#!/bin/bash

# Color definitions
RED=$'\e[0;31m'
GREEN=$'\e[0;32m'
YELLOW=$'\e[1;33m'
BLUE=$'\e[0;34m'
MAGENTA=$'\e[0;35m'
CYAN=$'\e[0;36m'
BOLD=$'\e[1m'
NC=$'\e[0m' # No Color

if ! command -v gpg &> /dev/null; then
    echo "${RED}${BOLD}Error: GPG is not installed. Please install GPG to use this utility.${NC}"
    exit 1
fi

echo "${BOLD}${BLUE}========================================${NC}"
echo "${BOLD}${BLUE}      GPG Encrypted Message Utility     ${NC}"
echo "${BOLD}${BLUE}========================================${NC}"
echo "${CYAN}1)${NC} Write (Encrypt & Sign a message)"
echo "${CYAN}2)${NC} Read (Decrypt a message)"
echo "${CYAN}3)${NC} Import and Verify someone's public key"
echo "${CYAN}4)${NC} Display My Fingerprint"
echo ""
read -p "${YELLOW}Select an option (1, 2, 3, or 4): ${NC}" option

echo ""

if [ "$option" == "1" ]; then
    # WRITING / ENCRYPTING
    read -p "${YELLOW}Enter the recipient's email address: ${NC}" email
    if [ -z "$email" ]; then
        echo "${RED}Error: Email cannot be empty.${NC}"
        exit 1
    fi
    
    read -p "${YELLOW}Enter the name for the output file (e.g., secret.asc): ${NC}" outfile
    if [ -z "$outfile" ]; then
        echo "${RED}Error: Output file name cannot be empty.${NC}"
        exit 1
    fi
    
    # Create a secure temporary file
    temp_file=$(mktemp /dev/shm/secret_msg.XXXXXX 2>/dev/null || mktemp /tmp/secret_msg.XXXXXX)
    
    echo "${BLUE}----------------------------------------${NC}"
    echo "${CYAN}Opening text editor to write your secret message...${NC}"
    echo "${BLUE}----------------------------------------${NC}"
    
    # Open editor
    ${EDITOR:-nano} "$temp_file"
    
    # Check if file is empty
    if [ ! -s "$temp_file" ]; then
        echo "${RED}Message is empty. Aborting.${NC}"
        rm -f "$temp_file"
        exit 1
    fi
    
    gpg --encrypt --sign --armor --recipient "$email" < "$temp_file" > "$outfile"
    
    if [ $? -eq 0 ]; then
        echo ""
        echo "${GREEN}${BOLD}Success!${NC} Message encrypted and saved to '${BOLD}$outfile${NC}'."
        echo "You can now safely send this file to ${BOLD}$email${NC}."
    else
        echo ""
        echo "${RED}${BOLD}Error:${NC} Encryption failed. Make sure the recipient's key is imported and verified."
    fi
    
    # Securely delete the temporary file
    shred -u "$temp_file" 2>/dev/null || rm -P "$temp_file" 2>/dev/null || rm -f "$temp_file"

elif [ "$option" == "2" ]; then
    # READING / DECRYPTING
    read -p "${YELLOW}Enter the path to the encrypted file (e.g., secret.asc): ${NC}" infile
    
    if [ -z "$infile" ]; then
        echo "${RED}Error: Input file path cannot be empty.${NC}"
        exit 1
    fi
    
    if [ -f "$infile" ]; then
        echo ""
        echo "${CYAN}Decrypting message...${NC}"
        echo "${BLUE}----------------------------------------${NC}"
        gpg --decrypt "$infile"
        echo ""
        echo "${BLUE}----------------------------------------${NC}"
    else
        echo "${RED}Error: File '$infile' does not exist in this directory.${NC}"
    fi

elif [ "$option" == "3" ]; then
    # IMPORTING AND MANDATORY VERIFICATION
    read -p "${YELLOW}Enter the path to the public key file you want to import (e.g., friend_key.asc): ${NC}" keyfile
    
    if [ -z "$keyfile" ]; then
        echo "${RED}Error: Key file path cannot be empty.${NC}"
        exit 1
    fi
    
    if [ -f "$keyfile" ]; then
        echo ""
        echo "${CYAN}Importing public key from '${BOLD}$keyfile${NC}${CYAN}'...${NC}"
        echo "${BLUE}----------------------------------------${NC}"
        
