#!/bin/bash

#
# Copyright (c) 2022 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#

set -e
source $(dirname "$0")/lib/job_utils.sh

require_job_env BUILD_HOME

load_build_env

notice "StarlingX Signing Pre-flight Checks"

# Pre-flight validation: ISO artifacts + signing configuration + connectivity
# This script validates all conditions necessary for successful ISO signing
declare -a iso_files
iso_files+=($BUILD_HOME/localdisk/deploy/starlingx-intel-x86-64-cd.iso)

validation_errors=0

for iso_file in "${iso_files[@]}" ; do
    # Handle symlinks
    if [[ -L "$iso_file" ]] ; then
        iso_link_target="$(readlink "$iso_file")" || {
            error "failed to read symlink $iso_file"
            ((validation_errors++))
            continue
        }
        [[ -n "$iso_link_target" ]] || {
            error "$iso_file: empty symlink target"
            ((validation_errors++))
            continue
        }
        [[ ! "$iso_link_target" =~ / ]] || {
            error "$iso_file: link target must not include slashes"
            ((validation_errors++))
            continue
        }
        real_iso_file="$(dirname "$iso_file")/$iso_link_target"
        info "ISO symlink: $iso_file -> $real_iso_file"
        iso_file="$real_iso_file"
    fi
    
    # Check if file exists and is readable
    if [[ ! -f "$iso_file" ]]; then
        error "ISO file not found: $iso_file"
        ((validation_errors++))
        continue
    fi
    
    if [[ ! -r "$iso_file" ]]; then
        error "ISO file is not readable: $iso_file"
        ((validation_errors++))
        continue
    fi
    
    # Check file size (should be > 1MB for a valid ISO)
    file_size=$(stat -c%s "$iso_file" 2>/dev/null || echo "0")
    if [[ ${file_size} -lt 1048576 ]]; then
        error "ISO file seems too small (${file_size} bytes): $iso_file"
        ((validation_errors++))
        continue
    fi
    
    info "✓ ISO file validated: $iso_file ($(numfmt --to=iec ${file_size}))"
done

# Check for build info file
build_info_file="$BUILD_HOME/localdisk/deploy/build_info.log"
if [[ -f "$build_info_file" ]]; then
    info "✓ Build info found: $build_info_file"
else
    warn "Build info file not found: $build_info_file"
fi

# Check for packages CSV
packages_csv="$BUILD_HOME/localdisk/deploy/iso-packages.csv"
if [[ -f "$packages_csv" ]]; then
    info "✓ Packages CSV found: $packages_csv"
else
    info "Packages CSV not found (optional): $packages_csv"
fi

# Check signing configuration if formal signing is enabled
if [[ "${SIGN_ISO_FORMAL}" == "true" ]]; then
    notice "Validating signing configuration for formal signing"
    
    missing_config=()
    
    if [[ -z "${SIGNING_SERVER}" ]]; then
        missing_config+=("SIGNING_SERVER")
    fi
    
    if [[ -z "${SIGNING_USER}" ]]; then
        missing_config+=("SIGNING_USER")
    fi
    
    if [[ ${#missing_config[@]} -gt 0 ]]; then
        error "Missing signing configuration for formal signing:"
        for config in "${missing_config[@]}"; do
            error "  - ${config}"
        done
        ((validation_errors++))
    else
        info "✓ Signing configuration is complete"
        info "  - SIGNING_SERVER: ${SIGNING_SERVER}"
        info "  - SIGNING_USER: ${SIGNING_USER}"
        if [[ -n "${SIGNING_KEY_NAME}" ]]; then
            info "SIGNING_KEY_NAME: ${SIGNING_KEY_NAME}"
        else
            info "SIGNING_KEY_NAME not specified, using default"
        fi
        
        # Test SSH connectivity to signing server (like actual signing process)
        if command -v ssh >/dev/null 2>&1; then
            info "Testing SSH connectivity to signing server..."
            # Test actual SSH connection like sign_iso_formal.sh does
            # Use same connection parameters as signing process
            ssh_test_cmd="ssh -o ConnectTimeout=10 -o BatchMode=yes -o StrictHostKeyChecking=no"
            if [[ -n "${SIGNING_USER}" ]]; then
                ssh_test_cmd+=" ${SIGNING_USER}@${SIGNING_SERVER}"
            else
                ssh_test_cmd+=" ${SIGNING_SERVER}"
            fi
            ssh_test_cmd+=" exit"
            
            # Execute SSH test with error handling
            if eval "${ssh_test_cmd}" >/dev/null 2>&1 || true; then
                if eval "${ssh_test_cmd}" >/dev/null 2>&1; then
                    info "✓ SSH connection successful to signing server: ${SIGNING_SERVER}"
                else
                    warn "SSH connection failed to signing server: ${SIGNING_SERVER}"
                    warn "This may indicate authentication, network, or server issues"
                    warn "Signing process may fail - check SSH keys and server access"
                fi
            fi
        else
            info "SSH command not available - skipping connectivity test"
        fi
    fi
else
    info "Formal ISO signing is disabled (SIGN_ISO_FORMAL != true)"
fi

# Summary
if [[ ${validation_errors} -eq 0 ]]; then
    notice "All pre-flight checks passed - ready for signing"
    exit 0
else
    error "Found ${validation_errors} pre-flight check error(s)"
    exit 1
fi