#!/bin/sh
### BEGIN INIT INFO
# Provides:          nginx-debug
# Required-Start:    $network $remote_fs $local_fs 
# Required-Stop:     $network $remote_fs $local_fs
# Default-Start:     
# Default-Stop:      0 1 2 3 4 5 6
# Short-Description: Stop/start nginx
### END INIT INFO

# Author: Sergey Budnevitch <sb@nginx.com>

PATH=/sbin:/usr/sbin:/bin:/usr/bin

if [ -L $0 ]; then
    SCRIPTNAME=`/bin/readlink -f $0`
else
    SCRIPTNAME=$0
fi

sysconfig=`/usr/bin/basename $SCRIPTNAME`

[ -r /etc/default/$sysconfig ] && . /etc/default/$sysconfig

DESC=${DESC:-nginx-debug}
NAME=${NAME:-nginx-debug}
CONFFILE=${CONFFILE:-/etc/nginx/nginx.conf}
DAEMON=${DAEMON:-/usr/sbin/nginx-debug}
PIDFILE=${PIDFILE:-/run/nginx.pid}
SLEEPSEC=${SLEEPSEC:-1}
UPGRADEWAITLOOPS=${UPGRADEWAITLOOPS:-5}
CHECKSLEEP=${CHECKSLEEP:-3}
SUBS_CERT=/etc/ssl/nginx/nginx-repo.crt
OPENSSL=/usr/bin/openssl
CERT_EXT_CMD="$OPENSSL x509 -in $SUBS_CERT -text -certopt ca_default,no_sigdump,no_serial -noout"

