#!/bin/sh

# monkeysphere: MonkeySphere client tool
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@fifthhorseman.net>
#
# They are Copyright 2008, and are all released under the GPL, version 3
# or later.

########################################################################
PGRM=$(basename $0)

SHAREDIR=${SHAREDIR:-"/usr/share/monkeysphere"}
export SHAREDIR
. "${SHAREDIR}/common"

GLOBAL_CONFIG=${GLOBAL_CONFIG:-"${ETC}"/monkeysphere.conf}
[ -r "$GLOBAL_CONFIG" ] && . "$GLOBAL_CONFIG"

# date in UTF format if needed
DATE=$(date -u '+%FT%T')

# unset some environment variables that could screw things up
GREP_OPTIONS=

########################################################################
# FUNCTIONS
########################################################################

usage() {
cat <<EOF
usage: $PGRM <subcommand> [args]
Monkeysphere client tool.

subcommands:
  update-known_hosts (k) [HOST]...  update known_hosts file
  update-authorized_keys (a)        update authorized_keys file
  update-userids (u) [USERID]...    add/update userid
  gen-ae-subkey (g) KEYID           generate an 'ae' capable subkey
  help (h,?)                        this help

EOF
}

# generate a subkey with the 'a' and 'e' usage flags set
gen_ae_subkey(){
    local keyID
    local gpgOut
    local userID

    log "warning: this function is still not working."

    keyID="$1"

    # set subkey defaults
    SUBKEY_TYPE=${KEY_TYPE:-"RSA"}
    SUBKEY_LENGTH=${KEY_LENGTH:-"1024"}
    SUBKEY_USAGE=${KEY_USAGE:-"encrypt,auth"}

    gpgOut=$(gpg --fixed-list-mode --list-keys --with-colons \
	"$keyID" 2> /dev/null)

    # return 1 if there only "tru" lines are output from gpg
    if [ -z "$(echo "$gpgOut" | grep -v '^tru:')" ] ; then
	loge "  key not found."
	return 1
    fi

    userID=$(echo "$gpgOut" | grep "^uid:" | cut -d: -f10)

    # set key parameters
    keyParameters=$(cat <<EOF
Subkey-Type: $SUBKEY_TYPE
Subkey-Length: $SUBKEY_LENGTH
Subkey-Usage: $SUBKEY_USAGE
Name-Real: $userID
EOF
)

    log "The following key parameters will be used:"
    echo "$keyParameters"

    read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
    if [ ${OK/y/Y} != 'Y' ] ; then
	failure "aborting."
    fi

    # add commit command
    keyParameters="${keyParameters}"$(cat <<EOF

%commit
%echo done
EOF
)

    echo "generating subkey..."
    echo "$keyParameters" | gpg --batch --gen-key
}

########################################################################
# MAIN
########################################################################

COMMAND="$1"
[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
shift

# set ms home directory
MS_HOME=${MS_HOME:-"$HOME"/.config/monkeysphere}

# load configuration file
MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
[ -e "$MS_CONF" ] && . "$MS_CONF"

# set empty config variable with defaults
AUTHORIZED_USER_IDS=${AUTHORIZED_USER_IDS:-"$MS_HOME"/authorized_user_ids}
GNUPGHOME=${GNUPGHOME:-"$HOME"/.gnupg}
KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
USER_KNOWN_HOSTS=${USER_KNOWN_HOSTS:-"$HOME"/.ssh/known_hosts}
HASH_KNOWN_HOSTS=${HASH_KNOWN_HOSTS:-}

export GNUPGHOME

# stagging locations
hostKeysCacheDir="$MS_HOME"/host_keys
userKeysCacheDir="$MS_HOME"/user_keys
msAuthorizedKeys="$MS_HOME"/authorized_keys

# make sure gpg home exists with proper permissions
mkdir -p -m 0700 "$GNUPGHOME"

case $COMMAND in
    'update-known_hosts'|'update-known-hosts'|'k')
	MODE='known_hosts'

        # touch the known_hosts file to make sure it exists
	touch "$USER_KNOWN_HOSTS"

        # if hosts are specified on the command line, process just
        # those hosts
	if [ "$1" ] ; then
            for host ; do
		process_host "$host" "$hostKeysCacheDir"
	    done

        # otherwise, if no hosts are specified, process the user
        # known_hosts file
	else
	    if [ ! -s "$USER_KNOWN_HOSTS" ] ; then
		failure "known_hosts file '$USER_KNOWN_HOSTS' is empty."
	    fi
	    log "processing known_hosts file..."
	    process_known_hosts "$USER_KNOWN_HOSTS" "$hostKeysCacheDir"
	fi
	;;

    'update-authorized_keys'|'update-authorized-keys'|'a')
	MODE='authorized_keys'

        # make sure authorized_user_ids file exists
	if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
	    log "authorized_user_ids file is empty or does not exist."
	    exit
	fi

	# set user-controlled authorized_keys file path
	userAuthorizedKeys=${USER_CONTROLLED_AUTHORIZED_KEYS/\%h/"$HOME"}

	# update authorized_keys
	update_authorized_keys "$userKeysCacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys"
	;;

    'update-userids'|'u')
	if [ -z "$1" ] ; then
	    failure "you must specify at least one userid."
	fi
	for userID ; do
	    update_userid "$userID" "$userKeysCacheDir"
	done
	;;

    'gen-ae-subkey'|'g')
	keyID="$1"
	if [ -z "$keyID" ] ; then
	    failure "you must specify keyid of primary key."
	fi
	gen_ae_subkey "$keyID"
	;;

    'help'|'h'|'?')
        usage
        ;;

    *)
        failure "Unknown command: '$COMMAND'
Type 'cereal-admin help' for usage."
        ;;
esac