From b8a4ddf4a01d042e2a535b1ebf2326e0d8f94ece Mon Sep 17 00:00:00 2001
From: cottongin <cottongin@users.noreply.github.com>
Date: Wed, 11 Mar 2026 04:26:58 -0400
Subject: [PATCH] feat: add keystore creation and management

Made-with: Cursor
---
 build.sh | 80 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 79 insertions(+), 1 deletion(-)

diff --git a/build.sh b/build.sh
index e45af8c..2c098ad 100755
--- a/build.sh
+++ b/build.sh
@@ -92,10 +92,88 @@ main_menu() {
     esac
 }
 
+read_keystore_password() {
+    local password
+    read -rsp "Keystore password: " password
+    echo >&2
+    echo "$password"
+}
+
+create_keystore() {
+    echo -e "${BOLD}No keystore found. Let's create one.${NC}"
+    echo ""
+
+    local cn org password password_confirm
+
+    read -rp "Your name (for the certificate): " cn
+    [[ -z "$cn" ]] && { error "Name is required."; return 1; }
+
+    read -rp "Organization (optional, Enter to skip): " org
+
+    while true; do
+        read -rsp "Password (min 6 chars): " password
+        echo
+        if [[ ${#password} -lt 6 ]]; then
+            warn "Password must be at least 6 characters."
+            continue
+        fi
+        read -rsp "Confirm password: " password_confirm
+        echo
+        if [[ "$password" != "$password_confirm" ]]; then
+            warn "Passwords don't match. Try again."
+            continue
+        fi
+        break
+    done
+
+    mkdir -p "$KEYSTORE_DIR"
+
+    local dname="CN=$cn"
+    [[ -n "$org" ]] && dname="$dname, O=$org"
+
+    info "Creating keystore..."
+
+    keytool -genkeypair \
+        -alias "$KEY_ALIAS" \
+        -keyalg RSA \
+        -keysize 2048 \
+        -validity 10000 \
+        -keystore "$KEYSTORE_FILE" \
+        -storepass "$password" \
+        -keypass "$password" \
+        -dname "$dname" \
+        2>/dev/null || true
+
+    if [[ -f "$KEYSTORE_FILE" ]]; then
+        echo ""
+        success "Keystore created at ${BOLD}$KEYSTORE_FILE${NC}"
+        echo ""
+        warn "IMPORTANT: Back up this file and remember your password."
+        warn "If you lose either, you cannot update the app on devices"
+        warn "that already have this version installed."
+    else
+        error "Keystore creation failed."
+        return 1
+    fi
+}
+
+manage_keystore() {
+    if [[ -f "$KEYSTORE_FILE" ]]; then
+        success "Keystore exists at ${BOLD}$KEYSTORE_FILE${NC}"
+        echo ""
+        info "Keystore details:"
+        keytool -list -keystore "$KEYSTORE_FILE" -alias "$KEY_ALIAS" \
+            -storepass "$(read_keystore_password)" 2>/dev/null \
+            || warn "Could not read keystore (wrong password?)"
+        return
+    fi
+
+    create_keystore
+}
+
 # Placeholder functions — implemented in subsequent tasks
 build_release()    { warn "Not yet implemented"; }
 build_debug()      { warn "Not yet implemented"; }
-manage_keystore()  { warn "Not yet implemented"; }
 clean_build()      { warn "Not yet implemented"; }
 
 # --- Main ---