#!/bin/sh
# $Header: /root/magellan-cvs/src/openssl/openssl-make-certs.sh,v 1.3 2010-03-04 15:49:23 niro Exp $

SSLDIR="${SSLDIR-/etc/ssl}"
SSLCONFIG="${SSLCONFIG-${SSLDIR}/openssl.cnf}"
CERTDIR="${SSLDIR}/certs"
KEYDIR="${SSLDIR}/private"
CERTNAME="$1"
CERTFILE="${CERTDIR}/${CERTNAME}.pem"
KEYFILE="${KEYDIR}/${CERTNAME}.key"

die() { echo "ERROR: $@"; exit 1; }

usage()
{
	echo "Usage:"
	echo "      $0 [cert-name]"
	echo
	echo "The environment variables \$SSLCONFIG and \$SSLDIR will be respected too."
	echo
	die "No certificate name given!"
}

# sanity checks
[[ $(id -u) -ne 0 ]] && die "You must be root!"
[[ -z ${CERTNAME} ]] && usage
[ ! -d ${CERTDIR} ] && die "${CERTDIR} directory doesn't exist!"
[ ! -d ${KEYDIR} ] && die "${KEYDIR} directory doesn't exist!"
[ -f ${CERTFILE} ] && die "${CERTFILE} already exists, won't overwrite!"
[ -f ${KEYFILE} ] && die "${KEYFILE} already exists, won't overwrite!"

echo
echo "You may want to setup your default ssl config file first."
echo "Just edit '${SSLCONFIG}'."
echo
echo "Press [Enter] to continue, [CTRL-C] to abort."
read

openssl req -new -x509 -nodes -config ${SSLCONFIG} -out ${CERTFILE} -keyout ${KEYFILE} -days 365 || die "Certificate request failed!"
# combine cert and keyfile to one cert
cat ${CERTFILE} ${KEYFILE} > ${CERTFILE}.combined || die "Combine [cat] failed!"
rm ${CERTFILE} || die "Combine [rm] failed!"
mv ${CERTFILE}{.combined,} || die "Combine [mv] failed!"
chown root:root ${CERTFILE} ${KEYFILE} || die "Ownership failed!"
chmod 0400 ${CERTFILE} ${KEYFILE} || die "Permissions failed!"
echo
openssl x509 -subject -fingerprint -noout -in ${CERTFILE} || die "Fingerprint failed!"