# -*-shell-script-*-
# This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)

# Monkeysphere host revoke-hostname subcommand
#
# The monkeysphere scripts are written by:
# Jameson Rollins <jrollins@finestructure.net>
# Jamie McClelland <jm@mayfirst.org>
# Daniel Kahn Gillmor <dkg@fifthhorseman.net>
#
# They are Copyright 2008-2009, and are all released under the GPL,
# version 3 or later.

# revoke hostname user ID from host key

revoke_hostname() {

local userID
local fingerprint
local tmpuidMatch
local line
local message
local revuidCommand

if [ -z "$1" ] ; then
    failure "You must specify a hostname to revoke."
fi

userID="ssh://${1}"

# make sure the user ID to revoke
find_host_userid "$userID" || \
    failure "No non-revoked user ID found matching '$userID'."

if [ "$PROMPT" = "true" ] ; then
    printf "The following host key user ID will be revoked:\n  %s\nAre you sure you would like to revoke this user ID? (Y/n) " "$userID" >&2
    read OK; OK=${OK:=Y}
    if [ "${OK/y/Y}" != 'Y' ] ; then
	failure "User ID not revoked."
    fi
else
    log debug "revoking user ID without prompting."
fi

# actually revoke:

# the gpg secring might not contain the host key we are trying to
# revoke (let alone any selfsig over that host key), but the plain
# --export won't contain the secret key.  "keytrans revokeuserid"
# needs access to both pieces, so we feed it both of them.

if (cat "$GNUPGHOME_HOST/secring.gpg" && gpg_host --export "$HOST_FINGERPRINT") | \
    "$SYSSHAREDIR/keytrans" revokeuserid \
    "$HOST_FINGERPRINT" "$userID" | gpg_host --import ; then
    gpg_host --check-trustdb

    update_gpg_pub_file

    show_key

    echo
    echo "NOTE: User ID revoked, but revocation not published."
    echo "Run '$PGRM publish-key' to publish the revocation."
else
    failure "Problem revoking user ID."
fi

}