# description: copy proxy certificate to the job session directory
# param:COPY_CACERT_DIR:Yes,No:Yes:If set to Yes, CA certificate dir will be copied to the session directory along with proxy certificate
# param:USE_DELEGATION_DB:Yes,No:No:If set to Yes RTE will try to extract proxy certificate from A-REX delegation DB (works in limited number of cases)
# param:X509_CERT_DIR:string:/etc/pki/tls/certs:CAdir to use (either /etc/grid-security/certificates or system folder depending on x509_cert_policy grid or system)

COPY_CACERT_DIR="${COPY_CACERT_DIR:-Yes}"
USE_DELEGATION_DB="${USE_DELEGATION_DB:-No}"
X509_CERT_DIR="${X509_CERT_DIR:-/etc/grid-security/certificates}"


if [ "x$1" = "x0" ]; then

    PROXY_FILE=$(control_path "${joboption_controldir}" "${joboption_gridid}" "proxy")
   
    if [ "x$COPY_CACERT_DIR" = "xYes" ]; then
        mkdir -pv ${joboption_directory}/arc/certificates/
        cp -rv ${X509_CERT_DIR}/* ${joboption_directory}/arc/certificates/
    fi
    if [ "x$USE_DELEGATION_DB" = "xYes" ]; then
        GM_JOBS="${ARC_LOCATION:-/usr}/lib/arc/gm-jobs"
        # try DB export or fall back to proxy file
        $GM_JOBS -J -S -D ${joboption_gridid} -o "${PROXY_FILE}" || USE_DELEGATION_DB="No"
    fi
    if [ "x$USE_DELEGATION_DB" = "xNo" ]; then
        cat "${PROXY_FILE}" > "${joboption_directory}/user.proxy"
    fi
    chmod 600 "${joboption_directory}/user.proxy"
elif [ "x$1" = "x1" ]; then
    export X509_USER_PROXY="${X509_USER_PROXY:-${RUNTIME_JOB_DIR}/user.proxy}"
    export X509_USER_CERT="${X509_USER_CERT:-${RUNTIME_JOB_DIR}/user.proxy}"
    if [ "x$COPY_CACERT_DIR" = "xYes" ]; then
        export X509_CERT_DIR="${RUNTIME_JOB_DIR}/arc/certificates"
    else
        export X509_CERT_DIR="${X509_CERT_DIR:-/etc/grid-security/certificates}"
    fi
elif [ "x$1" = "x2" ]; then
    if [ "x$COPY_CACERT_DIR" = "xYes" ]; then
        rm -rf ${RUNTIME_JOB_DIR}/arc/certificates
    fi
fi
