#!/bin/bash

if [ "$#" -lt 1 ]; then
        echo "Usage: $0 <source_directory> [public_key] [ca_bundle]" && exit 1
fi

SRC_DIR="$1"
PUBKEY="${2:-public.pem}"
CABUNDLE="${3:-certificate.pem}"

# Validate source directory exists
if [ ! -d "$SRC_DIR" ]; then
        echo "Error: Source directory '$SRC_DIR' does not exist" && exit 1
fi

# Find all *.bolt packages in source directory
PKGS=("$SRC_DIR"/*.bolt)

# Check if any .bolt files were found
if [ ! -e "${PKGS[0]}" ]; then
        echo "Error: No *.bolt packages found in '$SRC_DIR'" && exit 1
fi

echo "Found ${#PKGS[@]} package(s) to verify"
echo "Public key: $PUBKEY"
echo "CA bundle: $CABUNDLE"
echo ""

for pkg in "${PKGS[@]}"; do
        pkg_name=$(basename "$pkg")
        
        if [ -f "$PUBKEY" ]; then
                echo "Verifying $pkg_name with public-key..."
                ralfpack verify --key="$PUBKEY" "$pkg"
                if [ $? -eq 0 ]; then
                        echo "Success..."
                else
                        echo "Failed; aborting" && exit 1
                fi
        fi
        
        if [ -f "$CABUNDLE" ]; then
                echo "Verifying $pkg_name with CA bundle..."
                ralfpack verify --ca-roots="$CABUNDLE" "$pkg"
                if [ $? -eq 0 ]; then
                        echo "Success..."
                else
                        echo "Failed; aborting" && exit 1
                fi
        fi
        echo ""
done

echo "All packages verified successfully!"