#!/usr/bin/env bash

# Verify a BagIt archive, according to RFC 8493.
#
# Copyright (c) 2014-2026 by Reto Kromer <https://reto.ch/>
#
# This Bash script is released under a 3-Clause BSD License and is provided
# "as is" without warranty or support of any kind.


# initialise constants
VERSION='2026-01-25'
SCRIPT_NAME="$(basename "$0")"
CONFIG_FILE="${HOME}/.config/AVpres/Bash_AVpres/${SCRIPT_NAME}.txt"
RED='\033[1;31m'
BLUE='\033[1;34m'
NC='\033[0m'

# load configuration file if any and initialise default values
[[ -f "${CONFIG_FILE}" ]] && . "${CONFIG_FILE}"
md5="${md5:-$(which md5sum)}"
sha1="${sha1:-$(which sha1sum)}"
sha256="${sha256:-$(which sha256sum)}"
sha512="${sha512:-$(which sha512sum)}"
crc32="${crc32:-$(which crc32)}"
xxh32="${xxh32:-$(which xxhsum) -H32}"
xxh64="${xxh64:-$(which xxhsum) -H64}"
xxh128="${xxh128:-$(which xxhsum) -H128}"
if (( "${#exclusion[@]}" == 0 )); then
  exclusion=('.DS_Store' 'desktop.ini')
elif [[ "${exclusion}" == '' ]]; then
  unset exclusion
fi

# initialise other default values
version_regex='1.0|0.9[3-7]'  # 1.0 and deprecated from 0.93 to 0.97
date_regex='20(0[789]|1[0-9]|2[0-6])-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])'

# initialise variable
unset input_path


# get date-and-time stamp
date_time() {
  TZ='UTC' date +'[%F %T %Z]'
}


# print an error message and exit with status 1
abort() {
  echo -e "${RED}${1:-An unknown error occurred.\a}${NC}"
  echo "$(date_time) ${1:-An unknown error occurred.}" >> "${LOG_FILE}"
  echo "$(date_time) END" >> "${LOG_FILE}"
  exit 1
}


# print a minimal help message and exit with status 1
print_prompt() {
  echo "$(date_time) print prompt" >> "${LOG_FILE}"
  cat << EOF
Help:
  ${SCRIPT_NAME} -h
EOF
  echo "$(date_time) END" >> "${LOG_FILE}"
  exit 1
}


# print the help message and exit with status 0
print_help() {
  local tmp
  if [[ -f "${CONFIG_FILE}" ]]; then
    tmp="local configuration file found and loaded"
  else
    tmp="no local configuration file found on this computer"
  fi

  echo "$(date_time) print help" >> "${LOG_FILE}"
  cat << EOF

Usage:
  ${SCRIPT_NAME} (-i|-b) <input_folder>
  ${SCRIPT_NAME} -h | -x
Options:
  -i  BagIt archive folder
  -b  is an alias of -i
  -h  this help
  -x  advanced options with their default arguments
      (${tmp})
Dependency:
  one of sha512sum (default), md5sum, sha1sum, sha256sum, xxhsum or crc32
See also:
  man ${SCRIPT_NAME}
  https://avpres.net/Bash_AVpres/
About:
  Abstract: Verify a BagIt archive folder, according to RFC 8493
  Version:  ${VERSION}

EOF
  echo "$(date_time) END" >> "${LOG_FILE}"
  exit 0
}


# print advanced options with their default arguments and exit with status 0
print_options() {
  local each
  local tmp

  echo "$(date_time) print options" >> "${LOG_FILE}"
  for each in "${exclusion[@]}"; do
    tmp="$tmp '${each}'"
  done
  if [[ -f "${CONFIG_FILE}" ]]; then
    cat << EOF

Local configuration file
  '${CONFIG_FILE}'
found and loaded.
EOF
  else
    cat << EOF

No local configuration file for '${SCRIPT_NAME}' found on this computer.
EOF
  fi
  cat << EOF

