#!/bin/sh
h=marble.tj5tzswz7isfavggdjsiwxdjswrg6tadlzuf3j3q.ed25519.cryptonomic.net 
n=andy

key_basename=ssh_host_rsa_key
input_key=/etc/ssh/$key_basename

keycopy()
{
	openssl rsa -in "$input_key"         -outform DER > /etc/swanctl/private/"$key_basename"
	openssl rsa -in "$input_key" -pubout -outform DER > /etc/swanctl/pubkey/"$key_basename".pub

	t=$(mktemp)
	ssh-keyscan -trsa "$h" | while read hh rest; do [ "$h" = "$hh" ] && printf '%s\n' "$rest"; done

	ssh-keygen -e -f rsa.scan.edit -m PEM | openssl rsa -RSAPublicKey_in -outform DER > /etc/swanctl/pubkey/"$n".pub

	ls -l /etc/swanctl/private/"$key_basename" /etc/swanctl/pubkey/"$key_basename".pub /etc/swanctl/pubkey/"$n".pub
}

nocomments()
{
	sed 's/#.*//; /^ *$/d'
}


test_old_config()
{
	ipsec stop
	rm -f /etc/swanctl/conf.d/andy.conf
	cp ipsec.conf /etc/
	nocomments < ipsec.conf
	ipsec start
	sleep 2
	ipsec listpubkeys
	ipsec up andy
	ipsec stop
}

test_new_config()
{
	ipsec stop
	cp -T ipsec.conf.empty /etc/ipsec.conf
	cp andy.conf /etc/swanctl/conf.d/
	nocomments < andy.conf
	ipsec start
	sleep 2
	swanctl -c
	ipsec listpubkeys
	ipsec up andy
	ipsec stop
}

test_old_config
test_new_config