#! /bin/bash

SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )

NAME=caronte
DNS_NAME=$NAME
KEYSTORE=${HOME}/keystore
TRUSTED_IP_ADDRESS=""

echo $KEYSTORE

while getopts 'n:k:i:h' opt; do
  case "$opt" in
    k)
      KEYSTORE=${OPTARG}
      ;;
    n)
      DNS_NAME=${OPTARG}
      ;;
    i)
      TRUSTED_IP_ADDRESS=${OPTARG}
      ;;
    ?|h)
      echo "Usage: $(basename $0) [-n server_dns] [-i ip_address] [-k keystore_dir]"
      exit 1
      ;;
  esac
done
shift "$(($OPTIND -1))"

if [ -d $KEYSTORE ]
then
    echo "keystore dir exists, init aborted"
    exit 1
else
    mkdir $KEYSTORE
    cd $KEYSTORE
fi

# Create root CA
CA_CRT=rembus-ca.crt
CA_KEY=rembus-ca.key

openssl req -x509 \
            -sha256 -days 356 \
            -nodes \
            -newkey rsa:2048 \
            -subj "/CN=Rembus/C=IT/L=Trento" \
            -keyout ${CA_KEY} -out ${CA_CRT} 

# create ext file
cat > ${NAME}.ext <<EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = ${DNS_NAME}
IP.1 = 127.0.0.1
EOF

if [ ! -z ${TRUSTED_IP_ADDRESS} ]
then
cat >> ${NAME}.ext <<EOF
IP.2 = ${TRUSTED_IP_ADDRESS}
EOF
fi

openssl genrsa -out ${NAME}.key 2048

# extract the public key
# https://stackoverflow.com/questions/5244129/use-rsa-private-key-to-generate-public-key
# openssl rsa -in ${NAME}.key -pubout -out ${NAME}.pem

openssl req -new -key ${NAME}.key -out ${NAME}.csr -subj "/C=IT/ST=Italia/L=Trento/O=Rembus/CN=${NAME}/emailAddress=admin@example.com"

openssl x509 -req -in ${NAME}.csr -CA ${CA_CRT} -CAkey ${CA_KEY} -CAcreateserial -out ${NAME}.crt -days 825 -sha256 -extfile ${NAME}.ext
