#!/usr/bin/env bash

# monkeysphere-host: Monkeysphere host admin tool
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
# Micah Anderson <micah@riseup.net>
#
# They are Copyright 2008-2009, and are all released under the GPL,
# version 3 or later.

########################################################################
set -e

# set the pipefail option so pipelines fail on first command failure
set -o pipefail

PGRM=$(basename $0)

SYSSHAREDIR=${MONKEYSPHERE_SYSSHAREDIR:-"/usr/share/monkeysphere"}
export SYSSHAREDIR
. "${SYSSHAREDIR}/common" || exit 1

SYSDATADIR=${MONKEYSPHERE_SYSDATADIR:-"/var/lib/monkeysphere"}
export SYSDATADIR

# sharedir for host functions
MHSHAREDIR="${SYSSHAREDIR}/mh"

# datadir for host functions
MHDATADIR="${SYSDATADIR}/host"

# host pub key files
HOST_KEY_FILE="${SYSDATADIR}/ssh_host_rsa_key.pub.gpg"

# UTC date in ISO 8601 format if needed
DATE=$(date -u '+%FT%T')

# unset some environment variables that could screw things up
unset GREP_OPTIONS

########################################################################
# FUNCTIONS
########################################################################

usage() {
    cat <<EOF >&2
usage: $PGRM <subcommand> [options] [args]
Monkeysphere host admin tool.

subcommands:
 import-key (i) FILE NAME[:PORT]     import existing ssh key to gpg
 show-key (s)                        output all host key information
 publish-key (p)                     publish host key to keyserver
 set-expire (e) [EXPIRE]             set host key expiration
 add-hostname (n+) NAME[:PORT]       add hostname user ID to host key
 revoke-hostname (n-) NAME[:PORT]    revoke hostname user ID
 add-revoker (r+) [KEYID|FILE]        add a revoker to the host key
 revoke-key                          generate and/or publish revocation
                                     certificate for host key

 version (v)                         show version number
 help (h,?)                          this help

See ${PGRM}(8) for more info.
EOF
}

# function to interact with the gpg keyring
gpg_host() {
    GNUPGHOME="$GNUPGHOME_HOST" gpg --no-greeting --quiet --no-tty "$@"
}

# command to list the info about the host key, in colon format, to
# stdout
gpg_host_list() {
    gpg_host --list-keys --with-colons --fixed-list-mode \
	--with-fingerprint --with-fingerprint \
	"0x${HOST_FINGERPRINT}!"

}

# command for edit key scripts, takes scripts on stdin
gpg_host_edit() {
    gpg_host --command-fd 0 --edit-key "0x${HOST_FINGERPRINT}!" "$@"
}

# export the host public key to the monkeysphere gpg pub key file
update_gpg_pub_file() {
    log debug "updating openpgp public key file '$HOST_KEY_FILE'..."
    gpg_host --export --armor --export-options export-minimal \
	"0x${HOST_FINGERPRINT}!" > "$HOST_KEY_FILE"
}

# load the host fingerprint into the fingerprint variable, using the
# export gpg pub key file
# FIXME: this seems much less than ideal, with all this temp keyring
# stuff.  is there a way we can do this without having to create temp
# files?  what if we stored the fingerprint in MHDATADIR/fingerprint?
load_fingerprint() {
    if [ -f "$HOST_KEY_FILE" ] ; then
	HOST_FINGERPRINT=$( \
	    (FUBAR=$(mktemp -d) && export GNUPGHOME="$FUBAR" \
	    && gpg --quiet --import \
	    && gpg --quiet --list-keys --with-colons --with-fingerprint \
	    && rm -rf "$FUBAR") <"$HOST_KEY_FILE" \
	    | grep '^fpr:' | cut -d: -f10 )
    else
	failure "host key gpg pub file not found."
    fi
}

# load the host fingerprint into the fingerprint variable, using the
# gpg host secret key
load_fingerprint_secret() {
    HOST_FINGERPRINT=$( \
	gpg_host --list-secret-key --with-colons --with-fingerprint \
	| grep '^fpr:' | cut -d: -f10 )
}

# fail if host key present
check_host_key() {
    [ ! -s "$HOST_KEY_FILE" ] \
	|| failure "An OpenPGP host key already exists."
}

# fail if host key not present
check_host_no_key() {
    [ -s "$HOST_KEY_FILE" ] \
	|| failure "You don't appear to have a Monkeysphere host key on this server.
Please run 'monkeysphere-host import-key...' first."
}

# output the index of a user ID on the host key
# return 1 if user ID not found
find_host_userid() {
    local userID="$1"
    local tmpuidMatch
    local line

