#!/bin/sh

case "$1" in
  "status")
	grep forbidden_functions /etc/pkcs11proxyd/filter-softhsm.conf|grep C_Create >/dev/null 2>&1
	if test "$?" = 0;then
		echo locked
	else
		echo unlocked
	fi
	;;
  "lock")
	id|grep root >/dev/null 2>&1
	if [ $? != 0 ];then
		echo "This command can only be run by the administrator"
		exit 1
	fi

	ln -sf /var/lib/pkcs11proxyd/filter-softhsm-locked.conf /etc/pkcs11proxyd/filter-softhsm.conf
	systemctl restart pkcs11proxyd-softhsm
	;;
  "unlock")
  	id|grep root >/dev/null 2>&1
	if [ $? != 0 ];then
		echo "This command can only be run by the administrator"
		exit 1
	fi

	ln -sf /var/lib/pkcs11proxyd/filter-softhsm-unlocked.conf /etc/pkcs11proxyd/filter-softhsm.conf
	systemctl restart pkcs11proxyd-softhsm
	;;
  *)
	echo "$0: [status|lock|unlock]"
	;;
esac

exit 0
