# ssh-keygen(1) completion                                 -*- shell-script -*-

_comp_cmd_ssh_keygen()
{
    local cur prev words cword comp_args
    _comp_initialize -n := -- "$@" || return

    case $prev in
        -*[aCIJjMNPSVWz])
            return
            ;;
        -*b)
            local -a sizes=()
            case "${words[*]}" in
                *" -t dsa"?( *))
                    sizes=(1024)
                    ;;
                *" -t ecdsa"?( *))
                    sizes=(256 384 521)
                    ;;
                *" -t rsa"?( *))
                    sizes=(1024 2048 3072 4096)
                    ;;
            esac
            ((${#sizes[@]})) &&
                _comp_compgen -- -W '"${sizes[@]}"'
            return
            ;;
        -*E)
            _comp_compgen -- -W 'md5 sha256'
            return
            ;;
        -*[FR])
            # TODO: trim this down to actual entries in known hosts files
            _comp_compgen_known_hosts -- "$cur"
            return
            ;;
        -*[Dw])
            _comp_compgen_filedir so
            return
            ;;
        -*[fGKsT])
            _comp_compgen_filedir
            return
            ;;
        -*m)
            _comp_compgen -- -W 'PEM PKCS8 RFC4716'
            return
            ;;
        -*n)
            [[ ${words[*]} != *\ -*Y\ * ]] || return
            if [[ ${words[*]} == *\ -*h\ * ]]; then
                _comp_compgen_known_hosts -- "${cur##*,}"
                ((${#COMPREPLY[@]})) &&
                    _comp_delimited , -W '"${COMPREPLY[@]}"'
            else
                _comp_delimited , -u
            fi
            return
            ;;
        -*O)
            if [[ $cur != *=* ]]; then
                _comp_compgen -- -W 'clear critical: extension: force-command=
                    no-agent-forwarding no-port-forwarding no-pty no-user-rc
                    no-x11-forwarding permit-agent-forwarding
                    permit-port-forwarding permit-pty permit-user-rc
                    permit-X11-forwarding no-touch-required source-address=
                    verify-required

                    lines= start-line= checkpoint= memory= start= generator=

                    application= challenge= device= no-touch-required resident
                    user= write-attestation='

                [[ ${COMPREPLY-} == *[:=] ]] && compopt -o nospace
                _comp_ltrim_colon_completions "$cur"
            else
                case $cur in
                    force-command=*)
                        compopt -o filenames
                        _comp_compgen -c "${cur#*=}" commands
                        ;;
                    checkpoint=* | challenge=* | write-attestation=*)
                        _comp_compgen -c "${cur#*=}" filedir
                        ;;
                    application=*([^:=]))
                        _comp_compgen -c "${cur#*=}" -- -W "ssh:"
                        compopt -o nospace
                        ;;
                    user=*)
                        _comp_compgen -c "${cur#*=}" -- -u
                        ;;
                esac
            fi
            return
            ;;
        -*r)
            [[ ${words[*]} != *\ -*Y\ * ]] || _comp_compgen_filedir
            return
            ;;
        -*t)
            # Prefer `ssh` from same dir for resolving options, etc
            local pathcmd protocols
            pathcmd=$(type -P "$1") && local PATH=${pathcmd%/*}:$PATH
            _comp_compgen -v protocols -x ssh query protocol-version
            local types='dsa ecdsa ecdsa-sk ed25519 ed25519-sk rsa'
            if [[ ${protocols[*]} == *1* ]]; then
                types+=' rsa1'
            fi
            _comp_compgen -- -W "$types"
            return
            ;;
        -*Y)
            _comp_compgen -- -W 'find-principals check-novalidate sign verify'
            return
            ;;
    esac

    _comp_compgen_set
    if [[ $cur == -* ]]; then
        _comp_compgen_usage -- "-?" ||
            _comp_compgen_help -- "-?" # OpenSSH < 7
    fi

    if [[ ${words[*]} == *\ -*s\ * ]]; then
        _comp_compgen -a filedir pub
    fi
} &&
    complete -F _comp_cmd_ssh_keygen ssh-keygen

# ex: filetype=sh
