//---------------------------------
// Juniper update script
//---------------------------------
import com.cloakware.cspm.common.Constants.Protocol;
import com.cloakware.cspm.server.plugin.ClientChannelTimeoutException;
import com.cloakware.cspm.server.plugin.ExtendedTargetManager;
import com.cloakware.cspm.server.plugin.ExtendedTargetManager.UnixVariant;
import com.cloakware.cspm.server.plugin.targetmanager.UnixAdvancedTargetManager;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Pattern;

private static final int ERROR_FAILED_TO_UPDATE = 6526;
private static final int ERROR_DEVICE_BUSY= 6529;
private static final int ERROR_INPUT = 6532;

private static final String ERROR_RESPONSE_TXT= "Unexpected response from device.";
private static final String ERROR_DEVICE_BUSY_TXT= "Failed to update password, device is in use by another user.";

log.debug("Start executing Juniper update script for user " + newAccount.getUserName());
//
// Return with error by default
//
result.setErrorCode( ERROR_FAILED_TO_UPDATE );
result.setErrorMessage( "Failed to update credentials. Review the Catalina log file for further information or else contact your Administrator." );
result.setSuccess( false );
 
//
// Script assumes that root is used to change passwords, return with error if that is not the case
//
if ( ! "root".equals(accountToUseForAuthentication.getUserName()) ) {
	log.debug("Script implemented for password changes using root only, but find user " + accountToUseForAuthentication.getUserName() );
	return;
}
boolean accountIsRoot = "root".equals(newAccount.getUserName());
log.debug("accountIsRoot = " + accountIsRoot);

String patString = new String("root@.*[#|\\$|\\%|>]");
Pattern pat_prompt= Pattern.compile( patString );
log.debug("Using prompt pattern: " + patString );
//
// Wait for shell prompt
// possibly comment out if this causes delays because the prompt came before we got here
//
try {
	channel.readUntil( pat_prompt, timeout );
} catch (ClientChannelTimeoutException ex) {
	log.debug("ignoring shell prompt timeout exception");
}

//
// Send the cli command and wait for the prompt again
//
channel.send( "cli" );
try {
	channel.readUntil( pat_prompt, timeout );
} catch (ClientChannelTimeoutException ex) {
	log.debug("Juniper update script: timeout exception after cli command");
	result.setException( ex );
	return;
}

try {
	//
	// Send the configure command and wait for the expected response
	//
	channel.send( "configure" );
	channel.setTimeout( timeout * 5 );
	Pattern configEnter = Pattern.compile( "Entering configuration mode[\\s\\S]{0,5}.*\\[edit\\]" );
	Pattern configLocked = Pattern.compile( "error: configuration database locked" );
	Pattern configEdited = Pattern.compile( "Users currently editing the configuration" );
	ArrayList pList = new ArrayList();
	pList.add(configEnter);
	pList.add(configLocked);
	pList.add(configEdited);
	
	switch ( channel.readUntil( pList ) ) {
		case 1:
		case 2:
			debug("updateCredentials: Device is in use by another user.");
			result.setErrorMessage(ERROR_DEVICE_BUSY_TXT);
			result.setErrorDetails(ERROR_DEVICE_BUSY_TXT);
			result.setErrorCode(ERROR_DEVICE_BUSY);
			return;
		case 0:
			// Now in 'configure exclusive' mode
			if ( accountIsRoot ) {
				channel.send( "set system root-authentication plain-text-password" );
			}
			else {
				channel.send( "set system login user " + newAccount.getUserName() + " authentication plain-text-password" );
			}
			channel.readUntil( "New password:" ,timeout );
			channel.send( newAccount.getPassword(), false );
			channel.readUntil( "Retype new password:", timeout );
			channel.send( newAccount.getPassword(), false );
			channel.readUntil( pat_prompt, timeout );
			// Commit changes, this can take minutes to return
			// may need to increase the second parameter of the .readUntil call below even further
			channel.send( "commit and-quit" );
			Pattern exitPattern = Pattern.compile( "commit complete[\\s\\S]*Exiting configuration mode" );
			channel.readUntil( exitPattern, 60*timeout );
			//
			// Done, exit cli mode
			//
			channel.send( "exit" );
			channel.readUntil( pat_prompt, timeout );
			result.setSuccess( true );
			return;
		case -1:
		default:
			// nothing found
			log.debug("Juniper update script: Unexpected or no response from device");
			result.setErrorMessage(ERROR_RESPONSE_TXT);
			result.setErrorDetails(ERROR_RESPONSE_TXT);
			result.setErrorCode(ERROR_INPUT);
			return;
	}
} catch (ClientChannelTimeoutException ex) {
	log.debug("Juniper update script: timeout exception during configuration mode");
	result.setException( ex );
	return;
}