#!/bin/bash
#
# This file is part of vbackup.
#
# vbackup is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# vbackup is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with vbackup  If not, see <http://www.gnu.org/licenses/>.
#
# $Id$
#
# Description
#
#

NAME="x509"
VERSION="$PACKAGE_VERSION"
DESC="Encrypt a file or a directory using x509 certificates"
LICENSE="$PACKAGE_LICENSE"
COPYRIGHT="$PACKAGE_COPYRIGHT"
CONTACT="$PACKAGE_BUGREPORT"

# Display help
do_help()
{
	cat << _END
This method encrypts a file or a directory. It can be used in the final steps
to create an encrypted archive which may be stored locally or remotely.

If a directory is specified then it will be tar'ed first.

Configuration options:
	SOURCE		The local file or directory to encrypt. This is
			relative to DESTDIR0. If this is empty or / then
			the whole DESTDIR0 will be encrypted.
	DESTFILE	The destination file. This must include the required
			suffix (i.e. .enc or .tar.enc) (required)
	CERTFILE	The full path to the certificate to use to encrypt
			the file(s) (required)

Files may be decrypted using openssl:

  openssl smime -decrypt -in <outfile> -out <file> -inkey <key> <cert>

Where <outfile> is the file that's produced by this script (encrypted),
<out> is the unencrypted file that will be produced, <key> is the private
key file and <cert> is the certificate file.
_END

	if [ -z "$OPENSSL" ] ; then
		cat << _END

 !! This method is DISABLED because OPENSSL was not found
_END
	fi

	if [ -z "$GTAR" ] ; then
		cat << _END

 !! This method is DISABLED because GNU TAR was not found
_END
	fi
}

# Check configuration
# return: 0: ok, 1: error
do_check_conf()
{
	[ -z "$OPENSSL" ] && h_error "OPENSSL was not found" && return 1
	[ -z "$GTAR" ] && h_error "GNU TAR was not found" && return 1

	[ -z "$DESTFILE" ] && h_error "Missing DESTFILE" && return 1
	[ -z "$CERTFILE" ] && h_error "Missing CERTFILE" && return 1

	return 0
}

# Do backup
do_run()
{
	if [ "x$ABORT" = "x1" ] ; then
		return 0
	fi

	if [ -z "$OPENSSL" ] ; then
		h_error "OPENSSL was not found"
		return 1
	fi

	if [ -z "$GTAR" ] ; then
		h_error "GNU TAR was not found"
		return 1
	fi

	if [ -z "$CERTFILE" ] || ! [ -e "$CERTFILE" ] ; then
		h_error "Bad or missing CERTFILE $CERTFILE"
		return 1
	fi

	# Expand special chars
	h_transform "$DESTFILE"
	DST="$R"

	h_transform "$SOURCE"
	T="${SOURCE:0:0}"
	if [ "x$T" = "x/" ] ; then
		SRC="$SOURCE"
	else
		SRC="$DESTDIR0/$SRC"
	fi

	if [ -d "$SRC" ] ; then
		ISDIR=1
		DIRMSG=" (directory)"
	else
		ISDIR=0
		DIRMSG=""
	fi

	h_msg 6 "Encrypting $SRC$DIRMSG as $DST using certificate $CERTFILE"

	(
		if [ "$ISDIR" = 1 ] ; then
			$GTAR -c -C "$SRC" -f - .
		else
			cat "$SRC"
		fi
	) | $OPENSSL smime -encrypt -binary -out $DST $CERTFILE
}

