#!/usr/bin/env bash

{{ includeTemplate "universal/profile-before" }}
{{ includeTemplate "universal/logg-before" }}

KEYID="{{ .user.gpg.id }}"

if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
  if [ ! -d "$HOME/.gnupg" ]; then
    mkdir "$HOME/.gnupg"
  fi
  chown "$(whoami)" "$HOME/.gnupg"
  chmod 700 "$HOME/.gnupg"
  chown -Rf "$(whoami)" "$HOME/.gnupg/"
  find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
  find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
  if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
    logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
    curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
    chmod 600 "$HOME/.gnupg/gpg.conf"
  fi
  KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
  if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
    logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
    sudo pkill dirmngr
    dirmngr --daemon --standard-resolver
    gpg --keyserver https://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
    if [ -n "$EXIT_CODE" ]; then
      logg info 'Non-zero exit code received when downloading public GPG key'
      gpg --keyserver hkps://pgp.mit.edu --recv "$KEYID" || EXIT_CODE=$?
      if [ -n "$EXIT_CODE" ]; then
        logg info 'Non-zero exit code received when trying to retrieve public user GPG key on hkps://pgp.mit.edu'
        gpgconf --kill dirmngr
        KEYID="${KEYID^^}"
        KEYID="$(echo "$KEYID" | sed 's/^0X/0x/')"
        if [ -f "$HOME/.gnupg/public/$KEYID.sig" ]; then
          gpg --import "$HOME/.gnupg/public/$KEYID.sig"
        fi
      else
        logg success 'Successfully imported configured public user GPG key'
      fi
    fi
  else
    logg info 'Key is already in keyring'
  fi
  logg 'Ensuring the trust of the provided public GPG key is set to maximum'
  echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
else
  logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
fi