#!/bin/zsh
# macOS-only; can assume zsh

set -euo pipefail

host=$1
pubfile="${HOME}/.ssh/sekey/${host}.pub"

function getKeyForHost () {
	host=$1
	sekey --list-keys | awk "\$2 == \"$host\" {print \$4}"
}

if [[ -z $(getKeyForHost $host) ]]
then
	sekey --generate-keypair $host | { ! grep --invert-match "successfully generated" }
fi

if [[ -f $pubfile ]]
then
	echo "Public key ${pubfile} already exists!"
	echo "You should probably remove it, as there isn't a matching keypair in the Enclave"
	exit 1
fi

keyid=$(getKeyForHost $host)

sekey --export-key $keyid | tee "$pubfile"