#!/bin/bash

#    Copyright (c) 2024 JankariTech UG
#    Authors: Artur Neumann
#    Script to check if the trustanchors have been changed

TRUSTANCHOR_DIR="$1"
EXPECTED_COMMIT_HASH="$2"

if [[ $# -ne 2 ]]; then
    echo "Usage: $0 <trustanchor_dir> <expected_commit_hash>"
    exit 1
fi

if [ -z "$EXPECTED_COMMIT_HASH" ]; then
    echo "No expected hash provided"
    exit 1
fi

# get the sha256 hash of all files in the trustanchor directory
ACTUAL_COMMIT_HASH=$(find "$TRUSTANCHOR_DIR" -type f -exec sha256sum {} \; | sort | sha256sum | cut -d ' ' -f 1)

if [ "$EXPECTED_COMMIT_HASH" != "$ACTUAL_COMMIT_HASH" ]; then
    echo "The trustanchors have been changed, please review the provided hash"
    exit 1
fi