myshellconfig/bin/signpubkey

#!/bin/bash


usage() {
    cat << EOF
    
    Usage: $(dirname $0) [-t|--hsm] [-U|-H] [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] <identity> [--dry-run] <publickey>


EOF

}
default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber"
host_or_user=user

set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms,dry-run -- "$@"|| exit $?)

while : ;do
    case $1 in
        -h|--help)
            usage
            exit 0
            break
            ;;
        -H|host)
            host_or_user=host
            shift
            ;;
        -U|user)
            host_or_user=user
            shift
            ;;
        -n|--principals)
            shift
            principals=$1
            shift
            ;;
        -V|--valid-time)
            shift
            validtime="${1}"
            shift
            ;;
        -S|--serialnumber)
            shift
            serialnumber=$1
            shift
            ;;
        -s|--serialnumber-file)
            shift
            serialnumberfile="$1"
            shift
            ;;
        -I|--identity)
            shift
            identity=${1}
            shift
            ;;
        -t|--hms)
            # t wie token
            shift
            hms=true
            ;;
        --dry-run)
            DRY=true
            shift
            ;;
        --)
            shift
            break
            ;;
        *)
            echo wrong argument $1 >&2
            usage
            exit 1
            ;;
    esac
done

[ -z "${validtime+x}" ]         && validtime="+8W"
[ -z "${identity+x}" ]          && identity=${USER}@$(hostname -f)
[ -z "${serialnumberfile+x}" ]  && serialnumberfile=${default_serialnumberfile}
[ -z "${serialnumber+x}" ]      && serialnumber=$(sed -i -r 's/^([0-9]+)$/echo "$((\1+1))"/ge' "${serialnumberfile}"; cat "${serialnumberfile}" )
[ -z "${principals+x}" ]        && { echo "no principals given"; [ $DRY ] || usage; [ $DRY ] || exit 1; }

CABASE=~/ssh-ca
host_or_user=user
case $host_or_user in
    host)
        CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}
        ;;
    user)
        CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub
esac

if ${hms:-false};then
    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
    [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
else
    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
    [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
fi
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
+								#!/bin/bash
 								usage() {
 								    cat << EOF
-												add P11-Module and set default variable

											
										
										
											2022-09-10 08:56:37 +02:00
+								    Usage: $(dirname $0) [-t|--hsm] [-U|-H] [-n|--principals] <principal>[,<principal>[,<principal>[,...]]] [-V|--valid-time] <TIME> [-s|--serialnumber] <INT> [-S|-serialnumber-file] <filename> [-I|--identity] <identity> [--dry-run] <publickey>
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
 								EOF
 								}
 								default_serialnumberfile="${HOME}/ssh-ca/serialnumbers/serialnumber"
-												add P11-Module and set default variable

											
										
										
											2022-09-10 08:56:37 +02:00
+								host_or_user=user
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
-												add dry-run to signpubkey

											
										
										
											2022-06-08 18:37:14 +02:00
+								set -- $(getopt -u -o hHn:V:s:S:I:tU --long help,host,user,principals:,valid-time:,serialnumber:,serialnumber-file:,identity:,hms,dry-run -- "$@"|| exit $?)
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
 								while : ;do
 								    case $1 in
 								        -h|--help)
 								            usage
-												add P11-Module and set default variable

											
										
										
											2022-09-10 08:56:37 +02:00
+								            exit 0
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
+								            break
 								            ;;
 								        -H|host)
 								            host_or_user=host
 								            shift
 								            ;;
 								        -U|user)
 								            host_or_user=user
 								            shift
 								            ;;
 								        -n|--principals)
 								            shift
 								            principals=$1
 								            shift
 								            ;;
 								        -V|--valid-time)
 								            shift
 								            validtime="${1}"
 								            shift
 								            ;;
 								        -S|--serialnumber)
 								            shift
 								            serialnumber=$1
 								            shift
 								            ;;
 								        -s|--serialnumber-file)
 								            shift
 								            serialnumberfile="$1"
 								            shift
 								            ;;
 								        -I|--identity)
 								            shift
 								            identity=${1}
 								            shift
 								            ;;
 								        -t|--hms)
 								            # t wie token
 								            shift
 								            hms=true
 								            ;;
-												add dry-run to signpubkey

											
										
										
											2022-06-08 18:37:14 +02:00
+								        --dry-run)
 								            DRY=true
 								            shift
 								            ;;
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
+								        --)
 								            shift
 								            break
 								            ;;
 								        *)
 								            echo wrong argument $1 >&2
 								            usage
 								            exit 1
 								            ;;
 								    esac
 								done
 								[ -z "${validtime+x}" ]         && validtime="+8W"
 								[ -z "${identity+x}" ]          && identity=${USER}@$(hostname -f)
 								[ -z "${serialnumberfile+x}" ]  && serialnumberfile=${default_serialnumberfile}
 								[ -z "${serialnumber+x}" ]      && serialnumber=$(sed -i -r 's/^([0-9]+)$/echo "$((\1+1))"/ge' "${serialnumberfile}"; cat "${serialnumberfile}" )
-												add dry-run to signpubkey

											
										
										
											2022-06-08 18:37:14 +02:00
+								[ -z "${principals+x}" ]        && { echo "no principals given"; [ $DRY ] || usage; [ $DRY ] || exit 1; }
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
 								CABASE=~/ssh-ca
 								host_or_user=user
 								case $host_or_user in
 								    host)
 								        CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}
 								        ;;
 								    user)
 								        CAPATH=$CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub
 								esac
 								if ${hms:-false};then
-												add P11-Module and set default variable

											
										
										
											2022-09-10 08:56:37 +02:00
+								    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
-												add dry-run to signpubkey

											
										
										
											2022-06-08 18:37:14 +02:00
+								    [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca.pub -D $P11M -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
+								else
 								    echo ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
-												add dry-run to signpubkey

											
										
										
											2022-06-08 18:37:14 +02:00
+								    [ $DRY ] || ssh-keygen -s $CABASE/${host_or_user^^}_CA/${host_or_user}_ca -n "${principals}" -V "${validtime}" -z $serialnumber -I "${identity}" "$1"
-												add signpubkey for ssh-ca

											
										
										
											2021-11-18 17:39:34 +01:00
+								fi