#!/bin/sh -efu
# SPDX-License-Identifier: GPL-2.0-or-later

# shellcheck enable=all disable=SC2250,SC3043

config_file=/etc/alt-signer/config
if [ -r "$config_file" ]; then
	# shellcheck source=/dev/null
	. "$config_file"
fi

dbdir=${ALT_SIGNER_DBDIR:-/var/lib/alt-signer}

validate_nickname() {
	local nickname="$1"; shift

	if [ -z "$nickname" ] || [ "$nickname" != "${nickname%%[!A-Za-z0-9._-]*}" ]; then
		echo >&2 'malformed nickname'
		return 1
	fi
}

check_db() {
	if ! certutil -d "$dbdir" -L >/dev/null 2>&1; then
		echo >&2 'key db is not available'
		exit 1
	fi
}

show_cert() {
	# && to make it work with -e disabled in conditions, see
	# https://www.shellcheck.net/wiki/SC2310
	local nickname="$1" &&
		certutil -d "$dbdir" -L -n "$nickname" -a
}

show_cert_if_exists() {
	local nickname="$1"; shift

	# shellcheck disable=SC2310
	if show_cert "$nickname" >/dev/null 2>&1; then
		show_cert "$nickname"
	else
		echo >&2 "cert with nickname=$nickname does not exist"
		return 1
	fi

}
