#!/usr/bin/env bash

set -euxo pipefail

SCRIPT_DIR=$(dirname "$(readlink -f "$0")")
user_ca_key="${SCRIPT_DIR}/ssh_certs/user_ca"

if [ ! -f "${user_ca_key}" ]
then
  echo "User CA key not found."
  exit 1
fi

username=$1
principals=$2
user_pub=$3

if [ ! -f "${user_pub}" ]
then
    echo "User public key not found."
    exit 1
fi

ssh-keygen -s "${user_ca_key}" -I "${username}" -n "${principals}" -V +52w "${user_pub}"
echo "Done!"