unified_mode true

property :batch_name, String,
         name_property: true,
         description: 'Name of  the key/batch to generate.'

property :override_default_keyring, [true, false],
         default: false,
         description: 'Set to true if you want to override the pubring_file and secring_file locations.'

property :pubring_file, String,
         description: 'Public keyring file location (override_default_keyring must be set to true or this option will be ignored)'

property :secring_file, String,
         description: 'Secret keyring file location (override_default_keyring must be set to true or this option will be ignored)'

property :user, String,
         default: 'root',
         description: 'User to generate the key for'

property :group, String,
         default: lazy { user },
         description: 'Group to run the generate command as'

property :key_type, String,
         default: '1', equal_to: %w(RSA 1 DSA 17 ),
         description: 'Corresponds to GPG option: Key-Type (RSA or DSA)'

property :key_length, String,
         default: '2048', equal_to: %w( 2048 4096 ),
         description: 'Corresponds to GPG option: Key-Length (2048 or 4096)'

property :name_real, String,
         default: lazy { "Chef Generated Default (#{batch_name})" },
         description: 'Corresponds to GPG option: Name-Real'

property :name_comment, String,
         default: 'generated by Chef',
         description: 'Corresponds to GPG option: Name-Comment'

property :name_email, String,
         default: lazy { "#{node.name}@example.com" },
         description: 'Corresponds to GPG option: Name-Email'

property :expire_date, String,
         default: '0',
         description: 'Corresponds to GPG option: Expire-Date. Defaults to 0 (no expiry)'

property :home_dir, String,
         default: lazy { ::File.expand_path("~#{user}/.gnupg") },
         description: 'Location to store the keyring. Defaults to ~/.gnupg'

property :batch_config_file, String,
         default: lazy { ::File.join(home_dir, "gpg_batch_config_#{batch_name}") },
         description: 'Batch config file name'

property :passphrase, String,
         sensitive: true,
         description: 'Passphrase for key'

property :key_file, String,
         description: 'Keyfile name'

property :key_fingerprint, String,
         description: 'Key finger print. Used to identify when deleting keys using the :delete action'

# Only Ubuntu > 16.04 supports the pinetree_mode. And requires it
property :pinentry_mode, [String, FalseClass],
         default: platform?('ubuntu') && node['platform_version'].to_f > 16.04 ? 'loopback' : false,
         description: 'Pinentry mode. Set to loopback on Ubuntu and False (off) for all other platforms.'

property :batch, [true, false],
         default: true,
         description: 'Turn batch mode on or off when genrating keys'

action :generate do
  unless key_exists(new_resource)

    config_dir = ::File.dirname(new_resource.batch_config_file)

    directory config_dir do
      owner new_resource.user
      mode '0700'
      recursive true
      not_if { ::Dir.exist?(config_dir) }
    end

    file new_resource.batch_config_file do
      content <<~EOS
        Key-Type: #{new_resource.key_type}
        Key-Length: #{new_resource.key_length}
        Name-Real: #{new_resource.name_real}
        Name-Comment: #{new_resource.name_comment}
        Name-Email: #{new_resource.name_email}
        Expire-Date: #{new_resource.expire_date}
      EOS

      if new_resource.override_default_keyring
        content << "%pubring #{new_resource.pubring_file}\n"
        content << "%secring #{new_resource.secring_file}\n"
      end

      content << "Passphrase: #{new_resource.passphrase}" if new_resource.passphrase
      content << "%commit\n"
      mode '0600'
      owner new_resource.user
      sensitive true
    end

    cmd = gpg_cmd
    cmd << gpg_opts(new_resource) if new_resource.override_default_keyring
    cmd << " --passphrase #{new_resource.passphrase}"
    cmd << ' --yes'
    cmd << ' --batch' if new_resource.batch
    cmd << ' --pinentry-mode loopback' if new_resource.pinentry_mode
    cmd << " --gen-key #{new_resource.batch_config_file}"

    execute 'gpg2: generate' do
      command cmd
      live_stream true
      user new_resource.user
      group new_resource.group
    end

  end
end

action :import do
  execute 'gpg2: import key' do
    command "#{gpg_cmd} --import #{new_resource.key_file}"
    user new_resource.user
    group new_resource.group
    not_if { key_exists(new_resource) }
  end
end

action :export do
  execute 'gpg2: export key' do
    command "#{gpg_cmd} --export -a \"#{new_resource.name_real}\" > #{new_resource.key_file}"
    user new_resource.user
    group new_resource.group
    not_if { ::File.exist?(new_resource.key_file) }
  end
end

action :delete_public_key do
  execute 'gpg2: delete key' do
    command "#{gpg_cmd} --batch --yes --delete-key \"#{new_resource.key_fingerprint}\""
    user new_resource.user
    group new_resource.group
    only_if { key_exists(new_resource) }
  end
end

action :delete_secret_keys do
  execute 'gpg2: delete key' do
    command "#{gpg_cmd} --batch --yes --delete-secret-keys \"#{new_resource.key_fingerprint}\""
    user new_resource.user
    group new_resource.group
    only_if { key_exists(new_resource) }
  end
end

action_class do
  include Gpg::Helpers
end