#!/bin/bash

# Set the base variables
ZIP_FILE="Evidence-20250602T014902Z-1-001.zip"
EXTRACTED_DIR="Evidence"
OUTPUT_MD="evidence_hash_manifest.md"

# Start the markdown document
echo "# 🔐 Evidence Hash Manifest" > "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"
echo "**Generated on:** $(date)" >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"
echo "This document records the cryptographic SHA-256 hash of the original evidence archive and all files contained within the extracted directory \`$EXTRACTED_DIR\`. This ensures the authenticity and immutability of the contents as preserved within the archive." >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"
echo "## 📦 ZIP File" >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"

# Hash the ZIP file
ZIP_HASH=$(sha256sum "$ZIP_FILE" | awk '{print $1}')
echo "- **Filename:** $ZIP_FILE" >> "$OUTPUT_MD"
echo "- **SHA-256:** \`$ZIP_HASH\`" >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"

# Recursively hash extracted files
echo "## 📂 Extracted Contents — Recursive File Hashes" >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"
echo "Each file listed below is hashed using SHA-256 for integrity tracking." >> "$OUTPUT_MD"
echo "" >> "$OUTPUT_MD"

find "$EXTRACTED_DIR" -type f | while read -r FILE; do
    FILE_HASH=$(sha256sum "$FILE" | awk '{print $1}')
    echo "- \`$FILE\` → \`$FILE_HASH\`" >> "$OUTPUT_MD"
done

# Final note
echo "" >> "$OUTPUT_MD"
echo "> This hash manifest may be verified using any SHA-256 compatible hashing tool." >> "$OUTPUT_MD"