#!/bin/bash

name="keytype"
version="1.0"
read -r -d '' help_message <<-EOF
	Inspect a cryptographic key for type and length
	Usage: keytype [OPTIONS] KEYFILE
	Options:
	 -h, --help     print this message and exit
	 -q, --quiet    suppress error messages and prompts
	 -v, --verbose  show additional messages
	 -V, --version  print version number and exit
EOF

source /usr/local/lib/mylib.bash

quiet=0
verbose=0
while [[ $# -gt 0 ]]; do
  case "$1" in

  -h|--help)
    help_msg
    shift
    ;;

  -q|--quiet)
    debug_msg "Setting quiet option to 1 (was ${quiet})"
    quiet=1
    shift
    ;;

  -v|--verbose)
    debug_msg "Setting verbose option to 1 (was ${verbose})"
    verbose=1
    shift
    ;;

  -V|--version)
    version_msg
    ;;

  *)
    debug_msg "Argument '${1}' added to positional array"
    positional+=("$1")
    shift
    ;;
  esac
done

try_openssh() {
  keylength=
  keyfingerprint=
  keytype=
  keycomment=

  keyinfo="$(/usr/bin/ssh-keygen -l -f "$keyfile" 2>/dev/null)"

  if [ $? -ne 0 ]; then
    debug_msg "file '${keyfile}' is not an OpenSSH key"
    return 1
  else
    keylength="$(/usr/bin/cut --delimiter=' ' --field=1 <<<"$keyinfo")"
    keyfingerprint="$(/usr/bin/cut --delimiter=' ' --field=2 <<<"$keyinfo")"
    keycomment="$(/usr/bin/awk '{$1=$2=$NF="";print substr($0,3,length($0)-3)}' <<<"$keyinfo")"
    keytype="$(/usr/bin/awk '{print substr($NF,2,length($NF)-2)}' <<<"$keyinfo")"

    /usr/bin/printf "%s: %s-bit %s OpenSSH key\n" "${keyfile}" "${keylength}" "${keytype}"
    return 0
  fi
}

try_openpgp() {
  keyinfo=
  keyprivacy=
  keylength=
  keytypenum=
  keytype=
  keyfingerprint=

  keyinfodump="$(/usr/bin/gpg2 --show-keys --with-colons "$keyfile" 2>/dev/null)"

  if [ $? -ne 0 ]; then
    debug_msg "file '${keyfile}' is not an OpenPGP key"
    return 1
  else
    if /usr/bin/grep -e "^pub:" <<<"$keyinfodump" >/dev/null 2>&1; then
      keyprivacy="public"
      keyinfo="$(/usr/bin/grep -e "^pub:" <<<"$keyinfodump")"
    elif /usr/bin/grep -e "^sec:" <<<"$keyinfodump" >/dev/null 2>&1; then
      keyprivacy="private"
      keyinfo="$(/usr/bin/grep -e "^sec:" <<<"$keyinfodump")"
    else
      debug_msg "file '${keyfile}' is an OpenPGP key, but it cannot be interpretted"
    fi

    keylength="$(/usr/bin/cut --delimiter=':' --field=3 <<<"$keyinfo")"
    keytypenum="$(/usr/bin/cut --delimiter=':' --field=4 <<<"$keyinfo")"

    case "$keytypenum" in
    1)
      keytype="RSA"
      ;;

    16)
      keytype="Elgamel"
      ;;

    17)
      keytype="DSA"
      ;;

    *)
      error_msg "Unknown algorythm on OpenPGP key"
      ;;

    #2 is deprecated as RSA Encrypt Only
    #3 is deprecated as RSA Sign Only
    #18 is reserved for Elliptic Curve but not part of the OpenPGP spec yet
    #19 is reserved for ECDSA but not part of the OpenPGP spec yet
    #20 is reserved; deprecated as Elgamel Encrypt or Sign
    #21 is reserved for Diffie-Hellman but not part of the OpenPGP spec yet
    #100-110 are reserved for experimental use
    #256+ are reserved for Libgcrypt to allocate
    esac

    keyfingerprint="$(/usr/bin/cut --delimiter=':' --field=5 <<<"$keyinfo")"

    /usr/bin/printf "%s: %s-bit %s %s OpenPGP key\n" "${keyfile}" "${keylength}" "${keyprivacy}" "${keytype}"
    return 0
  fi
}

try_openssl() {
  #TODO: implement OpenSSL checks
  :
}

code=0
for keyfile in "${positional[@]}"; do
  if ! try_openssh; then
    if ! try_openpgp; then
      if ! try_openssl; then
        code=1
      fi
    fi
  fi
done

exit "$code"