#!/usr/bin/env bash
set -eu

if [[ $# -eq 2 ]]; then
	>&2 echo "ERROR: Must provide exactly one argument"
	exit 1
fi

SECRET_FILE="${1}"

if [[ -f "${SECRET_FILE}" ]]; then
	SECRET_FILE_PERMS="$(stat -c %a "${SECRET_FILE}")"
	if [[ ${SECRET_FILE_PERMS} != [0-9][0-9]0 ]]; then
		>&2 echo "ERROR: ${SECRET_FILE} has world-permissions set (${SECRET_FILE_PERMS})"
		exit 1
	fi

	exit
fi

TARGET_DIR="$(dirname "${SECRET_FILE}")"
if [[ ! -d "${TARGET_DIR}" ]]; then
	mkdir -p "${TARGET_DIR}"
fi

MY_TMPDIR=$(mktemp -d --tmpdir="${TMPDIR:-/tmp}")
trap 'rm -rf ${MY_TMPDIR}' EXIT

SECRET_FILE_TMP="${MY_TMPDIR}/secret"

gs-netcat -g > "${SECRET_FILE_TMP}"

install --mode=400 "${SECRET_FILE_TMP}" "${SECRET_FILE}"
