#!/bin/bash
#
# NVIDIA script to encrypt and store user entered password that will be
# used by vGPU licensing service for proxy server authentication
#
# Copyright (c) 2023 NVIDIA Corporation
#
# All rights reserved.  All information contained herein is proprietary and
# confidential to NVIDIA Corporation.  Any use, reproduction, or disclosure
# without the written permission of NVIDIA Corporation is prohibited.
#
##############################################################################
# To connect to authenticated proxy server using Basic, NTLM
# authentication, proxy credentials are required for vGPU licensing
# service. This is helper script to encrypt user entered password and
# save the encrypted content in a file.
##############################################################################

print_help()
{
    echo ""
    echo "usage: $(basename "$0") [ OPTIONS ]";
    echo ""
    echo "        OPTIONS:";
    echo ""
    echo "          -o --out [file]"
    echo "              Output credentials file."
    echo "              Example: --out /etc/nvidia/gridd-proxy-credentials.dat"
    echo ""
    echo "          -h, --help"
    echo "              Print help and exit."
    echo ""
}

cred_file=

# parse the command line
while [ "$1" ]; do
    case $1 in
        "-o"|"--out")                       cred_file=$2; shift;;
        "-h"|"--help"  )                    print_help; exit 1;;
        *)                                  echo "Unrecognized option '$1'"; print_help; exit 1;;
    esac
    shift
done

if [ -z "${cred_file}" ]; then
    echo "ERROR: No valid input provided for --out"
    print_help;
    exit 1
fi

# Check if output parent directory exists
parentDir="$(dirname "$cred_file")"
if [ ! -d "$parentDir" ]; then
    echo "ERROR: $parentDir: No such directory"
    exit 1
fi

# Check if OpenSSL library is installed, which is a prerequisite to run this script.
if ! command -v openssl &> /dev/null
then
    echo "Error: You need to install OpenSSL to run this script."
    exit 1
fi

# Prompt for password and encrypt it
cred_file_temp="${cred_file}.tmp"
public_key_file="${cred_file}.pubkey"
cat << EOF >  "$public_key_file"
-----BEGIN PUBLIC KEY-----
MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAu21HUkdwo5w6G5xRcE9u
X2kIGJBx/Hr89q6F9i77cuaIWkeGWbghp0iC5+vDUZm2m0uWhC3cVfqJCp4j//qn
agZfBoFFBzFqqd3c69bvugwNZJ6dR2wD1dBrXrNq0+Vu/B6WjLN7Ord6BrMzDrD1
fy7+Mw0fM4KC1tWKPS5PwRYD5d5j5Z03oqdAhz34X1AzN3VZQ7Ko6PlTdV3+EVHH
j6lUlLv4lrRwhi96DwAz73i+3OagxMPr8LGh6AEeKKlwebPeW6oj8iYZ/pVlgz/Z
wmRjM1eRcoC6ao/pXYAo8/zeipdhrY9zbL2F3Z9ogG1xhDElktWy5Map7vSm0Kx+
0U0Phu6nTO7EZJ/96lwZ6EZCAXjV8JWxCmZeAj6tEpyjk/a3ezaHc8FhqNjP+Ypl
dkI7fm/ByF2C9IFyNABCVpjDiEbDGJJ8z3HWgP26QJRj2FtGtub4mt2NsKACnQe7
teaBDw6o+eFHLSNz3zYaBVwX4tQ9WsHV03gZPzeqGWAwu7brLZcmN+Zs5Es4XWis
NQ2yLFaEHLmdQ1kgwHF5NmNc9paWbIGD67OxLiQ2MnXcgmYzIB2RfhCo2WZI3R4G
CFdQL8nPNiadt0ju8mtcNA+OM8rwi23u6sk0bGHvyJncYLjd7Eiwmf+NCo7rEbRM
JsrQ3mfxJgu1lbHg+F6z0JkCAwEAAQ==
-----END PUBLIC KEY-----
EOF

read -s -r -p "Enter Password:" password
echo -n "$password" | openssl pkeyutl -encrypt -inkey "$public_key_file" -pubin -pkeyopt rsa_padding_mode:oaep -out "$cred_file_temp"

# Base64 encode the encrypted password
base64 -w 0  < "$cred_file_temp" > "$cred_file"
rm "$public_key_file"
rm "$cred_file_temp"
chmod 640 "$cred_file"

echo -e "\nEncrypted credentials file path: $cred_file"