From 71c82a977bd76a5e8a5a887c62904401465ac6da Mon Sep 17 00:00:00 2001
From: Denis Patrakeev <denis.patrakeev@avroid.team>
Date: Wed, 15 Jan 2025 15:52:24 +0300
Subject: [PATCH] [DO-1236] Add new function for reencrypt files and fix
 error/warnings shellcheck (!21)

DO-1236

Co-authored-by: denis.patrakeev <denis.patrakeev@avroid.tech>
Reviewed-on: https://git.avroid.tech/DevOps/secrets/pulls/21
Reviewed-by: Vasiliy Chipizhin <vasiliy.chipizhin@avroid.team>
Reviewed-by: Rustam Tagaev <rustam.tagaev@avroid.team>
---
 gpg-tool.sh | 56 ++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 47 insertions(+), 9 deletions(-)

diff --git a/gpg-tool.sh b/gpg-tool.sh
index 0c624ab..76278ed 100755
--- a/gpg-tool.sh
+++ b/gpg-tool.sh
@@ -9,6 +9,7 @@ gpg-tool.sh [args] file
 Commands:
   -d, --decrypt          decrypt file
   -e, --encrypt          encrypt file
+  -r, --reencrypt        decrypt and encrypt all .asc files in directory
   -v, --view             view encrypted file
   -i, --import_keys      import keys
   -h, --help             display help
@@ -18,38 +19,71 @@ Example:
   ./gpg-tool.sh --view secrets.txt.asc
   ./gpg-tool.sh --decrypt secrets.txt.asc
   ./gpg-tool.sh --encrypt secrets.txt
+  ./gpg-tool.sh --reencrypt .
 "
 }
 
 function decrypt {
-    FILE="$1"
-    gpg --decrypt-files "$SCRIPT_PATH/$FILE"
-    rm -r "$SCRIPT_PATH/$FILE"
+    local FILE="$1"
+    gpg --decrypt-files "${SCRIPT_PATH:?}/${FILE}"
+    rm -r "${SCRIPT_PATH:?}/${FILE}"
 }
 
 function view {
-    FILE="$1"
-    gpg --decrypt "$SCRIPT_PATH"/"$FILE" 2> /dev/null
+    local FILE="$1"
+    gpg --decrypt "${SCRIPT_PATH:?}/${FILE}" 2> /dev/null
 }
 
 function import_keys {
-    for i in ls "$SCRIPT_PATH"/keys/*.pub; do
+    for i in ls "${SCRIPT_PATH:?}"/keys/*.pub; do
         gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//' > /dev/null
     done
     echo 'All keys have been imported'
 }
 
 function get_recipients {
-    for i in "$SCRIPT_PATH"/keys/*.pub; do
+    for i in "${SCRIPT_PATH:?}"/keys/*.pub; do
         allKeys+="--recipient $(gpg --import "$i" 2>&1 | head -1 | awk '{print $3}' | sed 's/.$//') "
     done
     echo "$allKeys"
 }
 
 function encrypt {
+    local PUBKEYS
     PUBKEYS=$(get_recipients)
-    FILE="$1"
-    gpg --encrypt-files --trust-model always $PUBKEYS --armor "$FILE"
+    local FILE="$1"
+    gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor "$FILE"
+}
+
+function reencrypt {
+    local PUBKEYS
+    PUBKEYS=$(get_recipients)
+    local CHECK_REMOVE
+    local DIR="$1"
+    local LIST_FILES_ASC
+    local LIST_FILES
+
+    LIST_FILES_ASC=$(find "$SCRIPT_PATH/${DIR}/" -type f -name "*.asc")
+    LIST_FILES=$(echo "${LIST_FILES_ASC}" | awk '{gsub(/\.asc$/,""); print}')
+
+    echo -e "List files for decrypt:\n${LIST_FILES_ASC}\n"
+    read -r -p 'Decrypt files for future reencrypt. Are you sure (y/N): ' CHECK_DECRYPT
+    if ! [ "${CHECK_DECRYPT}" == "y" ] || [ "${CHECK_DECRYPT}" == "Y" ]; then
+        exit 1
+    fi
+    echo "${LIST_FILES_ASC}" | gpg --decrypt-files
+
+    echo -e "\n"
+    read -r -p 'Reencrypt decrypted files. Are you sure (y/N): ' CHECK_REENCRYPT
+    if [ "${CHECK_REENCRYPT}" == "y" ] || [ "${CHECK_REENCRYPT}" == "Y" ]; then
+        echo "${LIST_FILES}" | gpg --encrypt-files --trust-model always "${PUBKEYS}" --armor --yes
+    fi
+
+    echo -e "\nList decrypted files for remove:\n${LIST_FILES}\n"
+    read -r -p 'Remove decrypted files. Are you sure (y/N): ' CHECK_REMOVE
+    if [ "${CHECK_REMOVE}" == "y" ] || [ "${CHECK_REMOVE}" == "Y" ]; then
+        echo "${LIST_FILES}" | xargs rm -f
+    fi
 }
 
 if [ $# = 0 ]; then
@@ -70,6 +104,10 @@ case $1 in
         encrypt "$2"
         ;;
 
+    -r | --reencrypt)
+        reencrypt "$2"
+        ;;
+
     -v | --view)
         view "$2"
         ;;