+# check that the service name is well formed
+check_service_name() {
+ local name="$1"
+ log error "FIX ME: check service name"
+}
+
+# fail if host key not present
+check_no_keys() {
+ [ -s "$HOST_KEY_FILE" ] || [ -s "$HOST_KEY_FPR_FILE" ] \
+ || failure "You don't appear to have a Monkeysphere host key on this server.
+Please run 'monkeysphere-host import-key' import a key."
+}
+
+# key input to functions, outputs full fingerprint of specified key if
+# found
+check_key_input() {
+ local keyID="$1"
+ # array of fingerprints
+ local fprs=($(host_fingerprints))
+
+ case ${#fprs[@]} in
+ 0)
+ failure "You don't appear to have any Monkeysphere host keys.
+Please run 'monkeysphere-host import-key' to import a key."
+ ;;
+ 1)
+ :
+ ;;
+ *)
+ if [ -z "$keyID" ] ; then
+ failure "Your host keyring contains multiple keys.
+Please specify one to act on (see 'monkeysphere-host show-key')."
+ fi
+ ;;
+ esac
+ printf '%s\n' "${fprs[@]}" | grep "${keyID}$" \
+ || failure "Host key '$keyID' not found."
+}
+
+# return 0 if user ID was found.
+# return 1 if user ID not found.
+check_key_userid() {
+ local keyID="$1"
+ local userID="$2"
+ local tmpuidMatch
+
+ # match to only "unknown" user IDs (host has no need for ultimate trust)
+ tmpuidMatch="uid:-:$(echo $userID | gpg_escape)"
+
+ # See whether the requsted user ID is present
+ gpg_host_list_keys "$keyID" | cut -f1,2,10 -d: | \
+ grep -q -x -F "$tmpuidMatch" 2>/dev/null
+}
+
+# run command looped over keys
+multi_key() {
+ local cmd="$1"
+ shift
+ local keys=$@
+ local i=0
+ local fprs=($(host_fingerprints))
+ local key
+
+ check_no_keys
+
+ if [[ -z "$1" || "$1" == '--all' ]] ; then
+ keys="${fprs[@]}"
+ fi
+
+ for key in $keys ; do
+ if (( i++ > 0 )) ; then
+ echo "##############################"
+ fi
+ eval "$cmd" "$key"
+ done
+}
+
+# show info about the a key
+show_key() {
+ local id="$1"
+ local GNUPGHOME
+ local TMPSSH
+ local fingerprint
+ local revokers
+
+ # tmp gpghome dir
+ export GNUPGHOME=$(msmktempdir)
+
+ # trap to remove tmp dir if break
+ trap "rm -rf $GNUPGHOME" EXIT
+
+ # import the host key into the tmp dir
+ gpg --quiet --import <"$HOST_KEY_FILE"
+
+ # create the ssh key
+ TMPSSH="$GNUPGHOME"/ssh_host_key_rsa_pub
+ if ! gpg --export "$id" 2>/dev/null \
+ | openpgp2ssh 2>/dev/null >"$TMPSSH" ; then
+ failure "Key '$id' not found."
+ fi
+
+ # get the gpg fingerprint
+ fingerprint=$(gpg --quiet --list-keys \
+ --with-colons --with-fingerprint "$id" \
+ | grep '^fpr:' | cut -d: -f10 )
+
+ # list the host key info
+ # FIXME: make no-show-keyring work so we don't have to do the grep'ing
+ # FIXME: can we show uid validity somehow?
+ gpg --list-keys --list-options show-unusable-uids "$id" 2>/dev/null \
+ | grep -v "^${GNUPGHOME}/pubring.gpg$" \
+ | egrep -v '^-+$'
+
+ # list revokers, if there are any
+ revokers=$(gpg --list-keys --with-colons --fixed-list-mode "$id" \
+ | awk -F: '/^rvk:/{ print $10 }' )
+ if [ "$revokers" ] ; then
+ echo "The following keys are allowed to revoke this host key:"
+ for key in $revokers ; do
+ echo "revoker: $key"
+ done
+ echo
+ fi
+
+ # list the pgp fingerprint
+ echo "OpenPGP fingerprint: $fingerprint"
+
+ # list the ssh fingerprint
+ echo -n "ssh fingerprint: "
+ ssh-keygen -l -f "$TMPSSH" | awk '{ print $1, $2, $4 }'
+
+ # remove the tmp file
+ trap - EXIT
+ rm -rf "$GNUPGHOME"