#! /bin/bash

set -o nounset

DELAY=60

KEY_PRIV=priv.pem
KEY_PUB=public.pem
SIGN_FILE=plop.txt.sign
TMP_SIGN_FILE=/tmp/plop.txt.sha256
DATA_FILE=plop.txt

enc_create_key_priv() {
        openssl genrsa -out "$KEY_PRIV" 4096
}

enc_create_key_pub() {
        openssl rsa -in "$KEY_PRIV" -pubout -out "$KEY_PUB"
}

enc_sign() {
        openssl dgst -sha256 -sign "$KEY_PRIV" -out "$TMP_SIGN_FILE" "$DATA_FILE"
        openssl base64 -in "$TMP_SIGN_FILE" -out "$SIGN_FILE"
}

err() {
        local err_code=$1
        shift
        echo $* >&2
        exit $err_code
}

enc_verif_sign() {
        openssl base64 -d -in "$SIGN_FILE" -out "$TMP_SIGN_FILE"
        openssl dgst -sha256 -verify "$KEY_PUB" -signature "$TMP_SIGN_FILE" "$DATA_FILE" > /dev/null
        if [ $? -ne 0 ]
        then
                err 1 "Error. Sign. Verification Failure"
        fi
}

date_epoch() {
        echo $(date +%s)
}

read_date_file() {
        echo "$(cat $DATA_FILE)"
}

create_date_file() {
        date_epoch > "$DATA_FILE"
        enc_sign
}

check_date() {
        enc_verif_sign
        local -i epoch_file="$(read_date_file)"
        local -i epoch_now="$(date_epoch)"
        echo "DEBUG: $epoch_file > $(( epoch_now - DELAY ))"
        if (( epoch_file > epoch_now ))
        then
                err 2 "Error. Time in futur"
        elif (( $epoch_file < $(( epoch_now - DELAY )) ))
        then
                err 3 "Error. Expired"
        else
                echo "OK"
        fi
}

#enc_create_key_priv
#enc_create_key_pub
#create_date_file
#enc_sign

enc_verif_sign
read_date_file
check_date