generate-wkd

#!/bin/bash

set -eou

DATA_FILE_PATH=${DATA_FILE_PATH:=/data/keys.txt}
OUTPUT_FOLDER=${OUTPUT_FOLDER:=output}
MAIL_DOMAIN=${MAIL_DOMAIN:=""}
USE_FOLDER=${USE_FOLDER:=false}
USE_FILE=${USE_FILE:=true}
FOLDER_DIR=${FOLDER_DIR:=/data/}
SKIP_UPDATE_KEYRING=${SKIP_UPDATE_KEYRING:=false}
KEYRING_FILE=${KEYRING_FILE:=/tmp/keyring}
use_folder_flag=false
use_file_flag=false
use_direct=true
use_advanced=false

PARAMS=""

usage="$(basename "$0") [-h|--help] [-m|--mail-domain] [--use-folder path |--use-file path] -- generate a trusted keychan and the associated HU files for WKD

where:
  -h --help - Show this help menu
  -m --mail-domain text - The domain to generate the HU files for
  [--use-folder|--folder] path - The folder that contians users public keys for seeding the trust database
  [--use-file|--file] path (Default: /data/keys.txt) - A file that contains the fingerprints separated by new lines of users public keys to pull from the default keyserver to see the trust database
  [--direct] - Use the direct WKD setup (Default)
  [--advanced] - Use the advanced WKD setup

By default --use-file is used with the default path
"

update_keyring () {
  echo 'Adding missing keys to keyring...'
  if [ "$USE_FILE" = true ]; then
    gpg --keyserver keyserver.ubuntu.com --recv-keys $(cat $DATA_FILE_PATH | awk '{ print $1 }' | xargs)
  fi

  if [ "$USE_FOLDER" = true ]; then
    _CUR=$PWD
    if [ -d "$FOLDER_DIR" ]; then
      cd $FOLDER_DIR
      local files="$(find -regex ".*\.\(asc\|key\|gpg\|pgp\)")"
      for filename in $files; do
        echo $filename
        if [ -f $filename ]; then
          echo "Importing: $filename"
          gpg --import $filename
        fi
      done
      cd $_CUR
    else
      echo "Folder does not exist"
      exit 1
    fi
  fi
  gpg --export "${MAIL_DOMAIN}" > "${KEYRING_FILE}"
}

while [ "$#" -gt 0 ]; do
  case "$1" in
    -h|--help)
      echo "$usage"
      exit 0
      ;;
    -m|--mail-domain)
      MAIL_DOMAIN=$2
      shift 2
      ;;
    --use-folder|--folder)
      USE_FOLDER=true
      USE_FILE=false
      FOLDER_DIR=$2
      use_folder_flag=true
      shift 2
      ;;
    --use-file|--file)
      USE_FILE=true
      USE_FOLDER=false
      DATA_FILE_PATH=$2
      use_file_flag=true
      shift 2
      ;;
    --direct)
      use_direct=true
      use_advanced=false
      shift
      ;;
    --advanced)
      use_direct=false
      use_advanced=true
      shift
      ;;
    -*|--*) # unsupported flags
      echo "Error: Unsupported flag $1" >&2
      exit 1
      ;;
    *) # preserve positional arguments
      echo "$1"
      PARAMS="$PARAMS $1"
      shift
      ;;
  esac
done

if [ "$use_file_flag" = true ] && [ "$use_folder_flag" = true ]; then
  echo "You may only seed with either a file or a folder. Please select 1 of these options and try again" >&2

  exit 1
fi

if [ "$use_direct" = true ] && [ "$use_advanced" = true ]; then
  echo "You may only use direct or advanced mode, but not both" >&2

  exit 1
fi

if [ -z "$MAIL_DOMAIN" ]; then
  echo "You must provide a mail domain using -m text or --mail-domain text" >&2
  exit 1
fi

if [ ! -f "" ]; then
  touch "${KEYRING_FILE}"
fi

if [ "$SKIP_UPDATE_KEYRING" = false ]; then
  update_keyring
fi

echo 'Updating Key Directory...'
sq \
  wkd \
  generate \
  "${OUTPUT_FOLDER}" \
  "${MAIL_DOMAIN}" \
  "/tmp/keyring"

if [ "$use_direct" = true ]; then
  mv ${OUTPUT_FOLDER}/.well-known/openpgpkey/${MAIL_DOMAIN}/* ${OUTPUT_FOLDER}/.well-known/openpgpkey/
  rm -r ${OUTPUT_FOLDER}/.well-known/openpgpkey/${MAIL_DOMAIN}
fi