#!/bin/bash

#
# s   - Username
# p   - Password
# kid - Azure KEK Key ID
# w   - Azure Key Vault KEK Wrapping Key
# k   - Target Key Handle
#
# Sample:
# Marvell_BYOK_Tool.sh -s pcu -p pcu1234 
# -i https://kv1-west.vault.azure.net/keys/mskek2048/118275477bd2454fbad778bcf3490645 
# -w 13 -k 7
#
while getopts ":s:p:i:w:k:" opt; do
  case $opt in
    s) s="$OPTARG"
    ;;
    p) p="$OPTARG"
    ;;
    i) kid="$OPTARG"
    ;;
    w) w="$OPTARG"
    ;;
    k) k="$OPTARG"
    ;;
    \?) echo "Invalid option -$OPTARG" >&2
    ;;
  esac
done

printf "  s: %s\n" "$s"
printf "  p: %s\n" "$p"
printf "kid: %s\n" "$kid"
printf "  w: %s\n" "$w"
printf "  k: %s\n" "$k"


./Cfm2Util singlecmd loginHSM -u CU -p $p -s $s wrapKey -k $k -w $w -m 3 -tf wrapped -out wrappedKey

openssl base64 -A -in wrappedKey -out wrappedKey.base64
sed -i '1s/^/\"/' wrappedKey.base64
#echo "\"" >> wrappedKey.base64 

cat > wrappedKey.tmp1 << EOF
{
"schema_version": "1.0.0",
"header":
{
"kid": "$kid",
"alg": "dir",
"enc": "CKM_RSA_AES_KEY_WRAP"
},
"ciphertext": 
EOF

cat wrappedKey.tmp1 wrappedKey.base64 > wrappedKey.tmp2

cat > wrappedKey.tmp3 << EOF
",
"generator": "Marvell LiquidSecurity BYOK Tool v1.0"
}
EOF

cat wrappedKey.tmp2 wrappedKey.tmp3 > importing_target_key.byok

rm -f wrapped*