#!/usr/bin/bash
# vim: set tabstop=8 shiftwidth=4 softtabstop=4 expandtab smarttab colorcolumn=80:
#
# Copyright (c) 2018 Red Hat, Inc.
# Author: Radovan Sroka <rsroka@redhat.com>
# Author: Sergio Correia <scorreia@redhat.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

. clevis-luks-common-functions

SUMMARY="Regenerate LUKS metadata"

if [ "$1" == "--summary" ]; then
    echo "$SUMMARY"
    exit 0
fi

function usage_and_exit () {
    exec >&2
    echo "Usage: clevis luks regen -d DEV -s SLOT"
    echo
    echo "$SUMMARY"
    echo
    echo "  -d DEV  The LUKS device on which to perform rebinding"
    echo
    echo "  -s SLT  The LUKS slot to use"
    echo
    exit "${1}"
}

while getopts ":hd:s:" o; do
    case "$o" in
    d) DEV="$OPTARG";;
    h) usage_and_exit 0;;
    s) SLT="$OPTARG";;
    *) usage_and_exit 1;;
    esac
done

if [ -z "$DEV" ]; then
    echo "Did not specify a device!" >&2
    exit 1
fi

if [ -z "$SLT" ]; then
    echo "Did not specify a slot!" >&2
    exit 1
fi

if ! binding="$(clevis luks list -d "${DEV}" -s "${SLT}" 2>/dev/null)" \
                || [ -z "${binding}" ]; then
    echo "Error retrieving current configuration from ${DEV}:${SLT}" >&2
    exit 1
fi

read -r _ pin cfg <<< "${binding}"

echo "Regenerating with:"
echo "PIN: ${pin}"
echo "CONFIG: ${cfg}"

# Remove single quotes.
cfg=${cfg//\'}
if ! clevis luks edit -f -d "${DEV}" -s "${SLT}" -c "${cfg}" >/dev/null; then
    echo "Error rotating keys in ${DEV}:${SLT}" >&2
    exit 1
fi

echo "Keys were succesfully rotated."
