#!/bin/bash

usage() {
    echo
    echo "Usage: $0 <action>"
    echo
    echo "Actions:"
    echo
    echo "  initialize"
    echo "  sign-contract <file>"
    echo "  sign <endpoint>"
    echo "  verify <endpoint> <signature>"
    echo
    exit 1
}

if [ -z "$1" ]; then
    usage
fi

action=$1

case $action in

initialize)

    if [ -f id_ed25519 ] || [ -f id_ed25519.pub ]; then
        echo
        echo "Error: The environment has already been initialized."
        echo
        exit 1
    fi

    openssl genpkey -out id_ed25519 -algorithm ED25519
    openssl pkey -in id_ed25519 -pubout -out id_ed25519.pub

    id_ed25519_pub="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"

    echo
    echo "Public Key: $id_ed25519_pub"
    echo
    ;;

sign)

    if [ -z "$2" ]; then
        usage
    fi

    temporary_file_1=$(mktemp)
    trap 'rm -f $temporary_file_1' EXIT

    temporary_file_2=$(mktemp)
    trap 'rm -f $temporary_file_2' EXIT

    echo -n "$2" >"$temporary_file_1"

    openssl pkeyutl -sign -inkey id_ed25519 -rawin -in "$temporary_file_1" -out "$temporary_file_2"

    id_ed25519_pub_hex="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"
    signature=$(base64 -w 0 <"$temporary_file_2")

    echo
    echo " Signature: ${signature:0:64}"
    echo "              ${signature:64}"
    echo
    echo " Provider: $id_ed25519_pub_hex"
    echo " Endpoint: $2"
    echo
    ;;

verify)

    if [ -z "$2" ] || [ -z "$3" ]; then
        usage
    fi

    temporary_file_1=$(mktemp)
    trap 'rm -f $temporary_file_1' EXIT

    temporary_file_2=$(mktemp)
    trap 'rm -f $temporary_file_2' EXIT

    echo -n "$2" >"$temporary_file_1"
    echo -n "$3" | base64 --decode >"$temporary_file_2"

    echo
    openssl pkeyutl -verify -inkey id_ed25519 -rawin -in "$temporary_file_1" -sigfile "$temporary_file_2"
    echo
    ;;

sign-contract)

    if [ -z "$2" ]; then
        usage
    fi

    temporary_file_1=$(mktemp)
    trap 'rm -f $temporary_file_1' EXIT

    temporary_file_2=$(mktemp)
    trap 'rm -f $temporary_file_2' EXIT

    file_path="$2"

    # Check if the file exists
    if [ ! -f "$file_path" ]; then
    echo "File not found: $file_path"
    exit 1
    fi

    # Compute the SHA-512 hash
    sha512_hash=$(sha512sum "$file_path" | awk '{print $1}')

    # Store in temp file:
    echo -n "$sha512_hash" >"$temporary_file_1"

    # sign it:
    openssl pkeyutl -sign -inkey id_ed25519 -rawin -in "$temporary_file_1" -out "$temporary_file_2"

    id_ed25519_pub_hex="$(openssl pkey -in id_ed25519 -noout -text_pub | tail -n 3 | tr -d ': \n')"
    signature=$(base64 -w 0 <"$temporary_file_2")

    echo
    echo
    echo "SHA-512 hash of the Contract $file_path:"
    echo "$sha512_hash"
    echo
    echo "Operator's Public Key:"
    echo "$id_ed25519_pub_hex"
    echo
    echo "Signature of Contract:"
    echo "${signature}"
    echo
    ;;


*)

    usage
    ;;

esac