#!/bin/bash
#
# ABSOLUTELY NO WARRANTY WITH THIS PACKAGE. USE IT AT YOUR OWN RISK.
#
#
# Check asuswrt-merlin firmware/zip/url file against offical SHA256 signature.
#
#
# Usage: asuswrt-sha256-signature [options]
#        -f file  firmware image/zip/url file
#
#        -l       list official sha256 signatures @ $Sha256Url
#
#        -v       verbose
#        -h       help
#
# 
# Copyright (c) 2022  Iain Lea  (code@lightaffaire.com)
#
#   This program is free software; you can redistribute it and/or 
#   modify it under the terms of the GNU General Public License as
#   published by the Free Software Foundation; either version 2 of
#   the License, or (at your option) any later version.
# 
#   This program is distributed in the hope that it will be useful, 
#   but WITHOUT ANY WARRANTY; without even the implied warranty of
#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
#   See the GNU General Public License for more details.
# 
#   You should have received a copy of the GNU GPL along with this
#   program; if not, write to the Free Software Foundation, Inc.,
#   59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
#
#
# Requirements:
#
#
# References:
#   https://www.asuswrt-merlin.net/download
#
#
# Changelog:
# 1.00 2022.02.26
# - initial release
#
#
# Todo:
# -

ScriptName=`basename $0`
ScriptVersion="1.00"
ScriptAuthor="Iain Lea"
ScriptEmail="code@lightaffaire.com"
ScriptCopyright="Copyright (c) `date +%Y`  $ScriptAuthor ($ScriptEmail)"
#
Sha256Url="https://asuswrt-merlin.net/download"
Sha256ListFile="/tmp/$ScriptName.sha256.$$"
ListSha256=
#
QuietMode="--silent"
Verbose=
Debug=
#

Help()
{
	ExitWithMsg="$1"

	cat <<HELP
$ScriptName  v$ScriptVersion

$ScriptCopyright

Check asuswrt-merlin firmware/zip/url file against offical SHA256 signature.

Usage: $ScriptName [options]
       -f file  firmware image/zip/url file

       -l       list official sha256 signatures @ $Sha256Url

       -v       verbose
       -h       help

HELP
	[ "$ExitWithMsg" ] && echo "$ScriptName:${BASH_LINENO[0]}:ERROR: $ExitWithMsg" 
	exit 1
}

# Parse the command line options
[ -z "$1" ] && Help | more && exit 1

while [ -n "$1" ]; do
	case $1 in
		-f) shift 1; CheckFile="$1";
			shift 1;;
		-l) ListSha256=1;
			shift 1;;
		-v) Verbose=1;
			shift 1;;
		-h) Help | more && exit 1;
			shift 1;;
		--) shift;
			break;;
		-*) Help "$1 - unknown option."
			;;
		*)  break;;
	esac
done

if [ "$ListSha256" ]; then
	echo "list: SHA256 signatures @ $Sha256Url"
	curl $QuietMode $Sha256Url | egrep " (GT|RT)-.*(trx|ubi)" | tr -s ' ' | sed -e "s#<.*>#\n#g; s#&\#13;##g"
	echo
	exit 0
fi

if [ "$CheckFile" ]; then
	if echo $CheckFile | grep -q "http"; then
		FetchUrl=$CheckFile
		echo "fetch: $FetchUrl"
		CheckFile="/tmp/`basename $FetchUrl`"
		[ -e "$CheckFile" ] && mv -f "$CheckFile" "${CheckFile}.bak"
		curl $QuietMode $FetchUrl >$CheckFile
		if egrep -q --binary-file=text "DOCTYPE" $CheckFile; then
			echo "error: $FetchUrl - no such url."
			rm -f $CheckFile
			exit 1		
		fi
		echo
	fi

	[ ! -e "$CheckFile" ] && Help "-f $1 - file not found."

	if file $CheckFile | grep -q "Zip archive"; then
		ZipFile=$CheckFile
		echo "check: $ZipFile [ZIP archive]"
		ZipSha256=`sha256sum $ZipFile | cut -d ' '  -f 1`
		echo "sha256 $ZipSha256 [ZIP archive]"
		echo

		# check firmware file in zip archive
		[ "$Verbose" ] && echo "unzip: `basename $ZipFile .zip`\*(ubi|trx)"
		FirmwareFile=`unzip -l $ZipFile | egrep "(ubi|trx)" | tr -s ' ' | cut -d ' ' -f 5`
		if [ ! "$FirmwareFile" ]; then
			echo "error: `basename $ZipFile .zip`\*(ubi|trx) - no such file in zip archive."
			exit 1
		fi
		echo "check: `basename $FirmwareFile` [ZIP archive]"
		ChkSha256=`unzip -qc $ZipFile "$FirmwareFile" | sha256sum | cut -d ' '  -f 1`
		echo "sha256 $ChkSha256"
		echo
		# check sha256sum.shasum file in zip archive
		[ "$Verbose" ] && echo "unzip: sha256sum.sha256"
		ZipSha256File=`unzip -l $ZipFile | egrep "sha256sum.sha256" | tr -s ' ' | cut -d ' ' -f 5`
		if [ ! "$ZipSha256File" ]; then
			echo "error: $ZipSha256File - no such file in zip archive."
			exit 1
		fi
		echo "check: $ZipSha256File [ZIP archive]"
		ChkSha256=`unzip -qc $ZipFile "$ZipSha256File" | cut -d ' '  -f 1`
		echo "sha256 $ChkSha256"
		echo
	else
		FirmwareFile=$CheckFile

		echo "check: `basename $FirmwareFile` [Firmware]"
		ChkSha256=`sha256sum $FirmwareFile | cut -d ' '  -f 1`
		echo "sha256 $ChkSha256"
		echo
	fi

	echo "check: `basename $FirmwareFile` @ $Sha256Url"
	curl $QuietMode $Sha256Url | egrep "  (GT|RT)-.*(trx|ubi)" | tr -s ' ' | sed -e "s#<.*>##g; s#&\#13;##g" >$Sha256ListFile

	RefSha256=`egrep "$ChkSha256" $Sha256ListFile | cut -d ' ' -f 1`
	if [ "$RefSha256" ]; then
		echo "sha256 $RefSha256"
	else
		echo "error: no sha256 signature found!"	
	fi
	rm -f $Sha256ListFile
fi

exit 0