#!/bin/sh

set -eu

usage() {
    cat <<EOF
Usage: $BINNAME create|purge|list
       $BINNAME get|get-priv <group>
       $BINNAME help|-h|--help
EOF
    if [ "$#" -eq 2 ]; then
	cat <<EOF

This script manages SSH keys that enable jenkins to autmatically pull 
from private github/gitea repositories. It *DOES NOT* add any keys to 
jenkins automatically.

Apache is (should be) configured to automatically create missing keys, 
so 'create' should not need to be invoked manually.

Commands:
  create <group>     Creates an SSH key for the given group if one 
                     doesn't already exist

  purge              Deletes all existing SSH keys

  list               Prints all groups' public keys

  get <group> 	     Prints the public key for the given group

  get-priv <group>   Prints the private key for the given group

  help	             Prints this help text


Group identifiers are formatted as "NN-MM". NN is the group number, and MM is 
the course variant. Currently there are two variants, "15" for the 15hp course 
and "75" for the 7.5hp course.

Files and directories:
  $BASEDIR/groups.list
                     The list of user-group mappings. This script doesn't use 
                     the usernames, but they are required by apache in order 
                     to determine who should be able to see what.
		     The list format is "<username><tab><groupid>"

  $BASEDIR/keys
                     All SSH keys are stored here. 
                     The name format is "group<groupid>"

EOF
    fi
    exit "$1"
}

BINNAME="$(basename $0)"
BASEDIR="$(dirname "$(readlink -f "$0")")"
cd "$BASEDIR"

if [ "$#" -lt 1 ]; then
    usage 1
fi

GROUPFILE="./groups.list"
KEYDIR="./keys"

groups="$(sed -r '/^#/d' "$GROUPFILE" | awk '{print $2}' | sort | uniq)"

case "$1" in
    create)
	if ! [ "$#" = "2" ]; then
	    echo "You must specify a group to create a key for."
	    exit 2
	fi
	keyname="$KEYDIR/$2"
	if ! [ -e "$keyname" ]; then
	    ssh-keygen -f "$keyname" -t ecdsa -q -P '' -C "${2}@pvt"
	fi
	;;
    purge)
	rm "$KEYDIR"/*
	;;
    list)
	for group in $groups; do
	    keyname="$KEYDIR/${group}.pub"
	    printf "$group\t"
	    if [ -e "$keyname" ]; then
		cat "$keyname"
	    else
		echo "No key found."
	    fi
	done
	;;
    get )
	if [ "$#" -ne 2 ]; then
	    echo "You must specify a group to get the public key for."
	    exit 2
	fi
	keyfile="$KEYDIR/${2}.pub"
	if [ -e "$keyfile" ]; then
	    cat "$keyfile"
	else
	    echo "Not found."
	    exit 1
	fi
	;;
    get-priv)
	if [ "$#" -ne 2 ]; then
	    echo "You must specify a group to get the private key for."
	    exit 2
	fi
	keyfile="$KEYDIR/${2}"
	if [ -e "$keyfile" ]; then
	    if [ -r "$keyfile" ]; then
		cat "$keyfile"
	    else
		echo "Not readable."
	    fi
	else
	    echo "Not found."
	    exit 1
	fi
	;;
    help|-h|--help)
	usage 0 long
	;;
    *)
	usage 1
	;;
esac