#!/usr/bin/env bash

AUTHORIZED_KEYS=/etc/ssh/keys/thousandeyes/authorized_keys

# prints the usage
usage() {
    echo "usage: ${0} [-d] KEY"
    echo
    echo "  -d  deletes the target key"
    echo
    exit 1
}

delete_existing_key() {
    sed -i $1 -e "\:$2:d"
}

tmp_cleanup() {
    rm -f "$@"
}

validate_key() {
    ssh-keygen -lf $1 > /dev/null 2>&1
}

# add a given key if doesn't exist
add_key() {
    # get the fingerprint from the given key
    tmp_ssh_keycompare=$(mktemp /tmp/ssh_keycompare.XXXXXXX)
    echo $1 > ${tmp_ssh_keycompare}

    if validate_key ${tmp_ssh_keycompare}; then
        while read key; do
            tmp_keycompare=$(mktemp /tmp/ssh_keycompare.XXXXXXX)
            echo ${key} > ${tmp_keycompare}
            key_fingerprint=$(ssh-keygen -lf ${tmp_keycompare} 2>/dev/null)

            if [ "$(ssh-keygen -lf ${tmp_ssh_keycompare}| cut -d' ' -f1,2)" = "$(echo ${key_fingerprint}| cut -d' ' -f1,2)" ]; then
                echo
                echo "key already exists in ${AUTHORIZED_KEYS}"
                exit 0
            fi

            # cleanup
            tmp_cleanup ${tmp_keycompare}
        done < ${AUTHORIZED_KEYS}
    else
        echo "Error: Invalid key provided"
    fi

    tmp_cleanup ${tmp_ssh_keycompare}

    # add the key
    echo $1 >> ${AUTHORIZED_KEYS}
}

# deletes a given key
delete_authorized_keys() {
    tmp_ssh_keyfile=$(mktemp /tmp/teva_ssh_authorizedkeys.XXXXXXX)
    echo $1 > ${tmp_ssh_keyfile}

    if validate_key ${tmp_ssh_keyfile}; then
        # check if the authorized_key file has more then one key, if not
        # fail
        if [ "$(cat ${AUTHORIZED_KEYS}|wc -l)" -le "1" ]; then
            echo
            echo "Error: The authorized_keys file can't be empty, don't lock yourself out."
            exit 2
        fi

        while read key; do
            tmp_keycompare=$(mktemp /tmp/ssh_keycompare.XXXXXXX)
            echo ${key} > ${tmp_keycompare}
            key_fingerprint=$(ssh-keygen -lf ${tmp_keycompare} 2>/dev/null)

            if [ "$(ssh-keygen -lf ${tmp_ssh_keyfile}| cut -d' ' -f1,2)" = "$(echo ${key_fingerprint}| cut -d' ' -f1,2)" ]; then
                delete_existing_key ${AUTHORIZED_KEYS} "${key}"
                tmp_cleanup ${tmp_keycompare} ${tmp_ssh_keyfile}
            fi

            # cleanup
            tmp_cleanup ${tmp_keycompare}
        done < ${AUTHORIZED_KEYS}
    else
        echo "Error: Invalid key provided"
    fi
    tmp_cleanup ${tmp_ssh_keyfile}
}

# get/analyze the options
options(){
    DELETE=0
    while getopts ":hdr" OPTIONS; do
        case ${OPTIONS} in
            h) usage
               ;;
            d) DELETE=1
               ;;
            \?) usage
                ;;
            *) usage
               ;;
        esac
    done

    shift $(($OPTIND-1))

    if [ "$#" != "1" ]; then
        usage
    fi

    if [ "${DELETE}" -eq "1" ]; then
        delete_authorized_keys "$@"
    else
        add_key "$@"
    fi
}

main() {
    options "$@"
}

main "$@"