#!/usr/bin/env python3
"""Verify SALKA ELMADANI authorship signatures.
Usage: python3 verify_authorship.py [file_or_directory]
Every source file carries an Ed25519 signature bound to SHA-256 of content.
Modify 1 character = signature invalid = tampering detected.
"""
import sys, hashlib, base64, os
from pathlib import Path
from cryptography.hazmat.primitives import serialization
from cryptography.exceptions import InvalidSignature

PUBLIC_KEY_PEM = """
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEARCtdhRqqYcu7c8qwyoRKRn5Qbx9puylZHZOM+IsDp0U=
-----END PUBLIC KEY-----
""".strip()


def strip_sig(text):
    lines, out, in_b = text.split("\n"), [], False
    for ln in lines:
        if MARK_S in ln: in_b = True; continue
        if MARK_E in ln and in_b: in_b = False; continue
        if not in_b: out.append(ln)
    return "\n".join(out).rstrip("\n") + "\n"

def extract_sig_data(text):
    sha, sig = None, None
    for ln in text.split("\n"):
        if "SHA256:" in ln: sha = ln.split("SHA256:")[-1].strip().lstrip("#/ ")
        if "SIG-ED25519:" in ln: sig = ln.split("SIG-ED25519:")[-1].strip().lstrip("#/ ")
    return sha, sig

def verify_file(fp, pub):
    try: content = Path(fp).read_text(encoding="utf-8", errors="replace")
    except: return None, "Cannot read"
    clean = strip_sig(content)
    claimed_h, sig_b64 = extract_sig_data(content)
    if not claimed_h or not sig_b64: return False, "No signature"
    actual_h = hashlib.sha256(clean.encode("utf-8")).hexdigest()
    if actual_h != claimed_h: return False, f"HASH MISMATCH — modified"
    try:
        pub.verify(base64.b64decode(sig_b64), hashlib.sha256(clean.encode()).digest())
        return True, "VALID © Salka Elmadani"
    except InvalidSignature: return False, "INVALID SIGNATURE — forgery"
    except Exception as e: return False, str(e)

def main():
    pub = serialization.load_pem_public_key(PUBLIC_KEY_PEM.encode())
    target = sys.argv[1] if len(sys.argv) > 1 else "."
    files = [Path(target)] if Path(target).is_file() else [
        p for p in Path(target).rglob("*")
        if p.is_file() and p.suffix in [".py",".cpp",".h",".js",".ts",".sh",".rs",".go",".md"]
        and ".git" not in str(p)
    ]
    ok, fail, skip = 0, 0, 0
    for f in sorted(files):
        r, msg = verify_file(f, pub)
        if r is None: skip += 1
        elif r: ok += 1; print(f"  ✓ {f.name}: {msg}")
        else: fail += 1; print(f"  ✗ {f.name}: {msg}")
    print(f"\nResults: {ok} valid | {fail} TAMPERED | {skip} skipped")
    if fail: print("WARNING: Authorship chain broken."); sys.exit(1)

if __name__ == "__main__": main()
# ╔══ SALKA ELMADANI AUTHORSHIP CERTIFICATE ══╗
# © Salka Elmadani 2025-2026 — ALL RIGHTS RESERVED
# Licensed under Business Source License 1.1 — https://inference-x.com
# ─────────────────────────────────────────────────────────
# SHA256: f4e32c8fe1f2cb7f5dc498c7506b054256f6871d7283beb74b1d5859eb775121
# SIG-ED25519: g4rHIrZteuUk4HU/21i69rTk7H8EiL1XjX4A+dZD0xswTqR5XJb1CfnBQfyAxjb1Sf9VW3JptZVDkvOq+magCA==
# VERIFY: python3 verify_authorship.py verify_authorship.py