#!/bin/sh

set -eu

if [ $# -ne 1 ]; then
    echo "Usage: $(basename "$0") <year>" 1>&2
    exit
fi

cd /srv/sshca/ca

year="$1"
if [ "$year" -eq "$year" ] 2> /dev/null; then
    if [ "$year" -lt "$(date +%Y)" ]; then
        echo "ERROR: Invalid year \"${year}\", time in the past" 1>&2
        exit 1
    fi
else
    echo "ERROR: Invalid year \"${year}\"" 1>&2
    exit 1
fi

if [ -f "ca.${year}" ]; then
    echo "ERROR: Key \"${year}\" already exists" 1>&2
    exit 1
fi

ssh-keygen -t ed25519 -f "/srv/sshca/ca/ca.${year}" -C "foo.sh - SSH CA ${year}"