#!/bin/bash

# KNEL SSL Stack Compilation Initializer
# Compiles OpenSSL, nghttp2, curl, APR, and Apache HTTPd from source
# Made from instructions at https://www.tunetheweb.com/performance/http2/

set -euo pipefail

echo "Running SSL stack compilation initializer..."

# Only run on specific systems or if explicitly requested
# This is a resource-intensive operation
if [[ $DEV_WORKSTATION_CHECK -gt 0 ]] || [[ "${COMPILE_SSL_STACK:-}" == "true" ]]; then
    echo "Compiling SSL stack from source..."
    
    # Base URLs and files (using original versions from KNELServerBuild)
    OPENSSL_URL_BASE="https://www.openssl.org/source/"
    OPENSSL_FILE="openssl-1.1.0h.tar.gz"
    
    NGHTTP_URL_BASE="https://github.com/nghttp2/nghttp2/releases/download/v1.31.0/"
    NGHTTP_FILE="nghttp2-1.31.0.tar.gz"
    
    APR_URL_BASE="https://archive.apache.org/dist/apr/"
    APR_FILE="apr-1.6.3.tar.gz"
    
    APR_UTIL_URL_BASE="https://archive.apache.org/dist/apr/"
    APR_UTIL_FILE="apr-util-1.6.1.tar.gz"
    
    APACHE_URL_BASE="https://archive.apache.org/dist/httpd/"
    APACHE_FILE="httpd-2.4.33.tar.gz"
    
    CURL_URL_BASE="https://curl.haxx.se/download/"
    CURL_FILE="curl-7.60.0.tar.gz"
    
    # Create build directory
    BUILD_DIR="/tmp/ssl-stack-build"
    mkdir -p "$BUILD_DIR"
    cd "$BUILD_DIR"
    
    # Install build dependencies
    DEBIAN_FRONTEND="noninteractive" apt-get -y install \
        build-essential \
        wget \
        gcc \
        make \
        perl \
        libpcre3 \
        libpcre3-dev \
        zlib1g \
        zlib1g-dev \
        || true
    
    # Download and compile OpenSSL
    echo "Compiling OpenSSL..."
    wget $OPENSSL_URL_BASE/$OPENSSL_FILE
    tar xzf $OPENSSL_FILE
    cd openssl-1.1.0h
    ./config enable-weak-ssl-ciphers shared zlib-dynamic -DOPENSSL_TLS_SECURITY_LEVEL=0 --prefix=/usr/local/custom-ssl/openssl-1.1.0h
    make
    make install
    ln -sf /usr/local/custom-ssl/openssl-1.1.0h /usr/local/openssl
    cd -
    
    # Download and compile nghttp2
    echo "Compiling nghttp2..."
    wget $NGHTTP_URL_BASE/$NGHTTP_FILE
    tar xzf $NGHTTP_FILE
    cd nghttp2-1.31.0
    ./configure --prefix=/usr/local/custom-ssl/nghttp
    make
    make install
    cd -
    
    # Update ldconfig for custom SSL
    cat <<EOF > /etc/ld.so.conf.d/custom-ssl.conf
/usr/local/custom-ssl/openssl-1.1.0h/lib
/usr/local/custom-ssl/nghttp/lib
EOF
    ldconfig
    
    # Download and compile curl
    echo "Compiling curl..."
    wget $CURL_URL_BASE/$CURL_FILE
    tar xzf $CURL_FILE
    cd curl-7.60.0
    ./configure --prefix=/usr/local/custom-ssl/curl --with-nghttp2=/usr/local/custom-ssl/nghttp/ --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/
    make
    make install
    cd -
    
    # Download and compile APR
    echo "Compiling APR..."
    wget $APR_URL_BASE/$APR_FILE
    tar xzf $APR_FILE
    cd apr-1.6.3
    ./configure --prefix=/usr/local/custom-ssl/apr
    make
    make install
    cd -
    
    # Download and compile APR-util
    echo "Compiling APR-util..."
    wget $APR_UTIL_URL_BASE/$APR_UTIL_FILE
    tar xzf $APR_UTIL_FILE
    tar xzf $APR_UTIL_FILE
    cd apr-util-1.6.1
    ./configure --prefix=/usr/local/custom-ssl/apr-util --with-apr=/usr/local/custom-ssl/apr
    make
    make install
    cd -
    
    # Download and compile Apache HTTPd
    echo "Compiling Apache HTTPd..."
    wget $APACHE_URL_BASE/$APACHE_FILE
    tar xzf $APACHE_FILE
    cd httpd-2.4.33
    cp -r ../apr-1.6.3 srclib/apr
    cp -r ../apr-util-1.6.1 srclib/apr-util
    ./configure --prefix=/usr/local/custom-ssl/apache \
        --with-ssl=/usr/local/custom-ssl/openssl-1.1.0h/ \
        --with-pcre=/usr/bin/pcre-config \
        --enable-unique-id \
        --enable-ssl \
        --enable-so \
        --with-included-apr \
        --enable-http2 \
        --with-nghttp2=/usr/local/custom-ssl/nghttp/
    make
    make install
    ln -sf /usr/local/custom-ssl/apache /usr/local/apache
    cd -
    
    # Cleanup
    cd /
    rm -rf "$BUILD_DIR"
    
    echo "SSL stack compilation completed"
    echo "Custom installations available at:"
    echo "  OpenSSL: /usr/local/custom-ssl/openssl-1.1.0h"
    echo "  nghttp2: /usr/local/custom-ssl/nghttp"
    echo "  curl:    /usr/local/custom-ssl/curl"
    echo "  APR:     /usr/local/custom-ssl/apr"
    echo "  Apache:  /usr/local/custom-ssl/apache"
    
else
    echo "Skipping SSL stack compilation (only runs on dev workstations or when COMPILE_SSL_STACK=true)"
fi

echo "SSL stack compilation initializer completed"