#! /bin/sh
###
### Issue cards containing a bunch of keeper secrets
###
### (c) 2011 Mark Wooding
###

###----- Licensing notice ---------------------------------------------------
###
### This file is part of the distorted.org.uk key management suite.
###
### distorted-keys is free software; you can redistribute it and/or modify
### it under the terms of the GNU General Public License as published by
### the Free Software Foundation; either version 2 of the License, or
### (at your option) any later version.
###
### distorted-keys is distributed in the hope that it will be useful,
### but WITHOUT ANY WARRANTY; without even the implied warranty of
### MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
### GNU General Public License for more details.
###
### You should have received a copy of the GNU General Public License
### along with distorted-keys; if not, write to the Free Software Foundation,
### Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.

set -e
case "${KEYSLIB+t}" in t) ;; *) echo >&2 "$0: KEYSLIB unset"; exit 1 ;; esac
. "$KEYSLIB"/keyfunc.sh

defhelp <<HELP
[-pt] KEEPER [INDICES ...]
Typeset cards for a set of keeper secrets.

This program creates a set of printable cards containing key nubs from the
keeper set KEEPER, specifically the keys with the given INDICES.  Elements of
the list are either simple integers or ranges [LOW]-[HIGH]; if LOW is
omitted, it means 0, and if HIGH is omitted, it means the highest possible
index.  If no INDICES are given then all secret keys are written.

The public keys are found in $KEYS/keeper/KEEPER/I.pub;
key nubs are read from the safe place where \`keys new-keeper' left
them.

If the \`-p' option is given, then the output is a PostScript file which
can be printed immediately.  If the \`-t' option is given, then the output
is a \`tar' archive containing a TeX source file and images, which must
be processed using \`latex' and \`dvips'.  The default is \`-t'.
HELP

## Read options.
mode=tar
while getopts "pt" opt; do
  case "$opt" in
    p) mode=ps ;;
    t) mode=tar ;;
    *) usage_err ;;
  esac
done
shift $(( $OPTIND - 1 ))

## Parse the command line.
case $# in 0) usage_err ;; esac
keeper=$1; shift
checkword "keeper set label" "$keeper"

## Find out about the set.
if [ ! -f $KEYS/keeper/$keeper/meta ]; then
  echo >&2 "$quis: unknown keeper set \`$keeper'"
  exit 1
fi
read n hunoz <$KEYS/keeper/$keeper/meta

## Check that nubs are available for the keeper set.
reqsafe
if [ ! -d $SAFE/keys.keeper/$keeper/ ]; then
  echo >&2 "$quis: no nubs available for keeper set \`$keeper'"
  exit 1
fi
cd $SAFE/keys.keeper/$keeper/

## Build a colon-separated list of the indices we actually want.
want=:
case $# in 0) set 0- ;; esac
for range in "$@"; do
  case "$range" in
    *[!-0-9]* | *[!0-9]*-* | *-*[!0-9]*)
      echo >&2 "$quis: bad index range \`$range'"
      exit 1
      ;;
    *-*)
      low=${range%-*} high=${range#*-}
      ;;
    *)
      low=$range high=$range
      ;;
  esac
  case "$low" in ?*) ;; *) low=0 ;; esac
  case "$high" in ?*) ;; *) high=$(( $n - 1 )) ;; esac
  if [ 0 -gt $low -o $low -gt $high -o $high -ge $n ]; then
    echo >&2 "$quis: invalid index range \`$range'"
    exit 1
  fi
  i=$(( $low + 0 ))
  while [ $i -le $high ]; do
    case $want in *:"$i":*) ;; *) want=$want$i: ;; esac
    i=$(( $i + 1 ))
  done
done

## Start working on the output file.  This will contain deep secrets, so
## don't leave stuff easily readable.
mktmp
umask 077
exec 3>$tmp/$keeper.tex
cat >&3 $ETC/keeper-cards.tex

## Write the basic configuration stuff.
cat >&3 <<EOF

%% General configuration for the cards.
\def\keeper{$keeper}
\def\total{$n}
EOF

## Start the document body.
cat >&3 <<'EOF'

%% The actual content.
\begin{document}
EOF

## Work through the requested indices.
i=0
while [ $i -lt $n ]; do
  case $want in
    *:"$i":*)
      read secret <$i
      tr -d '\n' <$i | qrencode -m0 -s1 -o$tmp/$i.png
      convert $tmp/$i.png $tmp/$i.eps
      cat >&3 <<EOF
\card{$i}{$secret}
EOF
  esac
  i=$(( $i + 1 ))
done

## Wrap up and build the document.
cat >&3 <<'EOF'
\end{document}
EOF
exec 3>&-

case $mode in
  ps)
    if ! (cd $tmp
	exec </dev/null >tex.out 2>&1
	latex $keeper.tex && dvips -o$keeper.ps $keeper.dvi); then
      echo >&2 "$quis: document formatting failed"
      sed >&2 's/^/| /' $tmp/tex.out
      exit 1
    fi
    cat $tmp/$keeper.ps
    ;;
  tar)
    (cd $tmp; tar cf - $keeper.tex *.eps)
    ;;
esac

###----- That's all, folks --------------------------------------------------