#! /bin/sh
###
### List the available keeper sets
###
### (c) 2012 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP

List the available keeper sets, and the recovery secrets they protect.
HELP

case $# in 0) ;; *) usage_err ;; esac

## Collect information about available recovery keys.
if [ -d $KEYS/recov ]; then
  cd $KEYS/recov

  ## No keeper sets encountered yet.
  kk=:

  ## Iterate over recovery keys.
  for r in *; do
    if [ ! -d $r ]; then continue; fi

    ## Collect the current instance number.
    rcur=$(readlink $r/current)
    eval rcur_$r=\$rcur

    ## Now work through the instances of this recovery key.
    for ri in $r/*; do

      ## Get the instance number.
      i=${ri##*/}
      case "$i" in *[!0-9]*) continue ;; esac

      ## Read the keeper sharing parameters.
      for kp in $ri/*.param; do

	## Find the keeper name.
	k=${kp##*/}; k=${k%.param}

	## Add this keeper to the list if we haven't already, and clear the
	## list of associated recovery keys.
	case $kk in *:$k:*) ;; *) kk=$kk$k:; unset rr_$k ;; esac

	## Associate this recovery key instance with the keeper set, and
	## store information about the sharing.
	eval t_$k_$r_$i='$(sharethresh $kp)'
	eval "rr_$k=\${rr_$k+\$rr_$k }$r/$i"
      done
    done
  done
fi

## Now work through the keeper sets.
if [ ! -d $KEYS/keeper ]; then
  echo >&2 "$quis: no keepers"
else
  cd $KEYS/keeper

  ## Iterate over the keeper sets.
  firstp=t
  for k in *; do

    ## Make sure that this really looks like a keeper set.
    checkword "keeper set label" "$k"
    if [ ! -r $k/meta ]; then continue; fi

    ## Read the keeper metadata, and print basic stuff about it.
    read n hunoz <$k/meta
    readmeta $k/0
    case $firstp in t) firstp=nil ;; nil) echo ;; esac
    echo "$k profile=$profile n=$n"

    ## Print the sharing information, including the keeper nubids.
    echo "  share"
    i=0; while [ $i -lt $n ]; do
      nubid=$(cat $k/$i/nubid)
      echo "	$i nubid=$nubid"
      i=$(( $i + 1 ))
    done

    ## Print the associated recovery keys.
    echo "  recov"
    eval rr=\$rr_$k
    for ri in $rr; do

      ## Pick out the hash and instance number, and extract the rest of the
      ## data from this recovery key.
      r=${ri%/*} i=${ri##*/}
      eval t=\$t_$k_$r_$i

      ## Start assembling an information line.
      info="$r/$i t=$t"

      ## Determine the revelation status of the recovery key.  There are
      ## maybe things to check: the revelation of the key by explicit
      ## instance, or, if applicable, as the current instance.  Build in the
      ## positional parameters a sequence of DIR WHAT pairs to process.
      set $r.$i revealed
      eval rcur=\$rcur_$r
      case $rcur in $i) set "$@" $r.current current ;; esac
      while [ $# -gt 0 ]; do
	rd=$SAFE/keys.reveal/$1 attr=$2; shift 2
	if [ ! -d $rd ]; then
	  case $attr in revealed) ;; *) info="$info $attr" ;; esac
	elif [ -f $rd/nub ]; then
	  info="$info $attr=nub"
	else
	  unset ss
	  i=0; while [ $i -lt $n ]; do
	    if [ -f $rd/$k.$i.share ]; then ss=${ss+$ss,}$i; fi
	    i=$(( $i + 1 ))
	  done
	  info="$info $attr=$ss"
	fi
      done

      ## Print this information.
      echo "	$info"
    done
  done
fi

###----- That's all, folks --------------------------------------------------