�&ǐk�@'bJ�h�ۊL'}T�:��'2�Z#$��n�a����>a��`��_3d�Qpt�/�P
-��#5�,�M���
�pA:©�q�����NW��ډ�A�����9nʺج����
�TSM��{J6?7��r�@�\����D����׶���s�f�TJj?"��D��`?��̒�	b�#�%�C*v�$�{�$����5Ծ�F�s��y�e/8��h-�f�̰&(����Gj�L:U�	2������v�_k����Y��gp,�k�WF�R����<Q%E�,��+׬��$�䑽�0����]q�%�ˮI�����5_�}}�c�{8�.��&���o��Ӳ�ߢ�!�2M��@��GƲz�@�Z$�b�ցK���Q��m�C���6�i����V�j|�s�y����\1�����5'?�@3�$%vP�v >��_C�R��N@���R�@�ߔ?A�w9���F("iNa-S���Q�o�3tDMLh*�#4k�T/iQ��Y*�G��m����)��8�hBm/�I�,g�ﯖ���Z��}�Cz�q@´��d.����L�ŕ�,��1�Z�܌�:̪���F+J-'��c�tvJ8��]Q-��b��y�6;*J`r_�d	��'�G ~p��)'�C,�%F��E(��2�k�����lР�z�!�=t��_�0��f7���
;�p�|�U	�%<j
��I�#!/usr/local/cpanel/3rdparty/bin/perl

# cpanel - scripts/ccs-check                       Copyright 2022 cPanel, L.L.C.
#                                                           All rights reserved.
# copyright@cpanel.net                                         http://cpanel.net
# This code is subject to the cPanel license. Unauthorized copying is prohibited

use strict;
use warnings;

# Make sure we get exactly the args we want, with a little flexibility for calling --help, -h, -HELP, etc.
exit script() unless caller;

sub script {
    my $args_ok    = 0;
    my $update_ssl = 0;
    my $no_restart = 0;
    my $force_run  = 0;
    foreach my $arg (@ARGV) {
        if ( $arg =~ m/^-{1,2}h/i ) {
            show_usage();
            return 0;
        }
        elsif ( $arg eq '--run' ) {
            $args_ok = 1;
        }
        elsif ( $arg eq '--ssl' ) {
            $update_ssl = 1;
        }
        elsif ( $arg eq '--force' ) {
            $force_run = 1;
        }
        elsif ( $arg eq '--norestart' ) {
            $no_restart = 1;
        }
        else {
            print "Unknown arguments passed.\n";
            show_usage(1);
            return 1;
        }
    }
    if ( $args_ok != 1 ) {
        show_usage();
        return 1;
    }

    # If it's not installed, just abort
    if ( !$force_run && !-f '/opt/cpanel-ccs/bin/run' ) {
        return 0;
    }

    # Handle updating of SSL pem for CCS
    if ( $update_ssl == 1 ) {
        require Cpanel::SSLService;
        my %ssl_info = Cpanel::SSLService::getsslargs();

        require Cpanel::SafetyBits::Chown;
        require Cpanel::MD5;

        my $target_pem = '/opt/cpanel-ccs/conf/cpanel.pem';

        my $orig_md5;
        if ( -f $target_pem ) {
            $orig_md5 = Cpanel::MD5::getmd5sum($target_pem);
        }

        if ( defined( $ssl_info{'SSL_cert_file'} ) ) {
            require Cpanel::FileUtils::Copy;
            if ( !-d '/opt/cpanel-ccs/conf' ) {
                require Cpanel::SafeDir::MK;

                Cpanel::SafeDir::MK::safemkdir('/opt/cpanel-ccs/conf');
                if ( $< == 0 ) {
                    Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', '/opt/cpanel-ccs/conf' );
                }
            }

            # If we have a combined pem, use that, otherwise we need to build a PEM from what we have.
            if ( $ssl_info{'SSL_cert_file'} eq $ssl_info{'SSL_key_file'} ) {
                Cpanel::FileUtils::Copy::safecopy( $ssl_info{'SSL_cert_file'}, $target_pem );
                if ( $< == 0 ) {
                    Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', $target_pem );
                }
            }
            else {
                my $pem_contents;

                # pem order is key > cert > ca
                foreach my $file ( $ssl_info{'SSL_key_file'}, $ssl_info{'SSL_cert_file'}, $ssl_info{'SSL_ca_file'} ) {
                    if ( open my $read_fh, '<', $file ) {
                        while ( my $line = <$read_fh> ) {
                            $pem_contents .= $line;
                        }
                    }
                }
                require Cpanel::FileUtils::Write;
                Cpanel::FileUtils::Write::write( $target_pem, $pem_contents );
                if ( $< == 0 ) {
                    Cpanel::SafetyBits::Chown::safe_chown( 'cpanel-ccs', 'cpanel-ccs', $target_pem );
                }
            }
        }
        else {
            # If the system for some reason doesn't report cert info, fall back to the self signed pem that comes with CCS
            Cpanel::FileUtils::Copy::safecopy( '/opt/cpanel-ccs/twistedcaldav/test/data/server.pem', $target_pem );
        }
        if ( -f $target_pem ) {
            if ( $no_restart == 0 ) {
                my $current_md5 = Cpanel::MD5::getmd5sum($target_pem);
                if ( !defined($orig_md5) || ( defined($orig_md5) && ( $orig_md5 ne $current_md5 ) ) ) {
                    print "SSL information changed, restarting CCS..\n";
                    require Cpanel::SafeRun::Simple;
                    Cpanel::SafeRun::Simple::saferun(qw{systemctl restart cpanel-ccs});
                }
            }
        }
        print "SSL information updated.\n";
    }

    return 0;
}
###[ Functions ]########################################################################################################

sub show_usage {
    my ($use_stderr) = @_;
    my $out_fh = ( $use_stderr ? \*STDERR : \*STDOUT );
    print $out_fh <<EOF;
This script handles some maintenance for the Calendar and Contacts Server plugin, if installed.

Usage:
    scripts/ccs-check <--help|--run|--ssl>

    --help      : Show this output
    --run       : Actually run this script
    --ssl       : Copy the SSL certificate information in to place
    --force     : Copy the SSL certificate information in to place regardless if CCS is installed or not
    --norestart : Don't restart CCS even if SSL information is updated

EOF
    return;
}