Advanced options with their default arguments:
  --md5='${md5}'
  --sha1='${sha1}'
  --sha256='${sha256}'
  --sha512='${sha512}'
  --crc32='${crc32}'
  --xxh32='${xxh32}'
  --xxh64='${xxh64}'
  --xxh128='${xxh128}'
  --exclusion=(${tmp# })

EOF
  echo "$(date_time) END" >> "${LOG_FILE}"
  exit 0
}


# check that provided input folder is valid and normalise path if needed
check_input() {
  if [[ ! -d "${input_path}" ]]; then
    abort "Error: '${input_path}' is not a directory."
  fi
  input_path="${input_path%%/}"
  if [[ "${input_path%/*}" == "${input_path}" ]]; then
    input_path="${PWD}/${input_path}"
  fi
}


# verify BagIt
verify_bagit() {
  local algorithm
  local line
  local number
  local payload
  local tmp_manifest="$(mktemp -q "/tmp/tmp_${SCRIPT_NAME}.XXXXXXXXXX")"

  echo -e "${BLUE}Please wait while verifying the BagIt global structure...${NC}"
  echo "$(date_time) input='${input_path}'" >> "${LOG_FILE}"

  # verify 'bagit.txt' file
  echo "$(date_time) verify 'bagit.txt'" >> "${LOG_FILE}"
  if [[ ! -f "${input_path}/bagit.txt" ]]; then
    abort "Error: The 'bagit.txt' file is missing."
  else
    echo -e "> ${BLUE}OK${NC} 'bagit.txt' found"
  fi
  if ! grep 'BagIt-Version:' < "${input_path}/bagit.txt" \
    | grep -E ${version_regex} >> "${LOG_FILE}"
  then
    abort "Error: 'BagIt-Version' is missing or not valid."
  fi
  if ! grep 'Tag-File-Character-Encoding:' < "${input_path}/bagit.txt" \
    | grep -E 'UTF-8' &> /dev/null
  then
    abort "Error: 'Tag-File-Character-Encoding' is missing or not valid."
  fi

  # verify 'data/' folder
  echo "$(date_time) verify 'data/'" >> "${LOG_FILE}"
  if [[ ! -d "${input_path}/data" ]]; then
    abort "Error: The 'data/' folder is missing."
  else
    echo -e "> ${BLUE}OK${NC} 'data/' found"
  fi

  # verify 'manifest-<algorithm>.txt' file
  if [[ -f "${input_path}/manifest-md5.txt" ]]; then
    algorithm='md5'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-sha1.txt" ]]; then
    algorithm='sha1'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-sha256.txt" ]]; then
    algorithm='sha256'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-sha512.txt" ]]; then
    algorithm='sha512'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-crc32.txt" ]]; then
    algorithm='crc32'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-xxh32.txt" ]]; then
    algorithm='xxh32'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-xxh64.txt" ]]; then
    algorithm='xxh64'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  elif [[ -f "${input_path}/manifest-xxh128.txt" ]]; then
    algorithm='xxh128'
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' found"
  else
    abort "Error: The 'manifest-<algorithm>.txt' file is missing."
  fi

  # check if external hash checksum command is running
  if [[ ! "${!algorithm}" ]]; then
    abort "Error: Cannot find the '${algorithm}' tool."
  fi
  if ! command -v ${!algorithm} &> /dev/null; then
    abort "Error: '${algorithm}' is failing."
  fi
  echo "$(date_time) algorithm='${algorithm}'" >> "${LOG_FILE}"

  # remove exclusion files
  for each in "${exclusion[@]}"; do
    find "${input_path}" -name "${each}" -type f -delete
  done

