#!/bin/sh

verbose=
password_file=
run=1

# read the options
TEMP=`getopt -o f:nv --long help -n 'lunasa-del' -- "$@"`
eval set -- "$TEMP"

# extract options and their arguments into variables.
while true ; do
    case "$1" in
        -f)
            password_file=$2
            shift 2
            ;;
        --help)
            echo "Usage: lunasa-del <prefix> -f <password file> [OPTIONS]"
            echo
            echo "Options:"
            echo " -f <password file>   File containing LunaSA password."
            echo " -n                   Dry run. Do not delete objects."
            echo " -v                   Run in verbose mode."
            echo " --help               Show help message."
            exit 0
            ;;
        -n)
            run= 
            shift
            ;;
        -v)
            verbose=1
            shift
            ;;
        --)
            shift
            break
            ;;
        *)
            echo "Error: invalid option $1" >&2
            echo "Run lunasa-del --help for help." >&2
            exit 1
            ;;
    esac
done

prefix=$1

if [[ "$verbose" != "" ]]
then
    echo "prefix: $prefix"
fi

if [[ "$prefix" == "" ]]
then
    echo "Error: missing prefix" >&2
    echo "Run lunasa-del --help for help." >&2
    exit 1
fi

if [[ "$verbose" != "" ]]
then
    echo "password file: $password_file"
fi

if [[ "$password_file" == "" ]]
then
    echo "Error: missing password file" >&2
    echo "Run lunasa-del --help for help." >&2
    exit 1
fi

password="`cat $password_file`"

if [[ "$verbose" != "" ]]
then
    echo "run: $run"
fi

echo "Searching for objects with prefix: $prefix"

/usr/safenet/lunaclient/bin/cmu list -display handle,id,label -class certificate -password $password | while read cert
do
    label=$(echo $cert | sed 's/^.*label=\(.*\)$/\1/')

    if [[ "$verbose" != "" ]]
    then
        echo "object: $label"
    fi

    if [[ "$label" == "$prefix"* ]]
    then

        echo "deleting object: $label"

        id=$(echo $cert | sed 's/^.*id=\([^ ]*\).*$/\1/')
        echo " - id: $id"

        certHandle=$(echo $cert | sed 's/^handle=\([^ ]*\).*$/\1/')
        echo " - certificate: $certHandle"

        if [[ "$run" == "1" ]]
        then
            /usr/safenet/lunaclient/bin/cmu delete -handle $certHandle -force -password $password
        fi

        publicKey=$(/usr/safenet/lunaclient/bin/cmu list -display handle -id $id -class public -password $password)
        publicKeyHandle=$(echo $publicKey | sed 's/^handle=\([^ ]*\).*$/\1/')

        if [[ "$publicKeyHandle" != "" ]]
        then
            echo " - public key: $publicKeyHandle"

            if [[ "$run" == "1" ]]
            then
                /usr/safenet/lunaclient/bin/cmu delete -handle $publicKeyHandle -force -password $password
            fi
        fi

        privateKey=$(/usr/safenet/lunaclient/bin/cmu list -display handle -id $id -class private -password $password)
        privateKeyHandle=$(echo $privateKey | sed 's/^handle=\([^ ]*\).*$/\1/')

        if [[ "$privateKeyHandle" != "" ]]
        then
            echo " - private key: $privateKeyHandle"

            if [[ "$run" == "1" ]]
            then
                /usr/safenet/lunaclient/bin/cmu delete -handle $privateKeyHandle -force -password $password
            fi
        fi

    fi

done