#!/usr/bin/bash -e
# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2018 Red Hat, Inc.
# Author: Radovan Sroka <rsroka@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

. clevis-luks-common-functions

SUMMARY="Tang report plugin"

if [ "$1" == "--summary" ]; then
    echo "$SUMMARY"
    exit 1
fi

if [ -z "$1" ]; then
    echo "$0 missing the first argument!"
    exit 1
fi

CONTENT="$1"

### Get the advertisement
if ! URL="$(jose fmt -j- -g url -u- <<< "$CONTENT")" || [ -z "$URL" ]; then
    echo "URL was not found!" >&2
    exit 1
fi

if ! jws="$(curl -sfg "$URL/adv")"; then
    echo "Unable to fetch advertisement: $URL/adv!" >&2
    exit 1
fi

if ! TANG_KEYS="$(jose fmt -j- -Og payload -SyOg keys -AUo- <<< "$jws")"; then
    echo "Advertisement is malformed!" >&2
    exit 1
fi

### Check advertisement validity
ver="$(jose jwk use -i- -r -u verify -o- <<< "$TANG_KEYS")"
if ! jose jws ver -i "$jws" -k- -a <<< "$ver"; then
    echo "Advertisement is missing signatures!" >&2
    exit 1
fi

if ! LUKS_KEYS="$(jose fmt -j- -g adv -o- <<< "$CONTENT")" || [ -z "$LUKS_KEYS" ]; then
    echo "LUKS keys from LUKS metadata were not found!" >&2
    exit 1
fi

EXE="$(findexe clevis-luks-report-compare)"

exec "$EXE" "$TANG_KEYS" "$LUKS_KEYS"
