#!/bin/bash
#
# Create keys for new nodes.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License along with this program.  If not, see
# <http://www.gnu.org/licenses/>.

function hydra_newkeys {
  # Generates ssh and gpg keys for new or existing nodes
  # GPG keys should be manually imported in the nodes
  for host in `hydra $HYDRA nodes`; do
    node="`echo $host | cut -d . -f 1`"
    privkey="$PUPPET_KEYS/ssh/$node/"$node"_id_rsa"
    pubkey="$privkey.pub"
    if [ "$1" == "all" ]; then
      hydra_genpairs
    elif [ "$1" == "all-ssh" ]; then
      hydra_genpairs ssh
    elif [ "$1" == "all-pgp" ]; then
      hydra_genpairs pgp
    elif [ ! -z "$1" ] && [ "$node" == "$1" ]; then
      hydra_genpairs $2
      exit $?
    elif [ ! -e "$privkey" ] || [ ! -e "$pubkey" ]; then
      hydra_genpairs
    fi
  done
}

function hydra_genpairs {
  BASEDIR="/tmp"

  if [ "$1" != "pgp" ]; then
    keyringer $HYDRA genpair ssh $node/ssh/id_rsa $host $privkey
  fi

  if [ "$1" != "ssh" ]; then
    keyringer $HYDRA genpair gpg $node/gpg/key    $host
  fi

  hydra_set_tmpfile genpair
  echo "Importing keys for $host" > $TMPWORK

  keyringer $HYDRA git commit -F $TMPWORK
  keyringer $HYDRA git push

  hydra_unset_tmpfile $TMPWORK

  # Add key into puppet git repository.
  ( cd $PUPPET_KEYS/ssh/$node && git add $(basename $privkey) $(basename $pubkey) )

  # Sync pubkeys folder
  ( cd $PUPPET_KEYS/public && find ../ssh/ -maxdepth 2 -name '*.pub' -exec cp {} . \; && git add . )
}

# Load.
source $APP_BASE/lib/hydra/functions || exit 1
hydra_config_load

# Check for keyringer.
if ! which keyringer &> /dev/null; then
  echo "Error: please install keyringer."
  exit 1
fi

hydra_newkeys $*