#! /bin/bash

set -e
set -u

options="${1:-}"
prefix="${2:-}"
host="${3:-localhost}"

doserver=0
doclient=0

case "$options" in
   server ) doserver=1 ;;
   client ) doclient=1 ; cacrt="${4}"; cakey="${5}" ;;
   all ) doserver=1; doclient=1 ;;
   * ) echo "USAGE: $0 [all|server|client] file_prefix [cname] [server.crt server.key]"; exit 1 ;;
esac

###   CREATE SERVER STUFF  ###
if ((doserver)); then
   cakey="$(mktemp)"
   cacrt="$(mktemp)"

   echo 1
   openssl genrsa -out $cakey 4096
   echo 2
   openssl req -nodes -new -x509 -days 3650 -key $cakey -out $cacrt \
      -subj "/C=US/ST=UT/O=breel/CN=${host}" \
       -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf \
      <(printf "\n[SAN]\nsubjectAltName=DNS:${host},DNS:*.${host}"))
fi

if ((doclient)); then
   clientkey="$(mktemp)"
   clientcsr="$(mktemp)"
   clientcrt="$(mktemp)"
   echo 3
   openssl genrsa -out $clientkey 4096
   echo 4
   openssl req -nodes -new -key $clientkey -out $clientcsr \
      -subj "/C=US/ST=UT/O=breel/CN=${host}" \
       -reqexts SAN -extensions SAN -config <(cat /etc/ssl/openssl.cnf \
      <(printf "\n[SAN]\nsubjectAltName=DNS:${host},DNS:*.${host}"))

   # self-signed
   echo 5
   openssl x509 -req -days 3650 -in $clientcsr -CA $cacrt -CAkey $cakey \
      -set_serial 01 -out $clientcrt
   rm $clientcsr
fi

if ((doserver)); then
   mv $cakey ./${prefix}server.key
   mv $cacrt ./${prefix}server.crt
fi
if ((doclient)); then
   mv $clientkey ./${prefix}client.key
   mv $clientcrt ./${prefix}client.crt
fi