#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

host() {
	PUBKEY="$2"
	HOST="$3"

	echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
	ssh-keygen -h -s {{ ssh_ca_dir }}/keys/host_ca -I "$HOST" -n "$HOST" {{ ssh_ca_dir }}/"$HOST".pub
	cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
	rm {{ ssh_ca_dir }}/"$HOST"*.pub
}

user() {
	PUBKEY="$2"
	HOST="$3"
	PRINCIPALS="$4"

	echo "$PUBKEY" > {{ ssh_ca_dir }}/"$HOST".pub
	ssh-keygen -s {{ ssh_ca_dir }}/keys/user_ca -I "$HOST" -n "$HOST","$PRINCIPALS" {{ ssh_ca_dir }}/"$HOST".pub
	cat {{ ssh_ca_dir }}/"$HOST"-cert.pub
	rm {{ ssh_ca_dir }}/"$HOST"*.pub
}

"$1" "$@"