From 6759155194b6671da292bfa869a22875595370b2 Mon Sep 17 00:00:00 2001
From: Meutel <meutel@meutel.net>
Date: Mon, 12 Feb 2024 06:54:18 +0100
Subject: [PATCH] WIP SSH CA

---
 signer.sh | 74 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100755 signer.sh

diff --git a/signer.sh b/signer.sh
new file mode 100755
index 0000000..88b458c
--- /dev/null
+++ b/signer.sh
@@ -0,0 +1,74 @@
+#!/bin/sh
+
+DIR_ETC=./etc/
+
+HOST_CA_PRIV=${DIR_ETC}private/host/meutel_host_ca
+USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca
+HOST_CONFIG_ROOT=${DIR_ETC}public/host/
+USER_CONFIG_ROOT=${DIR_ETC}public/user/
+
+TYPE=$1
+NAME=$2
+PRINCIPALS=$3
+VALIDITY=$4
+OPTS=$5
+
+check_ca_key()
+{
+	CA_PRIV=$1
+	if [ ! -f $CA_PRIV ]; then
+		echo "missing private CA key: $CA_PRIV" >&2
+		exit 2
+	fi
+}
+
+check_config()
+{
+	CONFIG_DIR=$1
+	if [ ! -d $CONFIG_DIR ]; then
+		echo "missing config: $CONFIG_DIR" >&2
+		exit 3
+	fi
+}
+
+user_cert()
+{
+	echo "user certificate"
+	check_ca_key $USER_CA_PRIV
+	USER_CONFIG=${USER_CONFIG_ROOT}${NAME}
+	check_config $USER_CONFIG
+	if [ -z "$PRINCIPALS" ]; then
+		echo "missing principals" >&2
+		exit 4
+	fi
+	if [ -z "$VALIDITY" ]; then
+		echo "missing validity duration" >&2
+		exit 4
+	fi
+# ssh-keygen -I certificate_identity -s ca_key [-hU] [-D pkcs11_provider]
+#                [-n principals] [-O option] [-V validity_interval]
+#                [-z serial_number] file ...
+
+	ssh-keygen 
+}
+
+host_cert()
+{
+	echo "host certificate"
+	check_ca_key $HOST_CA_PRIV
+	HOST_CONFIG=${HOST_CONFIG_ROOT}${NAME}
+	check_config $HOST_CONFIG
+}
+
+case $TYPE in
+	"user")
+		user_cert
+		;;
+	"host")
+		host_cert
+		;;
+	*)
+		echo "unknown certificate type" >&2
+		exit 1
+		;;
+esac