#!/usr/bin/env sh

ssh_config_val() {
    local field="$1"
    local val

    if [[ -z "$field" ]]; then
        echo "usage: ssh_config_val <config name>" >&2
        return 2
    fi

    echo $(sshd -T | grep -i "^$field " | head -1 | awk '{print $2}')
}

check_ssh_files() {
    printf "%-6s %-20s %-6s %s\n" "STATUS" "KEY" "PERMS" "PATH"
    for key in hostkey hostcertificate trustedusercakeys; do
        path=$(ssh_config_val "$key")
        if [[ -z "$path" ]]; then
            printf "%-7s %-20s %-6s %s\n" "⚠️" "$key" "-" "(not configured)"
            continue
        fi

        if [[ -e "$path" ]]; then
            perms=$(stat -c '%a' "$path")
            printf "%-7s %-20s %-6s %s\n" "✅" "$key" "$perms" "$path"
        else
            printf "%-7s %-20s %-6s %s\n" "❌" "$key" "-" "$path (missing)"
        fi
    done
}