From de4421ae398e793239c7fbfb8be6e48078e917fa Mon Sep 17 00:00:00 2001
From: Meutel <meutel@meutel.net>
Date: Mon, 12 Feb 2024 13:32:44 +0000
Subject: [PATCH] Fix options

---
 signer.sh | 60 +++++++++++++++++++++++++++++++++++++++++++++++--------
 1 file changed, 52 insertions(+), 8 deletions(-)

diff --git a/signer.sh b/signer.sh
index 947dc40..15ff874 100755
--- a/signer.sh
+++ b/signer.sh
@@ -7,6 +7,7 @@ USER_CA_PRIV=${DIR_ETC}private/user/meutel_user_ca
 HOST_CONFIG_ROOT=${DIR_ETC}public/host/
 USER_CONFIG_ROOT=${DIR_ETC}public/user/
 
+ARGS_COUNT=$#
 # public key file
 PUBKEY=$1
 # certificate type: user/host
@@ -17,14 +18,25 @@ NAME=$3
 VALIDITY=$4
 # principals for user cert
 PRINCIPALS=$5
-# certificate options
-OPTS=$6
+if [ "$ARGS_COUNT" -gt 5 ]
+then
+  shift 5
+  # certificate options
+  OPTS=$@
+  echo "options: $OPTS"
+fi
+
+usage()
+{
+  echo "signer.sh <pubkey_file> <user|host> <name> <validity> (<principals> <options...>)"
+}
 
 check_pubkey()
 {
 	if [ ! -f $PUBKEY ]; then
 		echo "missing public key: $PUBKEY" >&2
-		exit 2
+    usage
+		exit 1
 	fi
 }
 
@@ -53,11 +65,13 @@ user_cert()
 	check_config $USER_CONFIG
 	if [ -z "$PRINCIPALS" ]; then
 		echo "missing principals" >&2
-		exit 4
+    usage
+		exit 1
 	fi
 	if [ -z "$VALIDITY" ]; then
 		echo "missing validity duration" >&2
-		exit 4
+    usage
+		exit 1
 	fi
   if ls $USER_CONFIG/*-cert.pub 2>/dev/null > /dev/null ; then
     SERIAL=$(( $( ls $USER_CONFIG/*-cert.pub | wc -l ) + 1 ))
@@ -76,10 +90,35 @@ user_cert()
   echo "  ID: $CERT_ID"
   echo "  principals: $PRINCIPALS"
   echo "  validity: $VALIDITY"
+  
 
-	ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -O "$OPTS" -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY"
-  # TODO copy cert
-  # TODO displqy certificate
+	#ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" $OPT_PARAMS -V "$VALIDITY" -z "$SERIAL" "$USER_PUB_KEY"
+  # declare -a PARAMS
+  # PARAMS=( "-I" "$CERT_ID" "-s" "$USER_CA_PRIV" "-n" "$PRINCIPALS" "-V" "$VALIDITY" "-z" "$SERIAL" "$USER_PUB_KEY" )
+  # for opt in "$OPTS"
+  # do
+    # PARAMS+=( $opt )
+  # done
+  # echo "${PARAMS[@]}"
+  
+  # ssh-keygen "${PARAMS[@]}"
+
+	gen_cert 
+  if [ "$?" -eq 0 ] ; then
+    cp "${USER_PUB_KEY%.pub}-cert.pub" "${PUBKEY%.pub}-cert.pub"
+    ssh-keygen -L -f "${PUBKEY%.pub}-cert.pub"
+  fi
+}
+
+gen_cert()
+{
+  for opt in $OPTS
+  do
+    set -- "$@" "-O"
+    set -- "$@" "$opt"
+  done
+  
+	ssh-keygen -I "$CERT_ID" -s "$USER_CA_PRIV" -n "$PRINCIPALS" -V "$VALIDITY" -z "$SERIAL" $@ "${USER_PUB_KEY}"
 }
 
 host_cert()
@@ -89,6 +128,10 @@ host_cert()
 	check_config $HOST_CONFIG
 }
 
+if [ "$ARGS_COUNT" -lt 4 ]; then 
+  usage
+  exit 1
+fi
 check_pubkey
 case $TYPE in
 	"user")
@@ -99,6 +142,7 @@ case $TYPE in
 		;;
 	*)
 		echo "unknown certificate type" >&2
+    usage
 		exit 1
 		;;
 esac