#!/bin/bash
set -eo pipefail

help=$(cat <<EOF
Generate Tarball with PSU image and MANIFEST Script
usage: generate-psu-tar [OPTION] <parameter>...
Options:
   --image        <file>          PSU FW image
   --version      <version>       PSU FW version
   --model        <model>         PSU FW model
   --manufacturer <version>       PSU FW manufacturer
   --machineName  <machineName>   Optionally specify the target machine name of this image.
   --outfile      <filename>      Outfile name
		                  For example : -o psufw.tar
                                  The default outfile name is image.tar,and
                                  "image" is what you input.
   --sign         <path>          Sign the image. The optional path argument specifies
                                  the private key file. Defaults to the bash variable
                                  PRIVATE_KEY_PATH if available, or else uses the
                                  open-source private key in this script.
   --help                         Display this help text and exit.
EOF
)

private_key=$'-----BEGIN PRIVATE KEY-----
MIIJRAIBADANBgkqhkiG9w0BAQEFAASCCS4wggkqAgEAAoICAQDO7vWM6ZOylO6T
lxDiRWgKCFauAxMVM4A7NmgZxfV73xqTzAtIzzF9CIKUEhqMT4LhNy1rU2oUUivH
4BZO2oC6yFafEPVla2oYAeWtXJmQTixYgJplKQCtLzFtb57DQJpl9Od0RVFC61yg
4LihsiENnRjncLPP7OkL68ssiELu+WxazDtewmVYQEHOMWQa2zDh9yrWsblLAyo4
gsG9rdwWjqIUnZkoeJuT7zks4Jes4qAtQUuZhCxMcvwvOq8od3e4nLVFnyUOGMpE
jdDDGddKh5e+9BJGqkfsLCT9UFTYi62Ifuxl1Gp963cZLapJS0CneHIrG3gapiCO
ea4TH/xySfts2jpl7DnEIUo3Qs0rZrOLQDLVVXvRJvHdsVoZcSRCD8Jf0YTQ6tT7
j3ejUOH8j3DGkgKRHGtH7yyCgmDyPYVQdEu3q4E1NBwODAyxppYGBqkwpSGRnf6q
E6i5rQJuoPCm3rb9ZmoHVzeb8HW3ofYfNnZNuae/2LdEtJ/cFs8ILXP5AKiaKpmS
H4GB8GUcgRMITGI1pcXhevO2wHi0ReJkme+m5GpuVIg9LpTs6YvvNoFeu6ux7up/
TjTa+Zdy3tLUZvvIIlS2Asu32uiGBFjZ2WiLeHq+ScaDsSyEJQkoYLqv+3MoPKhy
iX4yanZCwG3yx68RDe9qQBt6WXqAEwIDAQABAoICAA6OxAqKQiA9lv0eEwuAC34t
MP/j6ntC2MIRpUgu44K34tRD9gVEwjwEFb+Z+HEnhNMYQSM8RomwcDELBDa+63B4
eJOPK1xbrqaKt6A3E/yRa1A8l+AG/uuwFr+WqyocSOBkVsYYvEtDaIxO0t5ZPDcL
dr2NcbDuf0Sd7XiwC1lphaRrmr+jWGLZfmellN/IzMsQytw4u4rZ6aX5GO0hpoqV
tTRTE/vDZFqHaVPNZw48ET2tysY9hKpKKpCeBcWIhg0gRSZlOEOiHdStz2JyVnGB
