require 'base64'

Puppet::Functions.create_function(:openldap_password) do
  dispatch :passwd do
    param 'String', :secret
    param 'String', :scheme
  end

  def passwd(secret, scheme = '{SSHA}')
    case scheme[%r{([A-Z,0-9]+)}, 1]
    when 'CRYPT'
      salt = call_function('fqdn_rand_string', 2)
      password = '{CRYPT}' + secret.crypt(salt)
    when 'MD5'
      password = '{MD5}' + Digest::MD5.hexdigest(secret)
    when 'SHA'
      password = '{SHA}' + Digest::SHA1.hexdigest(secret)
    when 'SMD5'
      salt = call_function('fqdn_rand_string', 8)
      salted_hash = "#{Digest::MD5.digest(secret + salt)}#{salt}"
      password = '{SMD5}' + [salted_hash].pack('m').delete("\n")
    when 'SSHA'
      salt = call_function('fqdn_rand_string', 8)
      password = '{SSHA}' + Base64.encode64("#{Digest::SHA1.digest(secret + salt)}#{salt}").chomp
    else
      raise(Puppet::ParseError, "openldap_password(): Unrecognized scheme #{scheme}")
    end

    password
  end
end