#!/usr/bin/env bash

connect() {
	read -sp $'Please enter your Encryption Password: ' encpass
	echo " ==> Connecting"
	TOKEN=$(cat ~/.local/share/ethz-vpn-connect/ethzvpntoken.secret | openssl enc -aes-256-cbc -pbkdf2 -d -a -k $encpass)
	PASSWORD=$(cat ~/.local/share/ethz-vpn-connect/ethzvpnpass.secret | openssl enc -aes-256-cbc -pbkdf2 -d -a -k $encpass)
	USERNAME=$(cat ~/.local/share/ethz-vpn-connect/ethzvpnusername.txt)
	echo $PASSWORD | sudo openconnect -bv -u $USERNAME@student-net.ethz.ch -g student-net --useragent=AnyConnect --no-external-auth --passwd-on-stdin --token-mode=totp --token-secret=sha1:base32:$TOKEN sslvpn.ethz.ch
	if [ $? -ne 0 ]; then
		echo ' ==> Failed to connect <=='
	else
		echo ' ==> Connected <==\n'
	fi
	encpass=""
	PASSWORD=""
	TOKEN=""
}

disconnect() {
	sudo killall -v -SIGINT openconnect
	echo " ==> Disconnected"
}

setup() {
	echo 'You are about to overwrite your secrets. Press ctrl + C to cancel.'
	read -p 'Please enter your ETHZ-Username: ' USERNAME
	read -sp 'Please choose and enter your Encryption Password (will be required when launching): ' encpass
    echo ""
	read -sp 'Please enter your ETHZ WLAN (= Radius) Password: ' PASSWORD
    echo ""
	read -sp 'Please enter your ETHZ OTP Secret: ' TOKEN
    echo ""
	if [[ -d ~/.local/share/ethz-vpn-connect ]]; then
		rm -rf ~/.local/share/ethz-vpn-connect
	fi
	mkdir ~/.local/share/ethz-vpn-connect
	echo $PASSWORD | openssl enc -aes-256-cbc -pbkdf2 -a -k $encpass >~/.local/share/ethz-vpn-connect/ethzvpnpass.secret
	echo $TOKEN | openssl enc -aes-256-cbc -pbkdf2 -a -k $encpass >~/.local/share/ethz-vpn-connect/ethzvpntoken.secret
	echo $USERNAME >~/.local/share/ethz-vpn-connect/ethzvpnusername.txt
	encpass=""
	PASSWORD=""
	TOKEN=""
	if [ $? -ne 0 ]; then
		echo ' ==> Failed to set secrets <=='
	else
		echo ' ==> Secrets set <==\n'
	fi
}

case "$1" in
'connect')
	connect
	;;
c)
	connect
	;;
'disconnect')
	disconnect
	;;
d)
	disconnect
	;;
dc)
	disconnect
	;;
setup)
	setup
	;;
*)
	echo -e 'Usage: ethz-vpn [Option] \n [Option]: \n       connect, c:             Connect VPN \n  disconnect, d, dc:      Disconnect VPN \n setup: set secrets and eth-Username.\n'
	;;
esac