#!/bin/bash
# init-asl-host.sh
# ASL Host offline initialization
# Handles: rescue, admission, and normal modes
# Mounts ZFS pools, sets up environment, optionally starts capture shell

set -euo pipefail

# -----------------------------
# Configuration
# -----------------------------
ASL_ROOT=/var/lib/asl
ASL_COMMON=$ASL_ROOT/common
ASL_PERSONAL=$ASL_ROOT/personal
ASL_POOLS=$ASL_ROOT/pools
ASL_LOG=/var/log/asl
ASL_CAPTURE_BIN=/usr/bin/asl-capture

# Default mode if not specified
MODE=${1:-normal}

# ZFS pool names
POOL_COMMON=asl_common
POOL_PERSONAL=asl_personal

# -----------------------------
# Functions
# -----------------------------
log() {
    echo "[ASL-HOST] $*" | tee -a "$ASL_LOG/init.log"
}

setup_dirs() {
    log "Creating ASL directories..."
    mkdir -p "$ASL_COMMON" "$ASL_PERSONAL" "$ASL_POOLS" "$ASL_LOG"
}

mount_pools() {
    log "Checking ZFS pools..."
    if ! zpool list "$POOL_COMMON" &>/dev/null; then
        log "Creating common pool $POOL_COMMON..."
        zpool create -m "$ASL_COMMON" "$POOL_COMMON" "$ASL_POOLS/common.img"
    else
        log "Importing common pool..."
        zpool import "$POOL_COMMON" "$POOL_COMMON"
    fi

    if ! zpool list "$POOL_PERSONAL" &>/dev/null; then
        log "Creating personal pool $POOL_PERSONAL..."
        zpool create -m "$ASL_PERSONAL" "$POOL_PERSONAL" "$ASL_POOLS/personal.img"
    else
        log "Importing personal pool..."
        zpool import "$POOL_PERSONAL" "$POOL_PERSONAL"
    fi
}

rescue_mode() {
    log "Entering rescue mode..."
    USB_MOUNT=/mnt/usb
    mkdir -p "$USB_MOUNT"

    log "Waiting for USB device..."
    read -p "Plug USB device and enter device path (e.g., /dev/sda1): " USB_DEV
    mount "$USB_DEV" "$USB_MOUNT"

    log "Capturing artifacts from USB..."
    "$ASL_CAPTURE_BIN" --input "$USB_MOUNT" --output "$ASL_PERSONAL" --pty

    log "USB capture complete."
    umount "$USB_MOUNT"
}

admission_mode() {
    log "Entering admission mode..."
    log "Bootstrapping new personal domain..."
    # Generate domain keys, initial certificates
    DOMAIN_KEY="$ASL_PERSONAL/domain.key"
    DOMAIN_CERT="$ASL_PERSONAL/domain.crt"

    if [[ ! -f "$DOMAIN_KEY" ]]; then
        log "Generating new domain key..."
        openssl genpkey -algorithm RSA -out "$DOMAIN_KEY" -pkeyopt rsa_keygen_bits:4096
    fi

    if [[ ! -f "$DOMAIN_CERT" ]]; then
        log "Generating self-signed certificate..."
        openssl req -new -x509 -key "$DOMAIN_KEY" -out "$DOMAIN_CERT" -days 365 \
            -subj "/CN=Offline-ASL-Host"
    fi

    log "Personal domain initialized."
}

normal_mode() {
    log "Entering normal offline mode..."
    log "ASL environment ready."
}

start_capture_shell() {
    if command -v "$ASL_CAPTURE_BIN" >/dev/null 2>&1; then
        log "Starting PTY capture shell..."
        exec "$ASL_CAPTURE_BIN" --pty -- /bin/bash
    else
        log "asl-capture binary not found, starting plain shell..."
        exec /bin/bash
    fi
}

# -----------------------------
# Main execution
# -----------------------------
setup_dirs
mount_pools

case "$MODE" in
    rescue)
        rescue_mode
        ;;
    admission)
        admission_mode
        ;;
    normal)
        normal_mode
        ;;
    *)
        log "Unknown mode: $MODE"
        exit 1
        ;;
esac

start_capture_shell