#! /bin/bash

set -e
set -o pipefail

shamir_secret_sharing=false

share_threshold=3

positional=()
while [[ $# -gt 0 ]]; do
  argument="$1"
  case $argument in
    -h|--help)
    printf "%s\n" \
    "Usage: qr-restore.sh [options]" \
    "" \
    "Options:" \
    "  --shamir-secret-sharing    combine secret using Shamir Secret Sharing" \
    "  --share-threshold          shares required to access secret (defaults to 3)" \
    "  --word-list                split secret into word list" \
    "  -h, --help                 display help for command"
    exit 0
    ;;
    --images)
    images=$2
    shift
    shift
    ;;
    --shamir-secret-sharing)
    shamir_secret_sharing=true
    shift
    ;;
    --share-threshold)
    share_threshold=$2
    shift
    shift
    ;;
    --word-list)
    word_list=true
    shift
    ;;
    *)
    positional+=("$1")
    shift
    ;;
  esac
done

set -- "${positional[@]}"

bold=$(tput bold)
red=$(tput setaf 1)
normal=$(tput sgr0)

dev="/dev/sda1"
tmp="/tmp/pi"
usb="/tmp/usb"

tput reset

if [ -n "$images" ]; then
  IFS=',' read -r -a images <<< "$images"

  sudo mkdir -p $usb

  if ! mount | grep $usb > /dev/null; then
    sudo mount $dev $usb --options uid=pi,gid=pi
  fi
fi

scan_qr_code () {
  local -n data=$1

  printf "%s\n" "Scanning QR code…"
  
  data=$(zbarcam --nodisplay --oneshot --quiet --set disable --set qrcode.enable | sed 's/QR-Code://')

  data_hash=$(echo -n "$data" | openssl dgst -sha512 | sed 's/^.* //')
  data_short_hash=$(echo -n "$data_hash" | head -c 8)

  printf "%s\n" "$data"
  printf "%s: $bold%s$normal\n" "SHA512 hash" "$data_hash"
  printf "%s: $bold%s$normal\n" "SHA512 short hash" "$data_short_hash"
}

read_passphrase () {
  local -n data=$1

  printf "$bold%s$normal\n" "Please type passphrase and press enter"
  read -rs data
}

if [ -z "$duplicate" ] && [ "$shamir_secret_sharing" = true ]; then
  read_passphrase passphrase

  if [ -n "$images" ]; then
    for image in ${images[@]}; do
      printf "%s\n" "Processing $image…"

      encrypted_share=$(zbarimg --quiet $usb/$image | sed 's/QR-Code://')

      share=$(echo -e "$encrypted_share" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")

      shares="$share\n$shares"
    done
  else
    for share_number in $(seq 1 $share_threshold); do
      printf "$bold%s$normal" "Prepare secret share $share_number of $share_threshold and press enter"
      read -r confirmation

      scan_qr_code encrypted_share

      share=$(echo -e "$encrypted_share" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")

      shares="$share\n$shares"
    done
  fi

  secret="$(echo -e "$shares" | secret-share-combine)"
else
  if [ -n "$images" ]; then
    printf "%s\n" "Processing ${images[0]}…"

    encrypted_secret=$(zbarimg --quiet $usb/${images[0]} | sed 's/QR-Code://')
  else
    scan_qr_code encrypted_secret
  fi
  if [ -z "$duplicate" ]; then
    read_passphrase passphrase
    
    secret=$(echo -e "$encrypted_secret" | gpg --batch --passphrase-fd 3 --decrypt 3<<<"$passphrase")
  fi
fi

if [ -z "$duplicate" ]; then
  printf "$bold$red%s$normal\n" "Show secret (y or n)?"
  read -r answer
  if [ "$answer" = "y" ]; then
    if [ "$word_list" = true ]; then
      printf "%s\n" "Secret:"
      array=($secret)
      last_index=$(echo "${#array[@]} - 1" | bc)
      for index in ${!array[@]}; do
        position=$(($index + 1))
        printf "%d. $bold%s$normal" "$position" "${array[$index]}"
        if [ $index -lt $last_index ]; then
          printf " "
        fi
      done
      printf "\n"
    else
      printf "%s\n" "Secret:"
      echo "$bold$secret$normal"
    fi
  fi
fi

if mount | grep $dev > /dev/null; then
  sudo umount $dev
fi

printf "%s\n" "Done"