#!/bin/sh

# howler: monkeysphere server gpg generator/publisher/maintainer
#
# Written by
# Jameson Rollins <jrollins@fifthhorseman.net>
#
# Copyright 2008, released under the GPL, version 3 or later

PGRM=$(basename $0)

########################################################################
# FUNCTIONS
########################################################################

usage() {
cat <<EOF
usage: $PGRM gen-key
       $PGRM publish-key
       $PGRM trust-key KEYID [KEYID...]
       $PGRM help
EOF
}

failure() {
    echo "$1" >&2
    exit ${2:-'1'}
}

# generate server gpg key
gen_key() {
    KEY_TYPE=${KEY_TYPE:-RSA}
    KEY_LENGTH=${KEY_LENGTH:-2048}
    KEY_USAGE=${KEY_USAGE:-encrypt,auth}
    SERVICE=${SERVICE:-ssh}
    HOSTNAME_FQDN=${HOSTNAME_FQDN:-$(hostname -f)}

    USERID=${USERID:-"$SERVICE"://"$HOSTNAME_FQDN"}

    echo "key parameters:"
    cat <<EOF
Key-Type: $KEY_TYPE
Key-Length: $KEY_LENGTH
Key-Usage: $KEY_USAGE
Name-Real: $USERID
EOF

    read -p "generate key? [Y|n]: " OK; OK=${OK:=Y}
    if [ ${OK/y/Y} != 'Y' ] ; then
	failure "aborting."
    fi

    if gpg --list-key ="$USERID" > /dev/null 2>&1 ; then
	failure "key for '$USERID' already exists"
    fi

    echo "generating server key..."
    gpg --batch --gen-key <<EOF
Key-Type: $KEY_TYPE
Key-Length: $KEY_LENGTH
Key-Usage: $KEY_USAGE
Name-Real: $USERID
%commit
EOF
}

publish_key() {
    read -p "publish key to $KEYSERVER? [Y|n]: " OK; OK=${OK:=Y}
    if [ ${OK/y/Y} != 'Y' ] ; then
	failure "aborting."
    fi

    keyID=$(gpg --list-key --with-colons ="$USERID" 2> /dev/null | grep '^pub:' | cut -d: -f5)

    # dummy command so as not to publish fakes keys during testing
    # eventually:
    #gpg --send-keys --keyserver "$KEYSERVER" "$keyID"
    echo "gpg --send-keys --keyserver $KEYSERVER $keyID"
}

trust_key() {
    for keyID ; do
	# get the key from the key server
	gpg --keyserver "$KEYSERVER" --recv-key "$keyID" || failure "could not retrieve key '$keyID'"

	# edit the key to change trust
	# FIXME: need to figure out how to automate this,
	# in a batch mode or something.
	gpg --edit-key "$keyID"
    done
}

########################################################################
# MAIN
########################################################################

# set ms home directory
MS_HOME=${MS_HOME:-/etc/monkeysphere}

# load configuration file
MS_CONF=${MS_CONF:-"$MS_HOME"/monkeysphere.conf}
[ -e "$MS_CONF" ] && . "$MS_CONF"

GNUPGHOME=${GNUPGHOME:-"$MS_HOME"/gnupg}
export GNUPGHOME
KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
export KEYSERVER

COMMAND="$1"
[ "$COMMAND" ] || failure "Type '$PGRM help' for usage."
shift 1

case $COMMAND in
    'gen-key')
	gen_key
	;;
    'publish-key')
	publish_key
	;;
    'trust-key')
	if [ -z "$1" ] ; then
	    failure "you must specify at least one key to trust."
	fi
	trust_key "$@"
	;;
    'help')
        usage
	exit
        ;;
    *)
        failure "Unknown command: '$COMMAND'
Type '$PGRM help' for usage."
        ;;
esac