#!/bin/bash

if [ "$(id -u)" != "0" ]; then
    echo -e "\033[31mThis script requires superuser rights.\033[0m"
    exit 0
fi

if [ "$#" -ne 3 ]; then
    echo "Usage: $0 PASSWORD ARCHIVE_FILE DESTINATION_DIR"
    exit 1
fi

PASSWORD=$1
ARCHIVE_FILE=$2
DESTINATION_DIR=$3

trap 'echo -e "\033[31msecrets-encrypt.sh: Something went wrong\033[0m"; exit 1' ERR
set -e

export DEBIAN_FRONTEND=noninteractive

echo "Checking for an existing archive file..."
if [ ! -f "$ARCHIVE_FILE" ]; then
    echo "Error: Archive file '$ARCHIVE_FILE' not found!"
    exit 2
fi

echo "Check DESTINATION_DIR: $DESTINATION_DIR..."
mkdir -p "$DESTINATION_DIR"


echo "Decrypt and extract the archive..."
openssl enc -aes-256-cbc -d -in "$ARCHIVE_FILE" -out - -pass pass:"$PASSWORD" -pbkdf2 -iter 100000 | tar -xzf - -C "$DESTINATION_DIR"

trap - ERR

if [ $? -eq 0 ]; then
    echo "Archive successfully decrypted and extracted to '$DESTINATION_DIR'"
else
    echo "Error during decryption or extraction"
    exit 3
fi