#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

HOSTCAKEY=/root/.ssh/host_ca_key
USERCAKEY=/root/.ssh/user_ca_key

host() {
	PUBKEY="$2"
	HOST="$3"

	echo "$PUBKEY" > /tmp/"$HOST".pub
	ssh-keygen -h -s "$HOSTCAKEY" -I "$HOST" -n "$HOST" /tmp/"$HOST".pub
	cat /tmp/"$HOST"-cert.pub
	rm /tmp/"$HOST"*.pub
}

user() {
	PUBKEY="$2"
	HOST="$3"
	PRINCIPALS="$4"

	echo "$PUBKEY" > /tmp/"$HOST".pub
	ssh-keygen -s "$USERCAKEY" -I "$HOST" -n "$HOST","$PRINCIPALS" /tmp/"$HOST".pub
	cat /tmp/"$HOST"-cert.pub
	rm /tmp/"$HOST"*.pub
}

"$1" "$@"