#!/bin/bash

if (( $# != 2));then
  echo "usage: overonion e|d keyfile"
  exit 1
fi
mode=$1
if [[ "$mode" != e && "$mode" != d ]];then
  echo "Use 'e' for encrypt or 'd' for decrypt"
  exit 1
fi
keyfile=$2
if [[ ! -e "$keyfile" ]];then
  echo "Keyfile not found"
  exit 1
fi
if [[ ! -r "$keyfile" ]];then
  echo "Cannot read keyfile"
  exit 1
fi

num_layers=$(wc -l < "$keyfile")
if (( num_layers < 20 ));then
  echo "Keyfile doesn't have enough layers to be an onion"
  exit 1
fi

if [[ "$mode" == e ]];then
  first_layer=$num_layers
  next_layer=-1
  openssl_decrypt=""
else
  first_layer=1
  next_layer=1
  openssl_decrypt="-d"
fi

function go() {
  layer=$1
  if (( layer == 0 || layer > num_layers ));then
    cat
  else
    openssl enc $openssl_decrypt "-$(sed -n "${layer}s/ .*//p" "$keyfile")" \
            -pass fd:37 37< <(sed -n "${layer}s/^[^ ]* //p" "$keyfile") |
    go $(( layer + next_layer ))
  fi
}

go "$first_layer"