#!/bin/bash

set -e
set -o pipefail

read -n 4096 cmd
cmd=$(echo "$cmd" | base64 -d)

if [ "$cmd" == "init" ] ; then

  if test -f "$HOME"/.password-store/.gpg-id ; then
      key=$(cat "$HOME"/.password-store/.gpg-id)
      echo "Not creating -- password store already exists and uses GPG key $key." >&2
      exit 8
  fi

  keys=()
  while read -n 128 key ; do
    key=$(echo "$key" | base64 -d)
    keys+=("$key")
  done

  pass init "${keys[@]}"
  echo "Do not forget to back up your password store regularly." >&2
  echo "To back up your password store, back up the entire $HOSTNAME VM using Qubes backup." >&2
  echo "Key files to backup: $HOME/.password-store and $HOME/.gnupg2" >&2

elif [ "$cmd" == "get-or-generate" ] ; then

  read -n 4096 entry
  read -n 4096 nosymbols
  entry=$(echo "$entry" | base64 -d)
  nosymbols=$(echo "$nosymbols" | base64 -d)

  ret=0 ; out=$(pass -- "$entry" 2>&1) || ret=$?
  if [ "$ret" == "1" ] && echo "$out" | grep -q "not in the password store" ; then
        logger -t ruddo.PassManage "creating password entry $entry"
        ret=0
        if [ "$nosymbols" == "1" ] ; then
            out=$(pass generate -n -- "$entry" 32) || ret=$?
        else
            out=$(pass generate -- "$entry" 32) || ret=$?
        fi
        if [ "$ret" == "1" ] ; then
            echo "Password generation failed: $out"
            exit "$ret"
        fi
  elif [ "$ret" != "0" ] ; then
        echo "$out" >&2
        exit "$ret"
  fi
  logger -t ruddo.PassManage "requested password entry $entry"
  exec pass -- "$entry"

elif [ "$cmd" == "insert" ] ; then

  read -n 4096 entry
  read -n 4096 multiline
  entry=$(echo "$entry" | base64 -d)
  multiline=$(echo "$multiline" | base64 -d)

  logger -t ruddo.PassManage "creating password entry $entry"

  if [ "$multiline" == "1" ] ; then
      base64 -d - | pass insert --multiline --force -- "$entry" | egrep -v '(when finished:|^$)'
  else
      base64 -d - | pass insert -e --force -- "$entry"
  fi

elif [ "$cmd" == "rm" ] ; then

  read -n 4096 entry
  entry=$(echo "$entry" | base64 -d)

  logger -t ruddo.PassManage "removing password entry $entry"

  pass rm -- "$entry"

elif [ "$cmd" == "mv" -o "$cmd" == "cp" ] ; then

  read -n 4096 entry
  entry=$(echo "$entry" | base64 -d)
  read -n 4096 newentry
  newentry=$(echo "$newentry" | base64 -d)
  read -n 4096 force
  force=$(echo "$force" | base64 -d)
  if [ "$force" == "1" ] ; then
      force=-f
  else
      force=
  fi

  logger -t ruddo.PassManage "$cmd password entry $entry to $entry"

  pass "$cmd" $f -- "$entry" "$newentry"

fi