#!/bin/sh

# Copyright (c) 2014 Gunnar Wolf <gwolf@debian.org>,
#      Based on 2008 Jonathan McDowell <noodles@earth.li>
# GNU GPL; v2 or later
# Replaces an existing key with a new one in its same keyring directory

set -e

if [ -z "$1" ] || [ -z "$2" ]; then
	echo "Usage: replace-key oldkeyid newkeyid" >&2
	exit 1
fi

scriptdir=`dirname $0`
oldkey=$1
newkey=$2

# avoid gnupg touching ~/.gnupg
GNUPGHOME=$(mktemp -d -t jetring.XXXXXXXX)
export GNUPGHOME
trap cleanup exit
cleanup () {
	rm -rf "$GNUPGHOME"
}

newkeytemp=`mktemp -t newkey.XXXXXXXXX`
gpg --keyserver hkps.pool.sks-keyservers.net --recv-key "$newkey"
gpg --export "$newkey" > $newkeytemp

if [ $(echo -n $oldkey|wc -c) -eq 16 ]; then
    key='0x'$(echo $oldkey|tr a-z A-Z)
elif [ $(echo -n $oldkey|wc -c) -eq 40 ] ; then
    key='0x'$(echo -n $oldkey | cut -b 25-)
fi

for dir in *-gpg/; do
    if [ -f $dir/$oldkey ]; then
	oldkeyfile=$(readlink -f "$dir/$oldkey")
	keydir=$(readlink -f $dir)
	keyring=`basename $keydir`
	break
    fi
done

if [ -z "$oldkeyfile" -o -z "$keydir" ]; then
    echo "Requested key '$oldkey' not found"
    exit 1
fi


oldkeyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $oldkeyfile| grep '^pub' | cut -d : -f 10)
newkeyuser=$(gpg --with-colons --keyid long --options /dev/null --no-auto-check-trustdb < $newkeytemp| grep '^pub' | cut -d : -f 10)

echo ""
echo "About to replace key $oldkey ($oldkeyuser)"
echo "   with NEW key $newkey ($newkeyuser)"
echo "   in the $keyring keyring."
echo "Are you sure you want to update this key? (y/n)"
read n

if [ "x$n" = "xy" -o "x$n" = "xY" ]; then
    $scriptdir/add-key $newkeytemp $keyring

    if [ "$keyring" = "debian-keyring-gpg" -o "$keyring" = "debian-nonupload-gpg" ]; then
	name=`grep $newkey keyids | sed 's/^[^ ]* //'|sed s/\<.*//`
    elif [ "$keyring" = "debian-maintainers-gpg" ]; then
	echo -n "Enter full name of new key: "
	read name
    else
	echo "*** Key to be replaced is of a strange type (not DD, NonUplDD, DM)"
	echo "    Be sure you are doing the right thing before committing. Double-check"
	echo "    the log message, as it will most likely not be correct."
	name="Unknown"
    fi
    echo -n 'RT issue ID this change closes, if any: '
    read rtid

    log="Replace $oldkey with $newkey ($name) (RT #$rtid)"

    bzr mv $oldkeyfile removed-keys-gpg/
    dch -D UNRELEASED -a "$log"

fi
