#!/bin/sh

SOURCE="/var/ftp/uploads"
DATE=`date -u +%F-%Hh%M`
CURRENT=$(dirname $0)
BACKUP=$CURRENT"/Backup"
TEMPORARY=$CURRENT"/TEMP"
LOGDIR=$CURRENT"/LOG"
CONF=$CURRENT"/liste.conf"
PRIVATE=$CURRENT"/private.pem"
PUBLIC=$CURRENT"/public.pem"
LOG=$LOGDIR"/backup.log"

function install
{
 mkdir -p $LOGDIR
 echo "The RSA keys will be overwritten. Are you sure?"
 echo -n "== Press Enter to continue or Ctl+C =="
 read
 echo "Preparing Asymmetric Key Cryptography..."
 echo "It may take some minutes!"
 head -c 1024 /dev/random > seed
 echo "= Generating RSA key pair"
 openssl genrsa -rand seed -out $PRIVATE -aes256 2048
 rm -f seed
 echo "= Extracting RSA public key"
 openssl rsa -in $PRIVATE -pubout -out $PUBLIC
}

function start
{
 DESTINATION=$BACKUP"."$DATE

 if [ $(ls $SOURCE/*-confg | wc -l) = "0" ]; then
  return 0
 fi
 mkdir -p $DESTINATION

 echo "= Generate key and vector pair and protect it with public key"
 #KEY (256 bits): AES 256
 KEY=`cat /dev/random | od -An -tx -N32 -w32 | tr -d " "`
 #VECTOR (128 bits): block length in CBC mode
 VECTOR=`cat /dev/random | od -An -tx -N16 -w16 | tr -d " "`
 echo "KEY="$KEY > $DESTINATION/.key
 echo "VECTOR="$VECTOR >> $DESTINATION/.key
 openssl rsautl -encrypt -pubin -inkey $PUBLIC -in $DESTINATION/.key -out $DESTINATION/.key.rsa
 rm -f $DESTINATION/.key

 echo "= Encrypt expected files with key and vector using AES-256-CBC"
 for FILE in $SOURCE/*-confg; do
  if [[ -f $FILE && -s $FILE ]]; then
   BASE=`basename $FILE`
   openssl enc -aes-256-cbc -in $FILE -out $DESTINATION/$BASE.aes256cbc -K $KEY -iv $VECTOR
   rm -f $FILE
  fi
 done
}

function verify
{
 echo "= Verify list of files to backup and log differences"
 if [ ! -d $LOGDIR ]; then
  mkdir -p $LOGDIR
 fi
 TEMP1=$LOGDIR"/backup.stat"
 TEMP2=$LOGDIR"/liste.sort"
 rm -f $TEMP1
 for FILE in $SOURCE/*-confg; do
  echo $(basename $FILE) >> $TEMP1
 done
 if [ -f $CONF ]; then
  sort $CONF > $TEMP2
  UNKNOWN=$(diff $TEMP2 $TEMP1 | grep ">" | sed "s/> //")
  NOTFOUND=$(diff $TEMP2 $TEMP1 | grep "<" | sed "s/< //")
  rm -f $TEMP2
  echo "["$DATE"] There are new files: "$UNKNOWN >> $LOG
  echo "["$DATE"] These files are missing: "$NOTFOUND >> $LOG
 fi
 rm -f $TEMP1
}

function read_archive
{
 SOURCE=$1
 DESTINATION=$TEMPORARY"/"$SOURCE

 if [ ! -d $TEMPORARY ]; then
  mkdir -p $TEMPORARY
 fi
 if [ ! -d $SOURCE ]; then
  echo "= Error! Select a Backup.* directory"
  exit 3
 fi

 echo "= Decrypt key and vector file"
 mkdir -p $DESTINATION
 openssl rsautl -decrypt -inkey $PRIVATE -in $SOURCE/.key.rsa -out $DESTINATION/.key
 if [ -f $DESTINATION/.key ]; then
  . $DESTINATION/.key
 fi

 echo "= Decrypt expected files"
 for FILE in $SOURCE/*.aes256cbc; do
  if [[ -f $FILE ]]; then
   BASE=$(basename $FILE)
   openssl enc -aes-256-cbc -in $FILE -out $DESTINATION/${BASE%%.*} -d -K $KEY -iv $VECTOR
  fi
 done
}

#Main function
RETVAL=0
case $1 in
 install)
  install
  ;;
 start-new)
  start
  ;;
 start-all)
  verify
  start
  ;;
 read)
  if [ $# != 2 ]
   then exit 3
  fi
  read_archive $2
  ;;
 clean)
  rm -rf $TEMPORARY
  ;;
 *)
  echo $"Usage: $0 {install|start-new|start-all|read|clean}"
  RETVAL=3
  ;;
esac
exit $RETVAL