#!/usr/bin/env bash
# backtunnel-keys: manage accessor-side keys
# Usage:
#   backtunnel-keys print         # print (and generate if missing) the public key
#   backtunnel-keys path          # print the private/public key paths

set -euo pipefail

KEY="$HOME/.ssh/id_ed25519_backtunnel"
PUB="$KEY.pub"

cmd="${1:-print}"

case "$cmd" in
  print)
    if [[ ! -f "$KEY" ]]; then
      ssh-keygen -t ed25519 -f "$KEY" -N "" -C "backtunnel" >/dev/null
    fi
    if [[ ! -f "$PUB" ]]; then
      echo "Missing public key $PUB" >&2; exit 1
    fi
    cat "$PUB"
    ;;
  path)
    echo "private: $KEY"
    echo "public : $PUB"
    ;;
  *)
    echo "Usage: $0 {print|path}" >&2
    exit 1
    ;;
esac