#!/bin/bash

if [ "$ENCRYPTION_KEY" = "" ]; then
  echo "ENCRYPTION_KEY not set"
  exit 1
fi

if [ "$MD5_CHECKSUM" = "" ]; then
  echo "No checksum given"
  exit 1
fi

SECRETS_CIPHERTEXT_FILE=secrets.enc
SECRETS_PLAINTEXT_FILE=/tmp/secrets
TMP_FILE=`mktemp`
POD_NAME_SUFFIX=`date +%s`

cat $SECRETS_CIPHERTEXT_FILE | \
  kubectl run openssl-$POD_NAME_SUFFIX \
    --rm \
    --image bitnami/debian-base-buildpack:latest \
    --env KEY=$ENCRYPTION_KEY \
    -i \
    -q \
    -- \
    /bin/sh -c "openssl enc -aes-256-cbc -salt -pass env:KEY -a -d" > \
    $TMP_FILE

if [ `uname` = "Darwin" ]; then
  CALCULATED_CHECKSUM=`cat $TMP_FILE | md5`
elif [ `uname` = "Linux" ]; then
  CALCULATED_CHECKSUM=`cat $TMP_FILE | md5sum - | awk '{print $1}'`
fi

if [ "$MD5_CHECKSUM" != "$CALCULATED_CHECKSUM" ]; then
  echo "Invalid checksum"
  exit 1
fi

# cat $TMP_FILE
mv $TMP_FILE $SECRETS_PLAINTEXT_FILE