#!/bin/bash
set -e

unix_seconds=$(date +%s)
key_path="./private_ed25519_${unix_seconds}"
signature_tag="file-integrity"
out_dir="./out"
inner_dir="$out_dir/contents"

mkdir -p "$inner_dir"

checkcode () {
    local retcode
    if [ -z "$1" ]; then
        echo -e "\n\e[31mERROR!\033[0m checkcode missing return code parameter\n"
        exit 1
    else
        retcode=$1
    fi

    if [ $retcode -ne 0 ]; then
        echo -e "\e[31mERROR!\033[0m Response Code: $retcode"
    else
        printf '\e[1;32mOK!\e[0m\n'
    fi
}

printf "ssh-keygen: makin new key..."
ssh-keygen -t ed25519 -f "$key_path" -C "anonymous"
checkcode $?
printf "ssh-keygen: changing ownership on $key_path and $key_path.pub"
chown $USER:$USER "$key_path" "$key_path.pub"
printf "ssh-keygen: fixing perms on $key_path and $key_path.pub"
chmod 600 "$key_path" "$key_path.pub"
printf "ssh-keygen: creating $out_dir/anonymous_signer..."
echo "anonymous namespaces=\"$signature_tag\" $(cat "${key_path}.pub")" > "$out_dir/anonymous_signer"
checkcode $?

printf "random: adding 1/2 random blocks of data to inner archive"
dd if=/dev/urandom of="$inner_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
checkcode $?
printf "random: adding 2/3 random blocks of data to outer archive"
dd if=/dev/urandom of="$out_dir/.$RANDOM" bs=1M count=1 > /dev/null 2>&1
checkcode $?

printf "7z: compressing inner volume"
7z a "$out_dir/contents.7z" "$inner_dir" > /dev/null 2>&1
checkcode $?

printf "deleting $inner_dir"
rm -rf "$inner_dir"
checkcode $?

printf "ssh: signing out/contents.7z"
ssh-keygen -Y sign -f "$key_path" -n "$signature_tag" "$out_dir/contents.7z" # > /dev/null 2>&1
checkcode $?

printf "sha512: generating sha512 checksums of files in out"
sha512sum $out_dir/* > "$out_dir/checksums.sha512"
checkcode $?

echo "Enter attribution passphrase:"
read -r -s attribution_passphrase
echo
echo "Enter attribution passphrase again:"
read -r -s attribution_passphrase_check
if [[ "$attribution_passphrase" != "$attribution_passphrase_check" ]]; then
    echo -e "\n\n\033[0;31mAttribution passphrases do not match! Exiting!\033[0m\n\n" >&2
    exit 1
else
    echo -e "attribution_passphrase: \033[0;32mOK!\033[0m"
fi
unset attribution_passphrase_check
{
    printf '%s' "$attribution_passphrase"
    cat "$out_dir/contents.7z"
} | sha512sum | awk '{print $1}' > "$out_dir/attribution.sha512"

printf "sanity checking: changing working directory to $out_dir"
cd "$out_dir"
checkcode $?
printf "sanity checking: verification"
bash verify-everything.sh
checkcode $?
printf "sanity checking: validate attribution passphrase"
bash test_validation_passphrase.sh
checkcode $?
printf "sanity checking: returning"
cd ..
checkcode $?

printf "7z archiving outer dir"
7z a "./out.7z" "$out_dir"
checkcode $?