CCA="-----BEGIN CERTIFICATE-----
MIIDjzCCAnegAwIBAgIJAIu3DxpkIGrqMA0GCSqGSIb3DQEBBQUAMF4xCzAJBgNV
BAYTAlJVMQ8wDQYDVQQIDAZNb3Njb3cxDzANBgNVBAcMBk1vc2NvdzESMBAGA1UE
CgwJTkdJTlggSW5jMRkwFwYDVQQDDBBuZ2lueCBjbGllbnRzIENBMB4XDTE0MDQx
MjE3MTIyN1oXDTIyMDQxMjE3MTIyN1owXjELMAkGA1UEBhMCUlUxDzANBgNVBAgM
Bk1vc2NvdzEPMA0GA1UEBwwGTW9zY293MRIwEAYDVQQKDAlOR0lOWCBJbmMxGTAX
BgNVBAMMEG5naW54IGNsaWVudHMgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
ggEKAoIBAQDEPxQdivul86frKz1THqVDNjmFDWoX23w7ineOYJaCSR3e6SlXDM0B
8Rv1ideNtU4mGAhLL7UaCO7b4kRbLF8AKyNoTXj8xxEGUQosufd5xdAe8P/jXIIi
BqbCp9r8DtablLjzs81B9aXgMpoZgddDNsmIvHQn6qU6UerMLNUcB9LBOA2tbcCM
JkZz/A1bWB7jH2SPOh5nuIfZ8w0at+MKFAhsFMkk1Dtm04lvQamqboUA+whmBCAg
j85ReEOAf0WXMR+ADHfaLFvZ/zP5qhLYA+ebJ8frfbey3vs0DHS9AeKfKbvzBPlL
feTvr039/orWmvAPI3i/i1JdtC5ed4DvAgMBAAGjUDBOMAwGA1UdEwQFMAMBAf8w
HQYDVR0OBBYEFMV07soOaApznZzWDskzQAalCjB6MB8GA1UdIwQYMBaAFMV07soO
aApznZzWDskzQAalCjB6MA0GCSqGSIb3DQEBBQUAA4IBAQAkMsoWHFZCZO8G4yxj
IkfkUSV65JYo4BvvYUgQPwcEtTv8HNyj84Nwh3yXH62FyyZ0z0RMpzUwHkAm8o/y
LNeEeKoh7T4uClZIogTt/fMJ768aod0Ta6u3KAIElvhoFe68jvrjYH/f1JkSetyz
FNokgN1gkPSc9LU9ksquLORE8ooh33yucSr5yFTRnME1yDujPiXgiLjFBcFQ8mE3
2LuerFU1g3NN7ZiB3Tgj4b2iKVGL/nnm8Un8czxU/yekhbTMBEgNPm28770WjwLH
RhwnsNMWK0Wvv0X+xBoqad2ORnK6Yg91ka51NZWVA7EE3Q8EKaM9fX+VWL/JRB/X
R2o2
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDTzCCAjegAwIBAgIJALe09gGoPNRsMA0GCSqGSIb3DQEBCwUAMD4xEjAQBgNV
BAoMCU5HSU5YIEluYzEoMCYGA1UEAwwfbmdpbnggY2xpZW50IGF1dGhlbnRpY2F0
aW9uIENBMjAeFw0xODExMjkxMTUzNTZaFw0yODA0MTIxMTUzNTZaMD4xEjAQBgNV
BAoMCU5HSU5YIEluYzEoMCYGA1UEAwwfbmdpbnggY2xpZW50IGF1dGhlbnRpY2F0
aW9uIENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALXJxxHBV8XR
vgYD2ANRzWphLZu8ChDwFuycxHVyxZYLVp2xRklb5CqsNJUTX+Y/u+1qvhbRuzkK
MMDoLY6PA/Zhj3q/o0lf4KaS5VASbRi3JAW1EsyTs95amW6xpm0kvdV0sBBeOyih
tA6RzCvcaZb5po7cKb9l9S+lIq/dLvDAzxtkgfJN/b0bR+/WeGtTZxwglYK9uh8o
VVW/8IB+Ghm9cuf7JFQbVYdye4/oDy2lpCIdwO/YtBJP/QmwnFPjnEJhszoNPCMz
63brEwzW8f0PnL8LbO4X7x9Pl0llk2SVFO/R0EKV3+V/YvzIYzcPHsK2CGiZooRu
7IGPihFLUSkCAwEAAaNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUt6TS69Lu
sK5/xRzb5xMF9qW3m2UwHwYDVR0jBBgwFoAUt6TS69LusK5/xRzb5xMF9qW3m2Uw
DQYJKoZIhvcNAQELBQADggEBAIuf3SBm72H3jDIdVap8I+W+/q/7BSEPUZmW5khq
RZ46Fa2391m+IM3BCTiap048Zj/lImcZZN+1Lk8BV+saPGzgaWE5TiX8s/fhj39V
AOuCw7nMjaXwjJfxDwvBv7sE1CoTLd6+m4vQHuzWNs/Pm9pwUwJpNsOCS1s+NeYC
uVGBuaW3BX3uMnSF4FqhVlmqk3UiYVJ+5TTzWI4sHbneT8H56b8+6LoZoGVz53+3
BQfIHLpWi/SnanN8jRuJtDSJ36AlhaNeeMCx1epAGj7Of1kTLF9KtVOKHOXeguOw
/XPb0/Cn4QCHZeyd9IcR8zTQIVxFz++ss2S021LCNvdTaM4=
-----END CERTIFICATE-----"

[ -x $DAEMON ] || exit 0

DAEMON_ARGS="-c $CONFFILE $DAEMON_ARGS"

. /lib/init/vars.sh

. /lib/lsb/init-functions

check_trial() {
    test -x $OPENSSL || return 1
    test -f $SUBS_CERT || return 1
    verify_cert || return 1
    certext=`$CERT_EXT_CMD`
    echo $certext | fgrep 'Trial subscription' >/dev/null 2>&1
    subtrial=$?
    echo $certext | fgrep 'Developer subscription' >/dev/null 2>&1
    subtrialdev=$?
    [ $subtrial -eq 1 -a $subtrialdev -eq 1 ] && return 1
    ENDDATE=`openssl x509 -enddate -in $SUBS_CERT -noout 2>/dev/null` || return 1
    ENDDATE=`echo $ENDDATE | sed 's/.*=//'`
    ENDDATE=`LC_TIME=C date -d "$ENDDATE" +%s` || return 1
    CURDATE=`date +%s`