  # verify 'tagmanifest-<algorithm>.txt' file, if present
  if [[ -f "${input_path}/tagmanifest-${algorithm}.txt" ]]; then
    echo "$(date_time) verify 'tagmanifest-${algorithm}.txt' against BagIt" >> "${LOG_FILE}"
    echo -e "> ${BLUE}OK${NC} 'tagmanifest-${algorithm}.txt' found"
    if ! ${!algorithm} "${input_path}"/*.txt > "${tmp_manifest}"; then
      abort "Fatal error, see '${LOG_FILE}'."
    fi
    if ! diff -b <(sort < "${input_path}/tagmanifest-${algorithm}.txt") \
      <(grep -v tagmanifest-${algorithm}.txt < "${tmp_manifest}" \
      | sed "s#${input_path}/##g" | sort) \
      >> "${LOG_FILE}" 2>&1
    then
      abort "Error: 'tagmanifest-${algorithm}.txt' don't match, see '${LOG_FILE}'."
    else
      echo "$(date_time) 'tagmanifest-${algorithm}.txt' is correct" >> "${LOG_FILE}"
      echo -e "> ${BLUE}OK${NC} 'tagmanifest-${algorithm}.txt' is correct"
    fi
  else
    echo "$(date_time) no 'tagmanifest-${algorithm}.txt'" >> "${LOG_FILE}"
  fi

  # verify 'bag-info.txt' file, if present
  if [[ -f "${input_path}/bag-info.txt" ]]; then
    echo "$(date_time) verify 'bag-info.txt'" >> "${LOG_FILE}"
    echo -e "> ${BLUE}OK${NC} 'bag-info.txt' found"
    line="$(grep 'Bagging-Date' < "${input_path}/bag-info.txt")"
    if [[ ! $(echo "${line}" | grep -E "${date_regex}") ]]; then
      abort "Error: '${line}' is not valid."
    fi
    line="$(grep 'Payload-Oxum' < "${input_path}/bag-info.txt")"
    payload="$(echo "${line}" | grep -oE '[0-9]+.[0-9]+')"
    for f in $(find ${input_path}/data -type f); do
      (( size += $(wc -c < ${f} | bc) ))
    done
    number=$(find ${input_path}/data -type f | wc -l | bc)
    if [[ "${payload}" != "${size}.${number}" ]]; then
      abort "Error: '${line}' is not valid: '${size}.${number}' is expected."
    else
      echo "$(date_time) 'Payload-Oxum' is correct" >> "${LOG_FILE}"
      echo -e "> ${BLUE}OK${NC} 'Payload-Oxum' is correct"
    fi
  else
    echo "$(date_time) no 'bag-info.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'fetch.txt' file is present
  if [[ -f "${input_path}/fetch.txt" ]]; then
    echo "$(date_time) a 'fetch.txt' file is present" >> "${LOG_FILE}"
    echo -e "> ${BLUE}OK${NC} 'fetch.txt' found"
  else
    echo "$(date_time) no 'fetch.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'make_bagit.txt' is embedded
  if [[ -f "${input_path}/make_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'make_bagit.txt' found"
    echo "$(date_time) 'make_bagit.txt' $(grep 'VERSION=' < "${input_path}/make_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'make_bagit.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'verify_bagit.txt' is embedded
  if [[ -f "${input_path}/verify_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'verify_bagit.txt' found"
    echo "$(date_time) 'verify_bagit.txt' $(grep 'VERSION=' < "${input_path}/verify_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'verify_bagit.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'undo_bagit.txt' is embedded
  if [[ -f "${input_path}/undo_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'undo_bagit.txt' found"
    echo "$(date_time) 'undo_bagit.txt' $(grep 'VERSION=' < "${input_path}/undo_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'undo_bagit.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'update_bagit.txt' is embedded
  if [[ -f "${input_path}/update_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'update_bagit.txt' found"
    echo "$(date_time) 'update_bagit.txt' $(grep 'VERSION=' < "${input_path}/update_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'update_bagit.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'modify_bagit.txt' is embedded
  if [[ -f "${input_path}/modify_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'modify_bagit.txt' found"
    echo "$(date_time) 'modify_bagit.txt' $(grep 'VERSION=' < "${input_path}/modify_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'modify_bagit.txt'" >> "${LOG_FILE}"
  fi

  # verify if 'repair_bagit.txt' is embedded
  if [[ -f "${input_path}/repair_bagit.txt" ]]; then
    echo -e "> ${BLUE}OK${NC} 'repair_bagit.txt' found"
    echo "$(date_time) 'repair_bagit.txt' $(grep 'VERSION=' < "${input_path}/repair_bagit.txt" \
      | grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}') embedded" >> "${LOG_FILE}"
  else
    echo "$(date_time) no 'repair_bagit.txt'" >> "${LOG_FILE}"
  fi

  echo -e "> ${BLUE}OK${NC} '$(basename ${input_path})' is a complete BagIt archive"

