypto ${_PROTOBUF_LIBPROTOBUF}
            kadm5srv_mit kdb5 gssrpc gssapi_krb5 gssrpc k5crypto
            com_err krb5support resolv)
endif()

install(FILES ${CMAKE_BINARY_DIR}/credentials-fetcherd
        DESTINATION "/usr/sbin/"
        PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

install(FILES ${CMAKE_SOURCE_DIR}/scripts/systemd/credentials-fetcher.service
        DESTINATION "/usr/lib/systemd/system/")

install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.exe
        DESTINATION "/usr/sbin/"
        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)

install(FILES ${CMAKE_BINARY_DIR}/credentials_fetcher_utf16_private.runtimeconfig.json
        DESTINATION "/usr/sbin/"
        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)

install(FILES ${CMAKE_BINARY_DIR}/krb5.conf
        DESTINATION "/usr/sbin/"
        PERMISSIONS OWNER_EXECUTE OWNER_WRITE OWNER_READ)

enable_testing()

add_test(NAME check_help COMMAND ${CMAKE_BINARY_DIR}/credentials-fetcherd "--help")
add_test(NAME run_self_test COMMAND ${CMAKE_BINARY_DIR}/credentials-fetcherd "--self_test")
set_tests_properties(check_help PROPERTIES WILL_FAIL TRUE)
set_tests_properties(run_self_test PROPERTIES WILL_FAIL FALSE)


find_package(GTest CONFIG REQUIRED)
set(TEST_FILES test/tester.cpp)
add_executable(credentials-fetcher-test ${metadata} ${TEST_FILES} common)
target_include_directories(credentials-fetcher-test
        PUBLIC
        common
        ${GLIB_INCLUDE_DIR}
        ${GLIB_CONFIG_DIR}
        ${CMAKE_CURRENT_BINARY_DIR})
target_link_libraries(credentials-fetcher-test gtest gtest_main
        systemd
        glib-2.0
        jsoncpp ssl crypto
        krb5 kadm5srv_mit kdb5 gssrpc gssapi_krb5 gssrpc k5crypto
        com_err krb5support resolv)