    case "$ENDDATE$CURDATE" in
        ''|*[!0-9]*) return 1;;
    esac

    if [ $CURDATE -gt $ENDDATE ]; then
        echo
        if [ $subtrial -eq 0 ]; then
            echo "Your trial subscription of NGINX Plus has now expired."
            echo "Please see https://www.nginx.com/trial-expired/ for more information."
        fi
        if [ $subtrialdev -eq 0 ]; then
            echo "NGINX Plus - Developer Edition"
            echo "ERROR: cannot start, your subscription has expired"
        fi
        echo
        exit 1
    else
        EXPDAYS=$((($ENDDATE-$CURDATE)/86400))
        echo
        if [ $subtrial -eq 0 ]; then
            echo "Your trial subscription will expire in $EXPDAYS days"
        fi
        if [ $subtrialdev -eq 0 ]; then
            echo "NGINX Plus - Developer Edition - for non-production use only"
            echo "Your subscription will expire in $EXPDAYS days"
        fi
        echo
    fi
}

verify_cert() {
    CCAFILE=`mktemp /tmp/ccafile.XXXXXX` || return 1
    printf "%s" "$CCA" >$CCAFILE
    $OPENSSL verify -CAfile $CCAFILE $SUBS_CERT >/dev/null 2>&1
    VALID=$?
    rm -f $CCAFILE
    return $VALID
}

do_start()
{
    check_trial
    start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
        $DAEMON_ARGS
    RETVAL="$?"
    return "$RETVAL"
}

do_stop()
{
    # Return
    #   0 if daemon has been stopped
    #   1 if daemon was already stopped
    #   2 if daemon could not be stopped
    #   other if a failure occurred
    start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
    test $RETVAL -eq 0 && rm -f $PIDFILE
    return "$RETVAL"
}

do_reload() {
    #
    start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
    return "$RETVAL"
}

do_configtest() {
    if [ "$#" -ne 0 ]; then
        case "$1" in
            -q)
                FLAG=$1
                ;;
            *)
                ;;
        esac
        shift
    fi
    $DAEMON -t $FLAG -c $CONFFILE
    RETVAL="$?"
    return $RETVAL
}

do_upgrade() {
    OLDBINPIDFILE=$PIDFILE.oldbin

    do_configtest -q || return 6
    start-stop-daemon --stop --signal USR2 --quiet --pidfile $PIDFILE --name $NAME
    RETVAL="$?"
    
    for i in `/usr/bin/seq  $UPGRADEWAITLOOPS`; do
        sleep $SLEEPSEC
        if [ -f $OLDBINPIDFILE -a -f $PIDFILE ]; then
            start-stop-daemon --stop --signal QUIT --quiet --pidfile $OLDBINPIDFILE --name $NAME
            RETVAL="$?"
            return
        fi
    done

    echo $"Upgrade failed!"
    RETVAL=1
    return $RETVAL
}

do_checkreload() {
    templog=`/bin/mktemp --tmpdir nginx-check-reload-XXXXXX.log`
    trap '/bin/rm -f $templog' 0
    /usr/bin/tail --pid=$$ -n 0 --follow=name /var/log/nginx/error.log > $templog &
    /bin/sleep 1
    start-stop-daemon --stop --signal HUP --quiet --pidfile $PIDFILE
    /bin/sleep $CHECKSLEEP
    /bin/grep -E "\[emerg\]|\[alert\]" $templog
}

case "$1" in
    start)
        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
        do_start
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
    stop)
        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
        do_stop
        case "$?" in
            0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
            2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
        esac
        ;;
  status)
        status_of_proc -p "$PIDFILE" "$DAEMON" "$NAME" && exit 0 || exit $?
        ;;
  configtest)
        do_configtest
        ;;
  upgrade)
        do_upgrade
        ;;
  reload|force-reload)
        log_daemon_msg "Reloading $DESC" "$NAME"
        do_reload
        log_end_msg $?
        ;;
  restart|force-reload)
        log_daemon_msg "Restarting $DESC" "$NAME"
        do_configtest -q || exit $RETVAL
        do_stop
        case "$?" in
            0|1)
                do_start
                case "$?" in
                    0) log_end_msg 0 ;;
                    1) log_end_msg 1 ;; # Old process is still running
                    *) log_end_msg 1 ;; # Failed to start
                esac
                ;;
            *)
                # Failed to stop
                log_end_msg 1
                ;;
        esac
        ;;
    check-reload)
        do_checkreload
        RETVAL=0
        ;;
    *)
        echo "Usage: $SCRIPTNAME {start|stop|status|restart|reload|force-reload|upgrade|configtest|check-reload}" >&2
        exit 3
        ;;
esac

exit $RETVAL
