#!/usr/bin/env bash

#
# blackbox_register_new_file -- Enroll a new file in the blackbox system.
#
# Takes a previously unencrypted file and enrolls it into the blackbox
# system.  It will be kept in the repo as an encrypted file.  On deployment
# to systems that need the plaintext (unencrypted) versions, run
# blackbox_postdeploy.sh to decrypt all the files.

# TODO(tlim): Add the unencrypted file to .hgignore

set -e
blackbox_home=$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )
source "${blackbox_home}/_blackbox_common.sh"
_determine_vcs_base_and_type

unencrypted_file=$(get_unencrypted_filename "$1")
encrypted_file=$(get_encrypted_filename "$1")

if [[ "$1" == "$encrypted_file" ]]; then
  echo ERROR: Please only register unencrypted files.
  exit 1
fi

echo ========== PLAINFILE "$unencrypted_file"
echo ========== ENCRYPTED "$encrypted_file"

fail_if_not_exists "$unencrypted_file" "Please specify an existing file."
fail_if_exists "$encrypted_file" "Will not overwrite."

prepare_keychain
encrypt_file "$unencrypted_file" "$encrypted_file"
add_filename_to_cryptlist "$unencrypted_file"

# Is the unencrypted file already in HG? (ie. are we correcting a bad situation)
SECRETSEXPOSED=$(is_in_vcs "${unencrypted_file}")
echo "========== CREATED: ${encrypted_file}"
echo "========== UPDATING REPO:"
shred_file "$unencrypted_file"

VCSCMD=$(which_vcs)
if "$SECRETSEXPOSED" ; then
  vcs_remove "$unencrypted_file"
  vcs_add "$encrypted_file"
  COMMIT_FILES=("$BB_FILES" "$encrypted_file" "$unencrypted_file")
else
  COMMIT_FILES=("$BB_FILES" "$encrypted_file")
fi

# TODO(tlim): This should be moved to _blackbox_common.sh in a
# VCS-independent way.
IGNOREFILE="${REPOBASE}/.${VCS_TYPE}ignore"
if [[ $VCS_TYPE = 'git' ]]; then
  relfile="$(vcs_relative_path "$unencrypted_file")"
  relfileb="${relfile/\$\//}"
  ignored_file="$(echo "${relfileb}" |  sed 's/\([\*\?]\)/\\\1/g' | sed 's/^\([!#]\)/\\\1/')"
  if ! grep -Fsx >/dev/null "$ignored_file" "$IGNOREFILE"; then
    echo "$ignored_file" >>"$IGNOREFILE"
    COMMIT_FILES+=("$IGNOREFILE")
  fi
  vcs_add "$IGNOREFILE"
fi

echo 'NOTE: "already tracked!" messages are safe to ignore.'
vcs_add "$BB_FILES" "$encrypted_file"
vcs_commit "registered in blackbox: ${unencrypted_file}" "${COMMIT_FILES[@]}"
echo "========== UPDATING VCS: DONE"
echo "Local repo updated.  Please push when ready."
echo "    $VCSCMD push"