    # match to only ultimately trusted user IDs
    tmpuidMatch="u:$(echo $userID | gpg_escape)"

    # find the index of the requsted user ID
    # NOTE: this is based on circumstantial evidence that the order of
    # this output is the appropriate index
    line=$(gpg_host_list | egrep '^(uid|uat):' | cut -f2,10 -d: | \
	grep -n -x -F "$tmpuidMatch" 2>/dev/null)

    if [ "$line" ] ; then
	echo ${line%%:*}
	return 0
    else
	return 1
    fi
}

# show info about the host key
show_key() {
    local GNUPGHOME
    local TMPSSH
    local revokers

    # tmp gpghome dir
    export GNUPGHOME=$(msmktempdir)

    # trap to remove tmp dir if break
    trap "rm -rf $GNUPGHOME" EXIT

    # import the host key into the tmp dir
    gpg --quiet --import <"$HOST_KEY_FILE"

    # create the ssh key
    TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub
    gpg --export | openpgp2ssh 2>/dev/null >"$TMPSSH"

    # get the gpg fingerprint
    HOST_FINGERPRINT=$(gpg --quiet --list-keys --with-colons --with-fingerprint \
	| grep '^fpr:' | cut -d: -f10 )

    # list the host key info
    # FIXME: make no-show-keyring work so we don't have to do the grep'ing
    # FIXME: can we show uid validity somehow?
    gpg --list-keys --fingerprint \
	--list-options show-unusable-uids 2>/dev/null \
	| grep -v "^${GNUPGHOME}/pubring.gpg$" \
	| egrep -v '^-+$'

    # list revokers, if there are any
    revokers=$(gpg --list-keys --with-colons --fixed-list-mode \
	| awk -F: '/^rvk:/{ print $10 }' )
    if [ "$revokers" ] ; then
	echo "The following keys are allowed to revoke this host key:"
	for key in $revokers ; do
	    echo "revoker: $key"
	done
	echo
    fi

    # list the pgp fingerprint
    echo "OpenPGP fingerprint: $HOST_FINGERPRINT"

    # list the ssh fingerprint
    echo -n "ssh fingerprint: "
    ssh-keygen -l -f "$TMPSSH" | awk '{ print $1, $2, $4 }'

    # remove the tmp file
    trap - EXIT
    rm -rf "$GNUPGHOME"
}

########################################################################
# MAIN
########################################################################

# load configuration file
[ -e ${MONKEYSPHERE_HOST_CONFIG:="${SYSCONFIGDIR}/monkeysphere-host.conf"} ] \
    && . "$MONKEYSPHERE_HOST_CONFIG"

# set empty config variable with ones from the environment, or with
# defaults
LOG_LEVEL=${MONKEYSPHERE_LOG_LEVEL:=$LOG_LEVEL}
KEYSERVER=${MONKEYSPHERE_KEYSERVER:=$KEYSERVER}
CHECK_KEYSERVER=${MONKEYSPHERE_CHECK_KEYSERVER:=$CHECK_KEYSERVER}
MONKEYSPHERE_USER=${MONKEYSPHERE_MONKEYSPHERE_USER:=$MONKEYSPHERE_USER}
PROMPT=${MONKEYSPHERE_PROMPT:=$PROMPT}

# other variables
GNUPGHOME_HOST=${MONKEYSPHERE_GNUPGHOME_HOST:="${MHDATADIR}"}

# export variables needed in su invocation
export DATE
export LOG_LEVEL
export KEYSERVER
export CHECK_KEYSERVER
export MONKEYSPHERE_USER
export PROMPT
export GNUPGHOME_HOST
export GNUPGHOME
export HOST_FINGERPRINT

# get subcommand
COMMAND="$1"
[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
shift

case $COMMAND in
    'import-key'|'i')
	check_host_key
	source "${MHSHAREDIR}/import_key"
	import_key "$@"
	;;

    'show-key'|'show'|'s')
	check_host_no_key
	show_key
	;;

    'set-expire'|'extend-key'|'e')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/set_expire"
	set_expire "$@"
	;;

    'add-hostname'|'add-name'|'n+')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/add_hostname"
	add_hostname "$@"
	;;

    'revoke-hostname'|'revoke-name'|'n-')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/revoke_hostname"
	revoke_hostname "$@"
	;;

    'add-revoker'|'r+')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/add_revoker"
	add_revoker "$@"
	;;

    'revoke-key')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/revoke_key"
	revoke_key "$@"
	;;

    'publish-key'|'publish'|'p')
	check_host_no_key
	load_fingerprint
	source "${MHSHAREDIR}/publish_key"
	publish_key
	;;

    'diagnostics'|'d')
	load_fingerprint
	source "${MHSHAREDIR}/diagnostics"
	diagnostics
	;;

    'update-gpg-pub-file')
	load_fingerprint_secret
	update_gpg_pub_file
	;;

    'version'|'v')
	version
	;;

    '--help'|'help'|'-h'|'h'|'?')
        usage
        ;;

    *)
        failure "Unknown command: '$COMMAND'
Type '$PGRM help' for usage."
        ;;
esac