        # Extract fingerprint before import to know exactly what we are dealing with
        fingerprint=$(gpg --show-keys --with-colons "$keyfile" 2>/dev/null | awk -F: '/^fpr:/ {print $10; exit}')
        
        if [ -z "$fingerprint" ]; then
            echo "${RED}Error: Could not extract fingerprint from '$keyfile'. Is it a valid GPG key?${NC}"
            exit 1
        fi
        
        gpg --import "$keyfile"
        
        if [ $? -eq 0 ]; then
            echo "${BLUE}----------------------------------------${NC}"
            echo "${YELLOW}Key loaded into temporary memory. ${BOLD}MANDATORY VERIFICATION REQUIRED.${NC}"
            echo ""
            
            # The Verification Block
            echo "${RED}${BOLD}======================================================================${NC}"
            echo "${RED}${BOLD}                        CRITICAL SECURITY STEP                        ${NC}"
            echo "${RED}${BOLD}======================================================================${NC}"
            echo "${YELLOW}To prevent a Man-in-the-Middle (MITM) attack, you MUST verify that    ${NC}"
            echo "${YELLOW}the fingerprint below actually belongs to the true owner.             ${NC}"
            echo ""
            gpg --fingerprint "$fingerprint"
            echo ""
            echo "${CYAN}${BOLD}INSTRUCTIONS:${NC}"
            echo "${CYAN}1. DO NOT verify this using the same channel you received the key on.${NC}"
            echo "${CYAN}2. Contact the person via phone, secure messenger, or in person.${NC}"
            echo "${CYAN}3. Read the fingerprint above aloud and have them confirm it.${NC}"
            echo "${RED}${BOLD}======================================================================${NC}"
            echo ""
            
            read -p "${YELLOW}Did you securely verify the fingerprint out-of-band? (Type 'yes' to confirm): ${NC}" verify_choice
            
            if [[ "$verify_choice" == "yes" ]]; then
                echo "${GREEN}Proceeding to signing prompt. Answer 'y' when GPG asks if you want to sign.${NC}"
                echo "${BLUE}----------------------------------------${NC}"
                gpg --sign-key "$fingerprint"
                echo "${BLUE}----------------------------------------${NC}"
                echo "${GREEN}${BOLD}If the signing was successful, this key is now fully trusted and saved.${NC}"
            else
                echo ""
                echo "${RED}Verification aborted or failed.${NC}"
                echo "${YELLOW}Security protocol requires deleting the unverified key from your keychain.${NC}"
                echo "${CYAN}Removing key...${NC}"
                gpg --batch --yes --delete-keys "$fingerprint"
                echo "${GREEN}Key removed. Import cancelled.${NC}"
            fi
        else
            echo "${BLUE}----------------------------------------${NC}"
            echo "${RED}Error: Failed to import the key. Make sure it is a valid GPG public key file.${NC}"
        fi
    else
        echo "${RED}Error: File '$keyfile' does not exist in this directory.${NC}"
    fi

elif [ "$option" == "4" ]; then
    # DISPLAY OWN FINGERPRINT
    echo "${BLUE}${BOLD}======================================================================${NC}"
    echo "${BLUE}${BOLD}                        YOUR GPG FINGERPRINTS                         ${NC}"
    echo "${BLUE}${BOLD}======================================================================${NC}"
    echo "${CYAN}Read the fingerprint below to your contact over a secure channel${NC}"
    echo "${CYAN}(e.g., phone call, in person) so they can verify your identity.${NC}"
    echo ""
    gpg --fingerprint -K
    echo ""
    echo "${BLUE}${BOLD}======================================================================${NC}"

else
    echo "${RED}Invalid option selected. Exiting.${NC}"
fi