#!/bin/bash
set -euo pipefail
IFS=$'\n\t'

eval "$(jq -r '@sh "PUBKEY=\(.pubkey) HOST=\(.host) CAHOST=\(.cahost) CASCRIPT=\(.cascript) CAKEY=\(.cakey)"')"

# TODO: Can this be done more eye-pleasingly?
set +e
CERT=$(ssh -o ConnectTimeout=3 -o ConnectionAttempts=1 root@$CAHOST '"'"$CASCRIPT"'" "'"$CAKEY"'" host "'"$PUBKEY"'" "'"$HOST"'".dmz')
retval=$?
set -e

if [ retval -neq 0 ]; then
	CERT=""
fi

jq -n --arg cert "$CERT" '{"cert":$cert}'