package main

import (
	"crypto"
	"crypto/ed25519"
	"encoding/hex"
	"fmt"
	"flag"
	"log"
	"os"
	"time"

	"github.com/golang-jwt/jwt/v5"
)

func main() {
	flagKey := flag.String("key", "jwt.key", "key file")
	flag.Parse()

	pub, key, err := loadKey(*flagKey)
	if err != nil {
		log.Fatalln(err)
	}

	token := jwt.NewWithClaims(jwt.SigningMethodEdDSA, jwt.MapClaims{
		"publickey": hex.EncodeToString(pub),
		"iat": time.Now().UTC().Unix(),
	})
	s, err := token.SignedString(key)
	if err != nil {
		log.Fatalln(err)
	}
	fmt.Println(s)
}

func loadKey(name string) (ed25519.PublicKey, crypto.Signer, error) {
	b, err := os.ReadFile(name)
	if err == nil {
		key := ed25519.NewKeyFromSeed(b)
		pub := key.Public().(ed25519.PublicKey)
		return pub, key, nil
	}
	if err != nil && !os.IsNotExist(err) {
		return nil, nil, err
	}

	var (
		key ed25519.PrivateKey
		pub ed25519.PublicKey
	)
	if pub, key, err = ed25519.GenerateKey(nil); err != nil {
		return nil, nil, err
	}

	if err = os.WriteFile(name, key.Seed(), 0600); err != nil {
		return nil, nil, err
	}

	return pub, key, nil
}