#!/usr/bin/env bash

# kbs2-gpg-add: Add a kbs2-stored GPG passphrase to the gpg-agent.

set -eo pipefail

[[ -n "${KBS2_SUBCOMMAND}" ]] \
  || { >&2 echo "Fatal: Not being run as a subcommand?"; exit 1; }

record="${1}"
gpg_preset_passphrase=/usr/lib/gnupg2/gpg-preset-passphrase

[[ -f "${gpg_preset_passphrase}" ]] \
  || { >&2 echo "Fatal: couldn't find gpg-preset-passphrase"; exit 1; }

[[ -n "${record}" ]] \
  || { >&2 echo "Usage: kbs2 gpg-add <record>"; exit; }

contents=$(kbs2 dump --json "${record}")
keygrip=$(jq --raw-output ".body.fields.username" <<< "${contents}")
passphrase=$(jq --raw-output ".body.fields.password" <<< "${contents}")

"${gpg_preset_passphrase}" --preset "${keygrip}" <<< "${passphrase}"
