editenc

#! /bin/bash

set -e

DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
KEYFILE="$DIR/../etc/infrakeys.gpg"

if [ $# -ne 1 ]
then
	echo "Usage: $0 file-to-edit"
	exit 1
fi

ENCRYPTED=$1
DECRYPTED=`echo $1 | sed s/\.[^\.]*$//`

if [[ -f $DECRYPTED ]]
then
	read -p "Decrypted file already exists. If you continue it will be overwritten. Continue? (y/n) " -n 1 -r
	if [[ ! $REPLY =~ ^[Yy]$ ]]
	then
		printf '\n'
		exit 0
	fi
fi

gpg --no-default-keyring --keyring $KEYFILE --batch --yes $ENCRYPTED

if [[ -z "$EDITOR" ]]
then
	ED=vi
else
	ED=$EDITOR
fi

printf '\n'
$ED $DECRYPTED
set +e
echo "Validating YAML file $DECRYPTED..."
cat $DECRYPTED | ruby -ryaml -e 'YAML::load(STDIN.read)' > /dev/null 2>&1

if [ $? -ne 0 ]
then
	read -p "File doesn't appear to be valid YAML. Continue anyway? (y/n) " -n 1 -r
	if [[ ! $REPLY =~ ^[Yy]$ ]]
        then
                printf '\n'
		echo "Aborting. Plaintext file has been kept, be sure to remove it securely yourself."
                exit 1
        fi
else
	echo "It's valid!"
fi

set -e

read -p "Re-encrypt and remove plaintext? (y/n) " -n 1 -r
printf '\n'
if [[ $REPLY =~ ^[Yy]$ ]]
then
	$DIR/encrypt $DECRYPTED
	srm  $DECRYPTED
else
	read -p "Ok, well shall I at least securely remove the plaintext? (y/n) " -n 1 -r
	printf '\n'
	if [[ $REPLY =~ ^[Yy]$ ]]
	then
		srm $DECRYPTED
	else
		printf "Fine. I've not removed it. You better srm it when you're done, or else!\n"
	fi
fi