#!/bin/bash
set -e

export PATH="/usr/bin:/bin:/usr/sbin:/sbin"

dest=/var/run/foodoor-keys
temp_outfile="$dest.tmp"


if [ ! -e "${dest}/.git/config" ]
then
	#echo "Repo does not exist, trying to clone..."
	( cd /var/run && git clone --quiet --single-branch --depth=1 ssh://git.chaospott.de/Keyverwaltung/foodoor-keys.git "${dest}" )
else
	#echo "Repo exists, updating..."
	( cd "${dest}" && git fetch --quiet && git merge --quiet origin/master master )
fi

rm -f ${temp_outfile}
	find "${dest}/keys" -name '*.pub' | sort | \
		while read keyfile
		do
			ssh-keygen -l -f ${keyfile} &> /dev/null
			if [ $? -eq 0 ]; then
				valid=false
				keyinfo=$(ssh-keygen -l -f ${keyfile}) # The whole key information
				crypto=$(echo "${keyinfo}" | cut -d" " -f4) # Looks like "(RSA)" or "(ED25519)"
				key_length=$(echo "${keyinfo}" | cut -d" " -f1) 

				if [ "${crypto}" == "(RSA)" ]; then

					if [ ${key_length} -lt 4096 ]; then
						echo "Key size of key ${keyfile} not equal to 4096. Not adding it to key database." >&2
						continue
					else
						valid=true
					fi

				elif [ "${crypto}" == "(ED25519)" ]; then
					valid=true
				fi

				if [ "$valid" = true ]; then
					echo "command=\"/usr/sbin/foodoor \$action \",no-port-forwarding,no-X11-forwarding,no-agent-forwarding $(cat ${keyfile})" >> ${temp_outfile}
				fi
			fi
		done

for appendix in open close door
do
    action="$appendix"
    if [ "$action" = "door" ]
    then
        action=""
    fi
    
    export action
    outfile="${dest}/authorized_keys.${appendix}"
    cat ${temp_outfile} |envsubst > ${outfile}
	
    # Oben
    if [ "$(hostname)" = "foodoor" ]; then
      install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh
      install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys
    fi

    # Unten
    if [ "$(hostname)" = "kellertuer" ]; then
      if [ "${action}" = "open" ]; then
        owner="unlock"
      elif [ "${action}" = "close" ]; then
        owner="lock"
      fi
      install -d -o ${owner} -g nogroup -m 0700 /var/lib/foodoor/${action}/.ssh
      install -b -S .last -o ${owner} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${action}/.ssh/authorized_keys
      if [ "${appendix}" = "door" ]; then
        install -d -o ${appendix} -g nogroup -m 0700 /var/lib/foodoor/${appendix}/.ssh
        install -b -S .last -o ${appendix} -g nogroup -m 0600 ${outfile} /var/lib/foodoor/${appendix}/.ssh/authorized_keys
      fi

    fi

done