#! /bin/sh

set -e
. lib/func.sh

## Check to see whether we're already set up.
if [ -d ca ]; then
  echo >&2 "$0: already set up: delete ca/ to restart"
  exit 1
fi

## Clear out and recreate the old state directories.
rm -rf gnupg ca ca.new publish publish.new
mkdir -m700 gnupg ca.new

## Generate the CA keys.
for kt in $keytypes; do
  case $kt in
    *:*) bits=-b${kt#*:} kt=${kt%:*} ;;
    *) bits= ;;
  esac
  ssh-keygen -fca.new/ca-$kt -t$kt $bits -C"$cacomment" -N ""
done

## Generate the GnuPG key.
run_gpg	--batch -q --gen-key <<EOF
%echo Generating key ssh-ca; hold on tight...
Key-Type: $gnupg_key_type
Key-Length: $gnupg_key_length
Name-Real: ${gnupg_key_realname_prefix}ssh-ca
Name-Comment: ssh-ca
Name-Email: ssh-ca@$gnupg_key_email_domain
EOF

## Done.
mv ca.new ca