  # check if 'manifest-<algorithm>.txt' and 'data/' are matching
  echo "$(date_time) verify 'manifest-${algorithm}.txt' against 'data/'" >> "${LOG_FILE}"
  echo -e "${BLUE}Please wait while checking data against manifest...${NC}"
  cd "${input_path}/data/" || abort "Error: 'cd ${input_path}/data/' is failing."
  if ! find . -type f -print0 | xargs -0 ${!algorithm} > "${tmp_manifest}"; then
    abort "Fatal error, see '${LOG_FILE}'."
  fi
  if ! diff -b <(sort < "${input_path}/manifest-${algorithm}.txt") \
    <(sed "s#\./#data/#" < "${tmp_manifest}" | sort) \
    >> "${LOG_FILE}" 2>&1
  then
    abort "Error: The original and the copy don't match, see '${LOG_FILE}'."
  else
    echo "$(date_time) 'manifest-${algorithm}.txt' is correct" >> "${LOG_FILE}"
    echo -e "> ${BLUE}OK${NC} 'manifest-${algorithm}.txt' is correct"
  fi
  rm "${tmp_manifest}"
  echo -e "> ${BLUE}OK${NC} '$(basename ${input_path})' is a valid BagIt archive"
}


# start log file
[[ -d '/tmp/AVpres' ]] || mkdir -p '/tmp/AVpres'
LOG_FILE="$(mktemp -q "/tmp/AVpres/${SCRIPT_NAME}.XXXXXXXXXX")"
echo "$(date_time) ${SCRIPT_NAME} ${VERSION}" > "${LOG_FILE}"
echo "$(date_time) $0 $*" >> "${LOG_FILE}"
echo "$(date_time) START" >> "${LOG_FILE}"

# check that Bash 3.2 or later is running
bash_version="$(bash -c 'echo ${BASH_VERSION}')"
echo "$(date_time) running bash version = '${bash_version}'" >> "${LOG_FILE}"
if ! printf '%s\n%s\n' "${bash_version}" "3.2" | sort -rVC; then
  echo -e "${BLUE}Warning: This 'bash' binary is very old."
  echo -e "We strongly recommend that you use the current version 5.3.${NC}"
fi

# parse and process provided input
(( $# == 0 )) && print_prompt
while getopts ":i:b:-:hx" opt; do
  case "${opt}" in
    i) if [[ "${OPTARG:0:1}" == '-' ]]; then
         abort "Error: The option '-i' requires an argument."
       else
         input_path="${OPTARG}"
       fi ;;
    b) if [[ "${OPTARG:0:1}" == '-' ]]; then
         abort "Error: The option '-b' requires an argument."
       else
         input_path="${OPTARG}"
       fi ;;
    -) case "${OPTARG}" in
         input=?*) input_path="${OPTARG#*=}" ;;
         bagit=?*) input_path="${OPTARG#*=}" ;;
         md5=?*) md5="${OPTARG#*=}" ;;
         sha1=?*) sha1="${OPTARG#*=}" ;;
         sha256=?*) sha256="${OPTARG#*=}" ;;
         sha512=?*) sha512="${OPTARG#*=}" ;;
         crc32=?*) crc32="${OPTARG#*=}" ;;
         xxh32=?*) xxh32="${OPTARG#*=}" ;;
         xxh64=?*) xxh64="${OPTARG#*=}" ;;
         xxh128=?*) xxh128="${OPTARG#*=}" ;;
         help) print_help ;;
         options) print_options ;;
         *) abort "Error: The option '--${OPTARG}' is not valid." ;;
       esac ;;
    h) print_help ;;
    x) print_options ;;
    :) abort "Error: The option '-${OPTARG}' requires an argument." ;;
    *) abort "Error: The option '-${OPTARG}' is not valid." ;;
  esac
done

# check input
check_input

# verify BagIt
verify_bagit

# end log file
echo "$(date_time) END" >> "${LOG_FILE}"
