#!/bin/bash

run_id=`date -u '+%Y%m%d%H%M%S'`
script_dir=`dirname "$0"`
if [ -n "$script_dir" ]
then
	script_dir="${script_dir}/"
fi

add_sig ()
{
	local git_hash=$2
	local key_id=$3
	
	# Fetch existing data from git

	local message=`git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p'`

	# Output dearmored keys to files because bash variables don't play nicely with binary blobs
	prev_sig_filename="prev.sig.${run_id}.tmp.gpg"
	git cat-file -p ${git_hash} | python3 ${script_dir}headerextract.py | gpg --dearmor > ${prev_sig_filename}

	new_sig_filename="new.sig.${run_id}.tmp.gpg"
	echo -e "${message}" | gpg -u ${key_id} -o ${new_sig_filename} --detach-sig
	local res=$?
	if [ $res -ne 0 ]
	then
		echo "Failed to generate new signature!"
		exit $res
	fi
	
	local combined_sig=`cat ${prev_sig_filename} ${new_sig_filename} | gpg --enarmor`
	res=$?
	if [ $res -ne 0 ]
	then
		echo "Failed to combine signatures!"
		exit $res
	fi
	

	# Delete temporary signature files
	rm ${prev_sig_filename} ${new_sig_filename}

	echo -e "${message}\n${combined_sig}"

	# Hash and write git object
	echo -e "${message}\n${combined_sig}" | git hash-object -t commit -w --stdin

	return $?
}

verify_sig ()
{
	local keyring_path=$2
	local git_hash=$3

	local message_filename=msg.${run_id}.tmp.txt
	git cat-file -p ${git_hash} | sed -n '/-----BEGIN PGP/,/-----END PGP/b;p' > ${message_filename}

	local sig_filename=verify.sig.${run_id}.tmp.asc
	git cat-file -p ${git_hash} | python3 ${script_dir}headerextract.py | gpg --dearmor > ${sig_filename}

	gpgv2 --keyring ${keyring_path} ${sig_filename} ${message_filename}
	local res=$?

	rm ${message_filename} ${sig_filename}
	exit $res
}


USAGE="Usage: $0 add {hash of commit to sign} {key to use}\nOR\n$0 verify {path to keyring} {commit hash}"

if [ $1 = "add" ]
then
	add_sig $*
	exit $?
elif [ $1 = "verify" ]
then
	verify_sig $*
	exit $?
else
	echo "$USAGE"
	exit 1
fi