#!/bin/sh



RPMSIGN=/usr/bin/rpm-sign

JARSIGNER=/usr/bin/jarsigner


function sign_unsigned_jarfile() {
    # usage: sign_unsigned_jarfile KEYNAME FILENAME

    if test ! -w "$2" ; then
	echo "skipping read-only file: $2"
	return 0

    elif test -L "$2" ; then
	echo "skipping symlink: $2"
	return 0

    elif test -d "$2" ; then
	echo "skipping exploded jar: $2"
	return 0

    elif test -x "$JARSIGNER" && \
	(jarsigner -verify "$2" | grep -qi "jar verified") ; then
	echo "jar is already signed: $2"
	return 0

    else
	echo "$RPMSIGN --jarsign --key=\"$1\" \"$2\""
	$RPMSIGN --jarsign --key="$1" "$2"
	return $?
    fi
}



function sign_unsigned_jars() {
    # usage: sign_unsigned_jars KEYNAME FILE_OR_DIRECTORY [...]

    if test ! -e "$2" ; then
	echo "No such file or directory: $2"
	exit 1

    elif test -d "$2" ; then
	for J in `find "$2" -iname '*.jar' | sort` ; do
	    sign_unsigned_jarfile $1 "$J" || exit 1
	done

    else
	sign_unsigned_jarfile "$1" "$2" || exit 1
    fi
}



if test ! -x "$RPMSIGN" ; then
    echo "$RPMSIGN not available, signing skipped"
    exit 0
fi



if test -z "$1" -o -z "$2" ; then
    echo "Usage: $0 KEYNAME FILE_OR_DIRECTORY [...]"
    exit 1

else
    JARKEY="$1"
    shift

    for F in $* ; do
	sign_unsigned_jars "$JARKEY" $F || exit 1
    done
fi



# The end.
