#!/bin/bash
# leapsec-sha.sh - FIPS-180 sha 1 (for leap-seconds.list)
#			$@	file	default leap-seconds.list

lsl='leap-seconds.list'
stripmostcomments='/^#\([^$@]\|$\)/d;s/#[^$@].*//'
stripnondigit='s/[^0-9]//g'
sumtohashline='s/[0-9a-fA-F]\{8\}/& /g;s/^0\+//;s/ 0\+/ /g;s/  \*-$//;s/^/#h\t/'
hashpat='^#h'
invalidmsg='hash should be'
expmsgpat='^#.*expires'
ntpepoch='1900-01-01 00:00:00+0000'
modflagpat='^#\$'
expflagpat='^#@'
datefmt='%F'

file="${@:-$lsl}"

name="${0##*/}"

# strip most comments, concatenate lines, strip non-numeric chars
content=$(sed "$stripmostcomments" $file | \
	paste -s | \
	sed "$stripnondigit")

# sha1sum on content with no line terminator and make output look like file hash
check=$(echo -n "$content" | \
	sha1sum | \
	sed "$sumtohashline")

# get hash line to compare
hash=$(grep "$hashpat" $file)

# if lines not same, complain and exit
if [ "$check" != "$hash" ]
then
	echo -e "$name:$file:$hash\n$name:$invalidmsg:$check"
	exit 1
fi

# lines same - get mod and exp NTP dates and exp msg
modntp=$(grep "$modflagpat" $file)
modntp="${modntp//[!0-9]}"
moddate=$(date -u -d"$ntpepoch + $modntp seconds" +"$datefmt")
expntp=$(grep "$expflagpat" $file)
expntp="${expntp//[!0-9]}"
expmsg=`grep "$expmsgpat" $file`
expdate=$(date -u -d"$ntpepoch + $expntp seconds" +"$datefmt")

# report success, mod and exp dates and display
echo "$name:$file:modified $moddate expires $expdate $expmsg"