UX0XCZQcFZw5TM7fUGC9jtM77qCJTYaXQpUsX77xQtalRA7hS1VAm6i6SbNBvE4j
le2JWBmOCbh9A/Dqnxh/3R2ZpsbffMG3O4KLkObquP8QGsItxwZYm4Bo37/HS6ki
1Ilym014DUT1+mTybi+2TjlPgh2LeECo1lbgFRJ/p9Vs7TJV2jeVPKDHF72cVvp2
Ly6dGQVtBPz7/HpvxwYA5TJstNWgiU1sZPwgVzhgeZEKt5DO3Da6DVoXt96/tHk4
577MA9P4qYLJldq5rfFW3IeyGUjLZ1yLmmDWj2Hz2IQe/YqrHHQH5UO6xxhrjuCa
FrAOv7wJxmmbhZ9AptmR0PnmTU79LM8gxyNY9nn0R+XMJd/3UvrrjzJWw+LUGdhC
zG0pF0JGMb71wHwlmmUpAoIBAQDyUHAcpgWtCl70qVpHnAG6WnsRP6ZS0dtBjqnN
l9GachlNLOyQHfKcs7Vj7dkrcumSTbZ7zzgsazQcwfJMEvVq2RS8iTrtKAq+yYmj
uejaJ3gAuiaU5Shv9PL+P25zGlwJtqEADYjiSrzO1ZRgM1M31tlH7f0wjYIrV6LP
5P5HYFVDFujsiWY9oUZ+PFaCWPRQ2P47zF3ocbiqD9TbFSwNfq5B2WPLCURExQAh
XT/GH8Devz2M79CWKjvDMQutZ8dcLZx6JNhpre5JoNbAxE2u9jIM++srSb41zArE
2lcy2tqNAWJV5jhFz5DZ451kvz7AKLaehWYj7D+TvX4V4UwpAoIBAQDanvWQCoop
Loh5s5tYwHB/iFE+jzVvyrytfRcDIjrBaCDCQrObgh/fllk44h9DpKHbM4nYlMpU
GXOsQCVkE/SiJakzeXfoecCJ3ebp+mlBILs79AWlfETJFLx1FKJQOQoraoICVFxx
jcI/OvGlABRLvRYhNnq22//IgLlyKWfO0yS6FASIjriIjDwibKZqHt+DJ98Lv2d+
1fsOw/Ai7e2e3nK0+2vmXusZAwpcPuTYb+5LOnHE7GbPecuM22BSTiUAekoHq3/k
fdYw+od4B4BJB0bAnRVu7y+TQXRkZ462RvP05AYXUzudjknv48mFuBslrybr3f50
aIwtFADeJrHbAoIBAQCYcEwnabaWZrjX+BZoiFd58eQMNNugrI7fzi06vrDJFdCf
AY0NGRoAxPlvFTmTIOaZ+LO9bd5r60FMeiLBAwhLoKdv+HEOsysXXVhunM1FOKFA
69rLvuJSlGmt0x/b35BZOABPNTSRD+15vVlrr75BmbL1kl2/BrcGJ0qwuOHS62KY
IziDXejpCqV7UuAlfmqs1eYSnn3RdoFy0yTYcphVIQXlPSqPl5PQI5LyamRtcpp2
Rx8ko9W4MneIUzmCbJA5iCQxny5aRWZsAXg4qwYn9JAGJRGMGQdFdsirkKRcxNvK
6zz+xydNm8gHmy7wK3QBlVtVnJxmKwDQI9zHTQYJAoIBAQDVKrXJ81zv9r1/3U8V
5N5MnACL/VtfW9FJYHU1ywR7XSrEAAHdGa42dwUcX++YJ0ji0YgRNFNsWTzesdVD
lemsyQgIduIiPcUtKL9lWZOTu3SVasSurVLstllj1/DERDnUR4/o8ZUJ6+2Bddn0
xvUDPKX9UH+rGSx4tnscA5+CnYJsJeSdunvYONTRxBsn0l6iJhhn/gPOOpsHtKnL
hS9y/vfd3GFDST33L23EsFa3a7xwgdY460D8AIgnGij7V9Lgel0AyYp0ovZc34uD
z9yYWI32dbRWbMZ40RPKaudOeDSbjlMaH0A7ymfxjqwKxI9D2VscFWNs4hv8QErw
Uc6NAoIBAQCmWWyARU/x4m7K4vNAWjD2Qx6R7PAdLs/6ZBqWw0RSpRHlYr73Qggw
dCK+LrsR0O7y1KW2WUfrJmzHEdFQEYcZ1vZWeN85dMLVhYmazSXlaIegRE4FmMUa
DbzViUJA60Y4D/l6QWqdhxdZZe81QgqyLPXAv/e5esxRIi8yvEYhCx4pq7QtWYBm
tvQnPaZd8emlKARivF2ecGDlWzhf4NotDDtFRT4jOHZKUC58uVjbiXJ445Vimqlb
Da7noVGwDQ93Ib1qyAilzFY5gWDeMyCnSQpnlVRHQ/8vlwLDsZs1kVau6k8WlcpM
JbmuCRNy7YvALVTzyQsQ4yw87BoONt1L
-----END PRIVATE KEY-----
'

