#!/usr/bin/env bash

{{ includeTemplate "universal/profile" }}
{{ includeTemplate "universal/logg" }}

KEYID="{{ .user.gpg.id }}"

if [ -n "$KEYID" ] && command -v gpg > /dev/null; then
  if [ ! -d "$HOME/.gnupg" ]; then
    mkdir "$HOME/.gnupg"
  fi
  chown -R "$(whoami)" "$HOME/.gnupg/"
  find "$HOME/.gnupg" -type f -exec chmod 600 {} \;
  find "$HOME/.gnupg" -type d -exec chmod 700 {} \;
  if [ ! -f "$HOME/.gnupg/gpg.conf" ]; then
    logg 'Downloading hardened gpg.conf file to ~/.gpnupg/gpg.conf'
    curl -sSL "{{ .config.gpg }}" > "$HOME/.gnupg/gpg.conf"
    chmod 600 "$HOME/.gnupg/gpg.conf"
  fi
  KEYID_TRIMMED="$(echo "$KEYID" | sed 's/^0x//')"
  if ! gpg --list-secret-keys --keyid-format=long | grep "$KEYID_TRIMMED" > /dev/null; then
    logg info 'Attempting to download the specified public GPG key (`{{ .user.gpg.id }}`) from public keyservers'
    gpg --recv "$KEYID" || EXIT_CODE=$?
    if [ -n "$EXIT_CODE" ]; then
      logg warn 'Error downloading public GPG key'
      logg info 'Retrying after turning on debug mode and using the standard DNS resolver'
      sudo pkill dirmngr
      dirmngr --debug-all --daemon --standard-resolver
      gpg --recv "$KEYID"
    fi
  else
    logg info 'Key is already in keyring'
  fi
  logg 'Ensuring the trust of the provided public GPG key is set to maximum'
  echo -e "trust\n5\ny" | gpg --command-fd 0 --edit-key "$KEYID"
else
  logg warn '`gpg` appears to be unavailable. Is it installed and on the PATH?'
fi