#!/bin/sh
# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2016 Red Hat, Inc.
# Author: Nathaniel McCallum <npmccallum@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

set -e

usage() {
    echo "Usage: $0 <jwkdir> [<sig> <exc>]" >&2
    exit 1
}

set_perms() {
    chmod -- 0440 "${1}"
    if ! chown -- @user@:@group@ "${1}" 2>/dev/null; then
        echo "Unable to change owner/group for ${1} to @user@:@group@" >&2
    fi
}

[ $# -ne 1 ] && [ $# -ne 3 ] && usage
[ -d "$1" ] || usage

[ $# -eq 3 ] && sig=$2 && exc=$3

THP_DEFAULT_HASH=S256     # SHA-256.

# Set default umask for file creation.
umask 0337

jwe=$(jose jwk gen -i '{"alg":"ES512"}')
[ -z "$sig" ] && sig=$(echo "$jwe" | jose jwk thp -i- -a "${THP_DEFAULT_HASH}")
echo "$jwe" > "$1/$sig.jwk"
set_perms "$1/$sig.jwk"


jwe=$(jose jwk gen -i '{"alg":"ECMR"}')
[ -z "$exc" ] && exc=$(echo "$jwe" | jose jwk thp -i- -a "${THP_DEFAULT_HASH}")
echo "$jwe" > "$1/$exc.jwk"
set_perms "$1/$exc.jwk"