do_sign=false
# shellcheck disable=SC2153
private_key_path="${PRIVATE_KEY_PATH}"
image=""
outfile=""
version=""
model=""
manufacturer=""
machineName=""


while [[ $# -gt 0 ]]; do
  key="$1"
  case $key in
    --image)
      image="$2"
      shift 2
      ;;
    --version)
      version="$2"
      shift 2
      ;;
    --model)
      model="$2"
      shift 2
      ;;
    --manufacturer)
      manufacturer="$2"
      shift 2
      ;;
    --machineName)
      machineName="$2"
      shift 2
      ;;
    --outfile)
      outfile="$2"
      shift 2
      ;;
    --sign)
      do_sign=true
      if [[ -n "${2}"  && "${2}" != -* ]]; then
        private_key_path="$2"
        shift 2
      else
        shift 1
      fi
      ;;
    --help)
      echo "$help"
      exit
      ;;
    *)
      echo "Please enter the correct parameters."
      echo "$help"
      exit 1
      ;;
  esac
done

if [ ! -f "${image}" ]; then
  echo "Please enter a valid PSU FW image file."
  echo "$help"
  exit 1
fi

if [  -z "${version}" ]; then
  echo "Please enter a valid PSU FW image version."
  echo "$help"
  exit 1
fi


if [  -z "${model}" ]; then
  echo "Please enter a valid PSU FW image model."
  echo "$help"
  exit 1
fi

if [  -z "${manufacturer}" ]; then
  echo "Please enter a valid PSU FW image manufacturer."
  echo "$help"
  exit 1
fi

if [  -z "${outfile}" ]; then
    outfile=$(pwd)/$image.tar
else
    outfile=$(pwd)/$outfile
fi

scratch_dir=$(mktemp -d)
# shellcheck disable=SC2064
trap "{ rm -r ${scratch_dir}; }" EXIT

if [[ "${do_sign}" == true ]]; then
  if [[ -z "${private_key_path}" ]]; then
    private_key_path=${scratch_dir}/OpenBMC.priv
    echo "${private_key}" > "${private_key_path}"
    echo "Image is NOT secure!! Signing with the open private key!"
  else
    if [[ ! -f "${private_key_path}" ]]; then
      echo "Couldn't find private key ${private_key_path}."
      exit 1
    fi

    echo "Signing with ${private_key_path}."
  fi

  public_key_file=publickey
  public_key_path=${scratch_dir}/$public_key_file
  openssl pkey -in "${private_key_path}" -pubout -out "${public_key_path}"

  cp "${private_key_path}" "${scratch_dir}/private_key"

fi

manifest_location="MANIFEST"
files_to_sign="$manifest_location $public_key_file $image"

cp "${image}" "${scratch_dir}"
cd "${scratch_dir}"

echo "Creating MANIFEST for the image"
echo -e "purpose=xyz.openbmc_project.Software.Version.VersionPurpose.PSU\nversion=$version\n\
extended_version=model=$model,manufacturer=$manufacturer" > $manifest_location

if [[ -n "${machineName}" ]]; then
    echo -e "MachineName=${machineName}" >> $manifest_location
fi

if [[ "${do_sign}" == true ]]; then
  private_key_name=$(basename "${private_key_path}")
  key_type="${private_key_name%.*}"
  echo KeyType="${key_type}" >> $manifest_location
  echo HashType="RSA-SHA256" >> $manifest_location

  for file in $files_to_sign; do
    openssl dgst -sha256 -sign private_key -out "${file}.sig" "$file"
  done

  additional_files="*.sig"
fi

# shellcheck disable=SC2086
# Do not quote the files variables since they list multiple files
# and tar would assume to be a single file name within quotes
tar -cvf $outfile $files_to_sign $additional_files
echo "PSU FW tarball at $outfile"
exit