#!/bin/bash
# file: gnucash_wrapper.sh

# Pete Nesbitt, Jan 2013 

# wrapper script to decrypt/encrypt GnuCash data files
# could easily adapt to other apps

# uses (requires) Xdialog for password entry


###  !! SEE INITIAL SETUP (BELOW) PRIOR TO FIRST RUN

#####################################################################
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#####################################################################



#### Initial Setup #######################################################
# Start with a working gnu_cahs account env, with your layout in place.
# This app expects to be started by referencing an encrypted file,
# 1) locate your gnucash data file,
#    usually <set name>.gnucash, like "finances.gnucash"
#
# 2) rename the file then encrypt it. (ex using finance book set)
#    mv finances.gnucash finances.gnucash_decrypted
#    openssl enc -e -aes-256-cbc -in finances.gnucash_decrypted -out $finances.gnucash -pass stdin
#      --this will prompt for a password.
#       --this will be your permanent password for this account set. (don't lose it!)
#
# 3) update the variable below to point to the new encrypted file:
#     DATA_FILE="/full/path/to/encrypted_file"
#
# 4) optionally create a 'xpm' icon from the gnucash png icon
#    I used gimp and /usr/share/gnucash/pixmaps/gnucash-icon-32x32.png
#
#   -once the icon is created, update the APP_ICON variable below
#   
#  From now on, instead of starting GNUCash with it's binary, start it by running this script.
#  You will likely want to set your desktop menu to use this script as well.
#
##########################################################################


# UPDATE THIS VAR
 #gnucash data file (FQFN)
DATA_FILE="/data/docs/gnucash/finances.gnucash"

# UPDATE THIS VAR ONLY IF YOU MADE AN ICON
 #icon used in passwd box, must be a xpm file. (Not Required)
APP_ICON="/data/media/images/app_images/icon-gnucash.xpm" 

#################################

APP_NAME="GnuCash" #just for display in pwd box
APP="/usr/bin/gnucash"

# decrypt file
DECRYPTED_FILE=${DATA_FILE}_decrypted

################################
# first do a quick icon test
file ${APP_ICON} |grep pixmap &> /dev/null
ICON_VAL=$?
if [ ${ICON_VAL} -eq 0 ];then
   ICON="--icon ${APP_ICON}"
else
   ICON=""
fi

##### Functions ###########
get_password() {
FILEPASS=`Xdialog --center ${ICON} --password --timeout 30 --stdout --inputbox "Enter ${APP_NAME} Password" 0 0`
PASS_VAL=$?
 #timeout's will exit 255, make sure we bail now
if [ ${PASS_VAL} -ne 0 ];then
   exit 1
fi
}

decrypt_file() {
# decrypt the source data file
openssl enc -d -aes-256-cbc -in ${DATA_FILE} -out ${DECRYPTED_FILE} -pass stdin <<EOPW &> /dev/null
${FILEPASS}
EOPW
DEC_VAL=$?
}

decrypt_check() {
REDO_PASS="no"
if [ ${DEC_VAL} -ne 0 ];then
   # option to redo password
   Xdialog --center ${ICON} --stdout --yesno "Password Failed\nRetry?" 0 0
   REDO_VAL=$?
   if [ ${REDO_VAL} -eq 0 ];then
      REDO_PASS="yes"
   else
      exit 1
   fi
fi
}

encrypt_file() {
openssl enc -e -aes-256-cbc -in ${DECRYPTED_FILE} -out ${DATA_FILE} -pass stdin <<EOPW &> /dev/null
${FILEPASS}
EOPW
SSL_VAL=$?
}

encrypt_check() {
# remove decrypted copy and any working files (note the *)
if [ ${SSL_VAL} -eq 0 ];then
   shred -u ${DECRYPTED_FILE}*
   Xdialog --center ${ICON} --infobox "Successfully (re)Encrypted Data File" 0 0 8000  # 1000's of a seconds
else
   Xdialog --center ${ICON} --msgbox "WARNING: SSL Encryption ERROR, exit:${SSL_VAL}\n Un-Encrypted File Remains (${DECRYPTED_FILE})" 0 0
   exit 1
fi

}

################################
# Start of main area
get_password

# decrypt data file
decrypt_file
decrypt_check
   #check if we need to retry the password
   if [ "${REDO_PASS}" = "yes" ];then
    get_password
    decrypt_file
    decrypt_check
   fi

# use the decrypted file in application
${APP} ${DECRYPTED_FILE}

# once done, encrypt file and remove plain (working) file
encrypt_file
encrypt_check

unset FILEPASS
#eof