#!/bin/bash

[[ -z "${RBW_PROFILE}" ]] && rbw_profile='rbw' || rbw_profile="rbw-${RBW_PROFILE}"

set -eEuo pipefail

function help() {
    cat <<EOHELP
Use this script as pinentry to store master password for rbw into your keyring

Usage
- run "rbw-pinentry-keyring clear" to clear the master password from your keyring 
- add "rbw-pinentry-keyring" as "pinentry" in rbw config (${XDG_CONFIG_HOME}/rbw/config.json)
- use rbw as normal
Notes
- needs "secret-tool" to access keyring
- setup tested with pinentry-gnome3, but you can run the "secret-tool store"-command manually as well
- master passwords are stored into the keyring as plaintext, so secure your keyring appropriately
- supports multiple profiles, simply set RBW_PROFILE during setup
- can easily be rewritten to use other backends than keyring by setting the "secret_value"-variable
EOHELP
}

function clear() {
    secret-tool clear application rbw profile "$rbw_profile" type master_password
}

function getpin() {
    echo 'OK'

    title=""
    prompt=""
    desc=""

    while IFS=' ' read -r command args ; do
        case "$command" in
            SETTITLE)
                title="$args"
                echo 'OK'
                ;;
            SETDESC)
                desc="$args"
                echo 'OK'
                ;;
            SETPROMPT)
                prompt="$args"
                echo 'OK'
                ;;
            GETPIN)
                if [[ "$prompt" == "Master Password" ]]; then
                    set +e
                    secret_value="$(secret-tool lookup application rbw profile "$rbw_profile" type master_password)"
                    err=$?
                    set -e

                    if [[ $err == 1 ]]; then
                        cmd="SETTITLE rbw\n"
                        cmd+="SETPROMPT Master Password\n"
                        cmd+="SETDESC Please enter the master password for '$rbw_profile'\n"
                        cmd+="GETPIN\n"
                        secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)"
                        if [ -n "$secret_value" ]; then
                            echo -n "$secret_value" | secret-tool store --label="$rbw_profile master password" application rbw profile "$rbw_profile" type master_password >/dev/null 2>&1
                        fi
                    fi

                    printf 'D %s\n' "$secret_value"
                    echo 'OK'
                else
                    cmd="SETTITLE $title\n"
                    cmd+="SETPROMPT $prompt\n"
                    cmd+="SETDESC $desc\n"
                    cmd+="GETPIN\n"

                    secret_value="$(printf "$cmd" | pinentry | grep -E "^D " | cut -c3-)"

                    printf 'D %s\n' "$secret_value"
                    echo 'OK'
                fi
                ;;
            BYE)
                exit
                ;;
            *)
                echo 'ERR Unknown command'
                ;;
        esac
    done
}

command="$1"
case "$command" in
    -h|--help|help)
        help
        ;;
    -c|--clear|clear)
        clear
        ;;
    *)
        getpin
        ;;
esac