#!/bin/bash
#===============================================================================
#
# DIRECTORY:
#   /home/*/.local/share/nautilus/scripts/01-verify/
# OR
#   /home/*/.gnome2/nautilus-sctipts/01-verify/ (deprecated)
#
# FILE:
#   02c-gpg-verify
#
# USAGE:
#   Right klick on the first file of an EWF image and
#   choose this nautilus script from the context menu.
#
# OPTIONS:
#   none
#
# DESCRIPTION:
#   Verifies that an logfile was digitally signed by a specific examiner.
#
# REQUIREMENTS:
#   bash, zenity, gpg, grep, awk and coreutils
#
# BUGS:
#   ---
#
# NOTES:
#   Tested on
#   - Arch Linux
#
# AUTHOR:
#   Patrick Neumann, patrick@neumannsland.de
#
# COMPANY:
#   (privately)
#
# VERSION:
#   0.9 (beta)
#
# LINK TO THE MOST CURRENT VERSIONS:
#   https://...
#
# CREATED:
#   11.09.2020
#
# COPYRIGHT (C):
#   2015-2020 - Patrick Neumann
#
# LICENSE:
#   This program is free software: you can redistribute it and/or modify
#   it under the terms of the GNU General Public License as published by
#   the Free Software Foundation, either version 3 of the License, or
#   (at your option) any later version.
#
# WARRANTY:
#   This program is distributed in the hope that it will be useful,
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#   GNU General Public License for more details.
#
#   You should have received a copy of the GNU General Public License
#   along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# TODO:
#   - more DRY (dont repeat yourself)!
#
# HISTORY:
#   0.9 - Patrick Neumann - Initial (public) release
#
#===============================================================================

#-------------------------------------------------------------------------------
# Additional supported Distribution(s) (add before Library!).
#-------------------------------------------------------------------------------
SUPPORTED_OSR="arch"

#-------------------------------------------------------------------------------
# Check for library (casualscripter_nautilus-scripts_functions.sh).
#-------------------------------------------------------------------------------
readonly LIBRARY="${0%/*/*}/.casualscripter_nautilus-scripts_functions.sh"
if [ ! -f "${LIBRARY}" ] ; then
  zenity --error \
         --text \
         "ERROR: casualscripter_nautilus-scripts_functions.sh MISSING!"
  exit 1
fi

source "${LIBRARY}"

#-------------------------------------------------------------------------------
# Checks (see library "casualscripter_nautilus-scripts_functions.sh").
#-------------------------------------------------------------------------------
check_dep "${BASENAME_BIN}" "coreutils"
check_dep "${OPENSSL_BIN}" "openssl"
check_dep "${AWK_BIN}" "gawk"
check_dep "${GREP_BIN}" "grep"
check_dep "${GPG_BIN}" "gnupg"

check_ext "${SOURCE}" "info|log|txt"

check_tmp

#-------------------------------------------------------------------------------
# Import public key if needed.
#-------------------------------------------------------------------------------
if [ -r "${SOURCE}.sig" ] ; then
  if ${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>&1 | ${GREP_BIN} --fixed-strings "No public key" 2>&1 > /dev/null ; then
    readonly GPG_PUB_KEY_FILE="$( ${ZENITY_BIN} --title="Select gpg public key file" \
                                                --file-selection )"
    if [ -z "${GPG_PUB_KEY_FILE}" ] ; then
      error_exit "no gpg public key file choosen"
    fi

    PUBKEY1="$( ${GPG_BIN} "${GPG_PUB_KEY_FILE}" 2>/dev/null | ${GREP_BIN} --only-matching --only-matching "[[:xdigit:]]{40}" )"
    PUBKEY2="$( ${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>&1 | ${GREP_BIN} --only-matching --only-matching "[[:xdigit:]]{40}" )"

    if [ "${PUBKEY1}" != "${PUBKEY2}" ] ; then
      error_exit "wrong gpg public key file"
    fi

    ${GPG_BIN} --import "${GPG_PUB_KEY_FILE}"
  
    # gpg --edit-key "${PUBKEY1}"
    #   -> trust
    #   -> 5
    #   -> save
  fi
elif [ -r "${SOURCE}.asc" ] ; then
  if ${GPG_BIN} --verify "${SOURCE}.asc" 2>&1 | ${GREP_BIN} --fixed-strings "No public key" 2>&1 > /dev/null ; then
    readonly GPG_PUB_KEY_FILE="$( ${ZENITY_BIN} --title="Select gpg public key file" \
                                                --file-selection )"

    if [ -z "${GPG_PUB_KEY_FILE}" ] ; then
      error_exit "no gpg public key file choosen"
    fi
  
    PUBKEY1="$( ${GPG_BIN} "${GPG_PUB_KEY_FILE}" 2>/dev/null | ${GREP_BIN} --only-matching "[[:xdigit:]]{40}" )"
    PUBKEY2="$( ${GPG_BIN} --verify "${SOURCE}.asc" 2>&1 | ${GREP_BIN} --only-matching "[[:xdigit:]]{40}" )"

    if [ "${PUBKEY1}" != "${PUBKEY2}" ] ; then
      error_exit "wrong gpg public key file"
    fi

    ${GPG_BIN} --import "${GPG_PUB_KEY_FILE}"
  fi
else
  error_exit "no gpg signatur (.sig or .asc) found"
fi

#-------------------------------------------------------------------------------
# Generate gpg verify file, if necessary.
#-------------------------------------------------------------------------------
readonly GPGVERIFY="${TMP}/gpg-verify-$( ${BASENAME_BIN} "${SOURCE}" ).txt"

if [ ! -f "${GPGVERIFY}" ] ; then
  if [ -r "${SOURCE}.sig" ] ; then
    ${PRINTF_BIN} "Verified log file:\n  %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" )" > "${GPGVERIFY}"
    ${PRINTF_BIN} "Verified signature file:\n  %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" ).sig" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "MD5 of log file:\n  %s\n\n" "$( ${OPENSSL_BIN} dgst -md5 "${SOURCE}" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "SHA1 of log file:\n  %s\n\n" "$( ${OPENSSL_BIN} dgst -sha1 "${SOURCE}" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "Output of gnupg:\n\n" >> "${GPGVERIFY}"
    ${GPG_BIN} --verify "${SOURCE}.sig" "${SOURCE}" 2>> "${GPGVERIFY}"
  elif [ -r "${SOURCE}.asc" ] ; then
    ${PRINTF_BIN} "Verified log file:\n  %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" )" > "${GPGVERIFY}"
    ${PRINTF_BIN} "Verified signature file:\n  %s\n\n" "$( ${BASENAME_BIN} "${SOURCE}" ).asc" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "MD5 of log file:\n  %s\n\n" "$( ${OPENSSL_BIN} dgst -md5 "${SOURCE}.asc" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "SHA1 of log file:\n  %s\n\n" "$( ${OPENSSL_BIN} dgst -sha1 "${SOURCE}.asc" | ${AWK_BIN} '{ print $NF }' )" >> "${GPGVERIFY}"
    ${PRINTF_BIN} "Output of gnupg:\n\n" >> "${GPGVERIFY}"
    ${GPG_BIN} --verify "${SOURCE}.asc" 2>> "${GPGVERIFY}"    
  fi
fi

#-------------------------------------------------------------------------------
# Display content of the resultfile "gpg-verify...txt".
#-------------------------------------------------------------------------------
display_resultfile "${GPGVERIFY}"

exit 0