#!/bin/sh

# Open Infrastructure: service-tools

# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# SPDX-License-Identifier: GPL-3.0+
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

set -e

PROJECT="open-infrastructure"
SOFTWARE="service-tools"
PROGRAM="ssh-keycheck"

Parameters ()
{
	GETOPT_LONGOPTIONS="bits:,filename:,help,type:,verbose,"
	GETOPT_OPTIONS="b:,f:,h,t:,v,"

	PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${PROGRAM} --options ${GETOPT_OPTIONS} --shell sh -- ${@})"

	if [ "${?}" != "0" ]
	then
		echo "'${PROGRAM}': getopt exit" >&2
		exit 1
	fi

	eval set -- "${PARAMETERS}"

	while true
	do
		case "${1}" in
			-b|--bits)
				BITS="${2}"
				shift 2
				;;

			-f|--filename)
				FILES="${2}"
				shift 2
				;;

			-h|--help)
				HELP="true"
				shift 1
				;;

			-t|--type)
				TYPES="${2}"
				shift 2
				;;

			-v|--verbose)
				VERBOSE="true"
				shift 1
				;;

			--)
				shift 1
				break
				;;

			*)
				echo "'${PROGRAM}': getopt error" >&2
				exit 1
				;;
		esac
	done
}

Usage ()
{
	echo "Usage: ${PROGRAM} -f KEY_FILE[,KEY_FILE] [-b BITS[,BITS]] [-t TYPE[,TYPE]]" >&2
	echo
	echo "See ${PROGRAM}(1) and ${SOFTWARE}(7) for more information."

	exit 1
}

Parameters "${@}"

if [ -z "${FILES}" ] || [ -n "${HELP}" ]
then
	Usage
fi

EXIT="0"

for FILE in ${FILES}
do
	if [ ! -e "${FILE}" ]
	then
		echo "'${FILE}': no such key file" >&2
		exit 1
	fi

	# Run
	SSH_KEYGEN="$(ssh-keygen -l -f "${FILE}" 2>&1 || true)"

	KEY_TYPE="$(echo "${SSH_KEYGEN}" | awk '{ print $NF }' | sed -e 's|(||' -e 's|)||' | tr '[A-Z]' '[a-z]')"
	KEY_BITS="$(echo "${SSH_KEYGEN}" | awk '{ print $1 }')"

	case "${KEY_TYPE}" in
		dsa|ecdsa|ecdsa-sk|ed25519|ed25519-sk|rsa)
			;;

		*)
			case "${VERBOSE}" in
				true)
					echo "'${FILE}': invalid key file" >&2
					;;
			esac

			KEY_TYPE="unknown"
			EXIT="1"
			;;
	esac

	if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${TYPES}" ]
	then
		case "${KEY_TYPE}" in
			$(echo ${TYPES} | sed -e 's|,| |g'))
				;;

			*)
				echo "'${FILE}': wrong type" >&2
				EXIT="1"
				;;
		esac
	fi

	if [ "${KEY_TYPE}" != "unknown" ] && [ -n "${BITS}" ]
	then
		case "${KEY_BITS}" in
			$(echo ${BITS} | sed -e 's|,| |g'))
				;;

			*)
				echo "'${FILE}': wrong bits" >&2
				EXIT="1"
				;;
		esac
	fi

	case "${EXIT}" in
		0)
			case "${VERBOSE}" in
				true)

cat << EOF
filename: ${FILE}
bits: ${KEY_BITS}
type: ${KEY_TYPE}
EOF

					;;
			esac
			;;

	esac
done

exit "${EXIT}"