#!/usr/bin/env bash
set -Eeuo pipefail

# Prosess 3:
# Skriver ut DNS TXT-recordene som skal legges inn i Domeneshop.
#
# Leser:
#   private/dkim/<domene>.<selector>.public.pem
#
# Skriver:
#   private/dkim-domeneshop-records.txt
#
# Dette scriptet printer bare PUBLIC key. Det er ikke privatnøkkelen.
# Likevel lagres output under private/ for å holde repoet ryddig.

selector="${DKIM_SELECTOR:-mail}"
output_file="private/dkim-domeneshop-records.txt"

mapfile -t public_keys < <(
  find private/dkim -maxdepth 1 -type f -name "*.${selector}.public.pem" | sort
)

if [[ ${#public_keys[@]} -eq 0 ]]; then
  echo "FEIL: Fant ingen offentlige DKIM-nøkler."
  echo "Forventet filer som:"
  echo "  private/dkim/<domene>.${selector}.public.pem"
  exit 1
fi

{
  for public_key in "${public_keys[@]}"; do
    filename="$(basename "$public_key")"
    domain="${filename%.${selector}.public.pem}"
    pubkey="$(grep -v -- '-----' "$public_key" | tr -d '\n\r ')"

    if [[ -z "$pubkey" ]]; then
      echo "FEIL: Public key ble tom for ${domain}" >&2
      exit 1
    fi

    echo "============================================================"
    echo "DKIM for ${domain}"
    echo "============================================================"
    echo
    echo "I Domeneshop:"
    echo
    echo "Vertsnavn / hostname:"
    echo "${selector}._domainkey"
    echo
    echo "Type:"
    echo "TXT"
    echo
    echo "Verdi / parameter:"
    echo "v=DKIM1; k=rsa; p=${pubkey}"
    echo
    echo "Fullt DNS-navn:"
    echo "${selector}._domainkey.${domain}"
    echo
    echo "Test etter lagring:"
    echo "dig TXT ${selector}._domainkey.${domain} +short"
    echo
  done
} | tee "$output_file"

chmod 600 "$output_file"

echo
echo "Kopi lagret her:"
echo "  $output_file"