# Copyright 1999-2024 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2

EAPI=8

DISTUTILS_USE_PEP517=poetry
PYTHON_COMPAT=( python3_{11..13} )
PYTHON_REQ_USE="sqlite"

inherit wrapper python-single-r1

DESCRIPTION="A post-exploitation framework"
HOMEPAGE="https://github.com/BC-SECURITY/Empire"
SRC_URI="https://github.com/BC-SECURITY/Empire/archive/v${PV}.tar.gz -> ${P}.tar.gz"
S="${WORKDIR}/Empire-${PV}"

LICENSE="BSD"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="powershell java"
REQUIRED_USE="powershell? ( !x86 )
			${PYTHON_REQUIRED_USE}"

# https://github.com/BC-SECURITY/Empire/issues/196
RDEPEND="${PYTHON_DEPS}
	$(python_gen_cond_dep '
		dev-python/urllib3[${PYTHON_USEDEP}]
		dev-python/requests[${PYTHON_USEDEP}]
		dev-python/python-iptools[${PYTHON_USEDEP}]
		dev-python/macholib[${PYTHON_USEDEP}]
		dev-python/dropbox-sdk[${PYTHON_USEDEP}]
		dev-python/pyopenssl[${PYTHON_USEDEP}]
		dev-python/zlib_wrapper[${PYTHON_USEDEP}]
		dev-python/netifaces[${PYTHON_USEDEP}]
		dev-python/jinja2[${PYTHON_USEDEP}]
		dev-python/xlutils[${PYTHON_USEDEP}]
		dev-python/pyparsing[${PYTHON_USEDEP}]
		dev-python/pymysql[${PYTHON_USEDEP}]
		dev-python/sqlalchemy[${PYTHON_USEDEP}]
		dev-python/pyyaml[${PYTHON_USEDEP}]
		dev-python/sqlalchemy_utc[${PYTHON_USEDEP}]
		>=dev-python/prompt-toolkit-3.0.9[${PYTHON_USEDEP}]
		dev-python/terminaltables3[${PYTHON_USEDEP}]
		>=dev-python/humanize-4.0.0[${PYTHON_USEDEP}]
		dev-python/pycryptodome[${PYTHON_USEDEP}]
		dev-python/cryptography[${PYTHON_USEDEP}]
		>=dev-python/fastapi-0.104.1[${PYTHON_USEDEP}]
		>=dev-python/uvicorn-0.22.0[${PYTHON_USEDEP}]
		>=dev-python/jq-1.6.0[${PYTHON_USEDEP}]
		>=dev-python/aiofiles-23.2.1[${PYTHON_USEDEP}]
		>=dev-python/python-multipart-0.0.6[${PYTHON_USEDEP}]
		>=dev-python/websockify-0.10.0[${PYTHON_USEDEP}]
		>=dev-python/websockets-12.0[${PYTHON_USEDEP}]
		>=dev-python/pyperclip-1.8.2[${PYTHON_USEDEP}]
		>=dev-python/flask-3.0.2[${PYTHON_USEDEP}]
		>=dev-python/python-obfuscator-0.0.2[${PYTHON_USEDEP}]
		>=dev-python/pyinstaller-6.2.0[${PYTHON_USEDEP}]
		>=dev-python/tabulate-0.9.0[${PYTHON_USEDEP}]
		>=dev-python/stix2-3.0.1[${PYTHON_USEDEP}]
		>=dev-python/docopt-ng-0.9.0[${PYTHON_USEDEP}]
		>=dev-python/packaging-23.2[${PYTHON_USEDEP}]
		>=dev-python/bcrypt-4.0.1[${PYTHON_USEDEP}]

		dev-python/pysecretsocks[${PYTHON_USEDEP}]
		dev-python/donut-shellcode[${PYTHON_USEDEP}]

	')
	powershell? (
		!x86? ( app-shells/pwsh-bin ) )
	java? (
		|| ( virtual/jre:* virtual/jdk:* ) )"

DEPEND="${RDEPEND}"

pkg_setup() {
	python-single-r1_pkg_setup
}

src_prepare() {
	python_fix_shebang "${S}"
	default
}

#https://github.com/BC-SECURITY/Empire/issues/39
src_install() {
	insinto "/usr/share/${PN}"
	doins -r empire/ empire.py

#	python_optimize "${D}/usr/share/${PN}/lib"

	make_wrapper $PN \
		"${PYTHON} /usr/share/${PN}/empire.py" \
		"/usr/share/${PN}"

	dodoc README.md Dockerfile changelog
}

pkg_config() {
	local _yesno_ask
	local _em_home="${EROOT}/usr/share/${PN}"

	pushd "${_em_home}" >/dev/null || die

	if [ -f "${_em_home}/data/empire.db" ]; then
		ewarn "Drop old database "${_em_home}/data/empire.db" for new configuring ..."
		read -r -p " [>] Are you sure? [y/N] " _yesno_ask

		if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
			rm -f data/empire.db > /dev/null 2>&1 || die
		else
			return
		fi
	fi

	ebegin "Press ENTER to create password for database or Control-C to abort now"
	python3 setup/setup_database.py
	eend ${?} || die

	if [ -f "${_em_home}/data/empire-chain.pem" ] || [ -f "${_em_home}/data/empire-priv.key" ]; then
		ewarn "Drop old ${_em_home}/data/empire-chain.pem and generate new cert ..."
		read -r -p " [>] Are you sure? [y/N] " _yesno_ask

		if [[ ${_yesno_ask,,} =~ ^(yes|y)$ ]]; then
			rm -f data/{empire-chain.pem,empire-priv.key} > /dev/null 2>&1 || die
		else
			return
		fi
	fi

	openssl req -newkey rsa:2048 -new -nodes -x509 \
		-subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.pentoo.ch" \
		-keyout data/empire-priv.key \
		-out data/empire-chain.pem || die

	popd >/dev/null || die
}

pkg_postinst() {
	ewarn "\nWarning. This software does not support system-wide installation"
	ewarn "See the following bug report for more details:"
	ewarn "https://github.com/BC-SECURITY/Empire/issues/39"
	ewarn
	ewarn "You need to run it from /usr/share/${PN} directory under 'root' account"
	ewarn "\nPlease configure your installation before using:"
	ewarn "    emerge --config \"=${CATEGORY}/${PF}\"\n"
}