#!/bin/bash
set -ex
user="$(stat -f '%Su' /dev/console)"
HOME="/Users/${user}"
uagents="$HOME/Library/LaunchAgents"
plist="net.cooperi.pivy-agent.plist"
prefix="/opt/pivy"
bindir="$prefix/bin"

while true; do
  /usr/bin/osascript -e 'display dialog "Please insert your YubiKey and press OK"' || exit 0

  # XXX: we just take the first one we see?
  while IFS=: read rdrname guid chuid ykpiv _; do
    # check it's been set up with a CHUID
    if [[ "$chuid" == "false" && "$ykpiv" == "true" ]]; then
      # if it hasn't set up a basic one + 9e key so we can pin it.
      # the user can do the rest with pivy-tool later.
      $bindir/pivy-tool -g 00000000 init
      # "init" changes the guid
      guid=$($bindir/pivy-tool -p list | \
        /usr/bin/grep "$rdrname" | /usr/bin/awk -F: '{print $2}')
      $bindir/pivy-tool -g $guid -a eccp256 generate 9e
    elif [[ "$chuid" == "false" ]]; then
      continue
    fi
    cak="$($bindir/pivy-tool -g $guid pubkey 9e)"

    /usr/bin/su "${user}" -c "/bin/mkdir -p \"${uagents}\""
    # substitute placeholders in the plist
    /bin/cat /opt/pivy/share/net.cooperi.pivy-agent.plist | \
      /usr/bin/sed -e "s|@@GUID@@|${guid}|g" -e "s|@@CAK@@|${cak}|g" \
        -e "s|@@HOME@@|${HOME}|g" \
      > "${uagents}/${plist}"
    chown "${user}" "${uagents}/${plist}"

    /usr/bin/su "${user}" -c "/bin/launchctl load \"${uagents}/${plist}\""

    if ! /usr/bin/grep pivy-agent /etc/profile >/dev/null 2>/dev/null; then
      echo '# pivy-agent' >> /etc/profile
      echo 'if [[ ! -e "$SSH_AUTH_SOCK" || "$SSH_AUTH_SOCK" == *"launchd"* ]]; then' >> /etc/profile
      echo '  SSH_AUTH_SOCK=$HOME/.ssh/pivy-agent.sock; export SSH_AUTH_SOCK;' >>/etc/profile
      echo 'fi' >>/etc/profile
    fi
    exit 0
  done < <($bindir/pivy-tool -p list)
done
