#!/bin/bash
## I2P family manager script
## MIT License, 2018
## Viktor Villainov <supervillain@riseup.net>

if [[ -f .config ]]; then
    source .config
    ANSIBLE_OPTIONS=""
    if [[ "$BECOME" == "yes" ]]; then
        ANSIBLE_OPTIONS="$ANSIBLE_OPTIONS --become"
    fi
    if [[ "$PYTHON2" != "yes" ]]; then
        ANSIBLE_OPTIONS="$ANSIBLE_OPTIONS -e ansible_python_interpreter=/usr/bin/python3"
    fi
fi

generate_keys() {
    if [[ -f .config ]]; then
        read -p "Looks like you already have keys configured. Overwrite? (no/yes) " CONFIRM
        if [[ "$CONFIRM" != "yes" ]]; then
            exit 0
        fi
    fi

    read -p "Enter your router family name: " FAMILY_NAME

    if [[ $FAMILY_NAME =~ ^[a-z0-9]{3,12}$ ]]; then
        KEYPASS=$( openssl rand -base64 32 | tr -d /=+ )
        echo "FAMILY_NAME=$FAMILY_NAME" > .config
        echo "KEYPASS=$KEYPASS" >> .config
        BC_PATH=${BC_PATH:=/usr/share/maven-repo/org/bouncycastle/bcprov/debian/bcprov-debian.jar}

        if [[ -f $BC_PATH ]]; then
           ALGO="-keyalg ECDSA -keysize 256 -sigalg SHA256withECDSA \
           -providerpath $BC_PATH \
           -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider"
        else
            ALGO="-keyalg DSA -keysize 1024 -sigalg SHA1withDSA"
        fi

        PASS="changeit" KEYPASS=$KEYPASS keytool -genkeypair -alias $FAMILY_NAME -keystore keystore/family-$FAMILY_NAME.ks \
           -dname "CN=$FAMILY_NAME.family.i2p.net,OU=family,O=I2P Anonymous Network,L=XX,ST=XX,C=XX" \
           -storepass:env PASS -keypass:env KEYPASS -validity 3652 $ALGO

        PASS="changeit" keytool -exportcert -rfc -alias $FAMILY_NAME -keystore keystore/family-$FAMILY_NAME.ks \
           -storepass:env PASS -file certificates/family/$FAMILY_NAME.crt
    else
        echo "Invalid family name. Must be 3 to 12 alpha-numeric characters"
    fi

}

deploy() {
    if [[ "$FAMILY_NAME" == "" ]]; then
        echo "You need to generate keys first!"
        exit 0
    fi
    INVENTORY=$1
    if [[ ! -f $INVENTORY ]]; then
        INVENTORY="$INVENTORY,"
    fi
    OPTIONS=""
    ansible-playbook -i $INVENTORY i2p.yml -e family_name=$FAMILY_NAME -e family_key_password=$KEYPASS $ANSIBLE_OPTIONS
}

update() {
    INVENTORY=$1
    if [[ ! -f $INVENTORY ]]; then
        INVENTORY="$INVENTORY,"
    fi
    ansible all -m apt -a update_cache=yes -a upgrade=dist -i $INVENTORY $ANSIBLE_OPTIONS
}

case $1 in
    keygen)
        generate_keys
        ;;
    deploy)
        if [[ "$2" == "" ]]; then
            echo "Usage: $0 deploy [hostlist or inventory file]"
            echo "hostlist:  comma separated list of SSH hostnames/IP addresses (no spaces, like: host1.com,host2.com)"
            echo "inventory: Ansible inventory file, .ini syntax. See ansible documentation."
        else
            deploy $2
        fi
        ;;
    update)
        if [[ "$2" == "" ]]; then
            echo "Usage: $0 update [hostlist or inventory file]"
        else
            update $2
        fi
        ;;
    *)
        echo "Usage: $0 keygen|deploy|update"
        ;;
esac

exit 0
