#!/bin/sh

#
## generate SRI checksums
#

### text formatting presets
if command -v tput > /dev/null; then
    cyan=$(tput setaf 6)
    err=$(tput bold)$(tput setaf 1)
    magenta=$(tput setaf 5)
    norm=$(tput sgr0)
    ok=$(tput setaf 2)
else
    cyan=''
    err=''
    magenta=''
    norm=''
    ok=''
fi

### trap
trap trapExit 1 2 3 6

### functions
displayError (){
    printf "\n%sERROR: %s\n" "$err" "$2"
    printf "Exiting now.%s\n\n" "$norm"
    exit "$1"
}

scriptHelp (){
    printf "\n%sUsage: %s%s %s[--help] [--sha256|--sha384|--sha512] --file /file/to/hash%s\n\n" "$magenta" "$norm" "$scriptName" "$cyan" "$norm"
    printf "%s---parameters---%s\n" "$magenta" "$norm"
    printf "%s-h|-?|--help%s: show this help page\n" "$cyan" "$norm"
    printf "%s-2|--sha256%s: generate SHA256 SRI hash\n" "$cyan" "$norm"
    printf "%s-3|--sha384%s: generate SHA384 SRI hash (default)\n" "$cyan" "$norm"
    printf "%s-5|--sha512%s: generate SHA512 SRI hash\n" "$cyan" "$norm"
    printf "%s-f|--file%s: full path to the file for which you wish the SRI hash generated (required)\n\n" "$cyan" "$norm"
    printf "%s---examples---%s\n" "$magenta" "$norm"
    printf "Generate default SHA384 hash for styles.css located in the current directory:\n"
    printf "%s%s -f styles.css%s\n\n" "$cyan" "$scriptName" "$norm"
    printf "Generate SHA512 hash for /var/www/js/script.js:\n"
    printf "%s%s -5 --file /var/www/js/script.js%s\n\n" "$cyan" "$scriptName" "$norm"
    exit 0;
}

trapExit (){
    printf "\n%sERROR: Caught signal. Exiting.%s\n\n" "$err" "$norm"
    exit 99
}

### default variables
scriptName="$( basename "$0" )"
doDir=0
doFiles=0
unset hashDir
unset hashFiles
filter='*'
algo='sha384'

### check pre-requisites
if ! command -v openssl > /dev/null; then
    displayError 2 'openSSL is not installed'
fi

### process startup parameters
if [ -z "$1" ]; then scriptHelp; fi
while [ $# -gt 0 ]; do
    case "$1" in
        -h|-\?|--help)
            # display script help
            scriptHelp
            exit 0
            ;;
        -2|--sha256)
            # generate SRI using sha256
            algo='sha256'
            ;;
        -3|--sha384)
            # generate SRI using sha384 (default)
            algo='sha384'
            ;;
        -5|--sha512)
            # generate SRI using sha512
            algo='sha512'
            ;;
        -d|--dir*)
            # verify directory exists
            if [ -d "$2" ]; then
                doDir=1
                hashDir="${2%/}"
            elif [ -z "$2" ]; then
                displayError 1 "No directory specified."
            else
                displayError 1 "Directory '$2' does not exist."
            fi
            shift
            ;;
        -f|--file)
            # has supplied list of files
            if [ -z "$2" ]; then
                displayError 1 'No filename(s) specified.'
            else
                doFiles=1
                hashFiles="$2"
            fi
            shift
            ;;
        --filter)
            if [ -z "$2" ]; then
                displayError 1 'Filter cannot be blank.'
            else
                filter="$2"
            fi
            shift
            ;;
        *)
            # unknown option
            printf "\n%sUnknown option: %s.\n" "$err" "$1"
            printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
            exit 1
            ;;
    esac
    shift
done
printf "\n"

### do SRI generation
if [ "$doDir" -eq 1 ]; then
    for file in "$hashDir"/${filter}; do
        hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
        if [ -z "$hash" ]; then
            printf "%s --> unable to generate SRI hash\n" "$file"
        else
            printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
        fi
    done
fi

if [ "$doFiles" -eq 1 ]; then
    for file in $hashFiles; do
        # verify file exists, then hash it
        if [ -f "$file" ]; then
            hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
            if [ -z "$hash" ]; then
            printf "%s --> unable to generate SRI hash\n" "$file"
            else
                printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
            fi
        else
            printf "%s%s --> does not exist\n" "$err" "$file"
        fi
    done
fi

printf "\n"
exit 0


### error codes
# 0:    no errors, normal execution
# 1:    parameter error
# 2:    cannot find openSSL binary

#EOF