#!/bin/bash

die() { echo "Error: $@"; exit 1; }

usage()
{
	echo "Usage:"
	echo "	$0"
	echo
	echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too."
	echo
	die "No certificate name given!"
}

SSLDIR="${SSLDIR-@@SSLDIR@@}"
SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}"
CERTDIR="${SSLDIR}/certs"
KEYDIR="${SSLDIR}/private"
CERTNAME="mcored"
CERTFILE="${CERTDIR}/${CERTNAME}.pem"
REQFILE="${CERTDIR}/${CERTNAME}.csr"
KEYFILE="${KEYDIR}/${CERTNAME}.key"

type -P openssl > /dev/null || die "openssl not found!"
[[ $(id -u) -ne 0 ]] && die "You must be root!"
[ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!"
[ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!"
[ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite! Please rename this file first."
[ ! -f ${KEYFILE} ] && die "${KEYFILE} doesn't exist!"

# create a new signing request
openssl req -new -x509 -sha1 -nodes -config ${SSLCONFIG} -key ${KEYFILE} -out ${REQFILE} || die "Certificate request failed!"
# generate the new certificate
openssl x509 -sha1 -subject -fingerprint -in ${REQFILE} -signkey ${KEYFILE} -out ${CERTFILE} -days 365 || die "Fingerprint failed!"
# verify the certificate
openssl verify ${CERTFILE}