#!/bin/bash
#
# Script to generate host key and csr in the current directory, simply pass
# a desired common name as first param

HOSTNAME=$1
OPENSSL=/usr/bin/openssl
LOGGER=/usr/bin/logger
CFILE=/tmp/openssl.cf.$$
CA=/home/ca/myca

if [ ! -f ${CA}/Makefile ];
then
        echo "ERROR: The CA in ${CA} is not available"
        exit 1
fi

if [ "x${HOSTNAME}" = "x" ];
then
        echo "ERROR: Please specify a hostname on the commandline"
        exit 1
fi

if [ -f ${HOSTNAME}.key ] || [ -f ${HOSTNAME}.csr ];
then
        echo "ERROR: ${HOSTNAME}.key or ${HOSTNAME}.csr already exit, cannot run"
        exit 1
fi

cat <<@eof > $CFILE
[req]
prompt = no
distinguished_name = dn-param

[dn-param]
C = GB
ST = London
O = Your Company
OU = PKI
CN = $HOSTNAME
emailAddress = sysadmin@you.com
@eof

${OPENSSL} req -config ${CFILE} -nodes -newkey rsa:2048 -keyout ${HOSTNAME}.key -out ${HOSTNAME}.csr
${LOGGER} -t ca "Generated new certificate, key and csr for ${HOSTNAME}"

if [ -f ${HOSTNAME}.key ] && [ -f ${HOSTNAME}.csr ];
then
        echo "The following files have been created:"
        echo "   Key: ${HOSTNAME}.key"
        echo "   CSR: ${HOSTNAME}.csr"
        echo

        OLDDIR=`pwd`

        cp ${HOSTNAME}.csr ${CA}
        cd ${CA}

        make sign
        if [ -f ${HOSTNAME}.cert ];
        then
                mv ${HOSTNAME}.cert ${OLDDIR}/${HOSTNAME}.cert
                cd ${OLDDIR}
                echo 
                echo "The certificate has been created in ${HOSTNAME}.cert"
        else
                echo "ERROR: Creation of ${HOSTNAME}.cert failed"
                exit 1
        fi


else
        echo "ERROR: certificate creation failed, ${HOSTNAME}.key and ${HOSTNAME}.csr migth be bogus, please rm"
fi

rm -f /tmp/openssl.cf.$$