#!/bin/bash
#
# ask-for-passphrase - designed to be used by SSLPassPhraseDialog exec:
#
# Copyright Canonical, Ltd. 2010, All Rights Reserved
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

sitename="${1}"
keytype="${2}"

log="logger -p daemon.err -t apache2"
prompt="Enter passphrase for SSL/TLS keys for '${sitename} (${keytype})':"

# Apache gives us a pipe for stdin, but we want to
# talk to apache's terminal.
tty=$( tty < /proc/${PPID}/fd/0 )
if [[ "${tty}" == "not a tty" ]]; then
  if [[ -x /bin/systemd-ask-password ]]; then
    exec /bin/systemd-ask-password --timeout=0 "${prompt}"
  elif [[ -x /bin/plymouth ]] && plymouth --ping; then
    echo "${prompt}" | logger
    exec plymouth ask-for-password --prompt="${prompt}"
  else
    ${log} "No way to ask user for passphrase!"
    exit 1
  fi
  ${log} "Passphrase prompt failed!"
  exit 1
fi

# We must not print anything on stdout except the passphrase
read -r -s -p "${prompt}" passphrase > "${tty}" 2>&1 < "${tty}"
echo > "${tty}"
echo "${passphrase}"
