#!/bin/bash


if [ "$#" -eq 0 ]
  then
    echo "# ERROR - no FQDN";
    echo -e "\nARG: SSL_CN SSL_FIRMA SSL_OJEDI SSL_LOKAC SSL_DRZAV SSL_DRZKO SSL_EMAIL SSL_SELFS\n\n";
    echo "NEMO_openssl.gen server.domain.tld";
    echo "NEMO_openssl.gen server.domain.tld ORG_ORG 'OU_IT IT'";
    echo "SSL_DRZKO=YU NEMO_openssl.gen server.domain.tld ORG_ORG 'OU_IT IT'";
    echo "SSL_SELFS=yes SSL_EMAIL='postmaster@domain.tld' NEMO_openssl.gen server.domain.tld ORG_ORG 'OU_IT IT'";
    exit 1;
fi;


VREME="$( date '+%Y%m%d-%H%M%S' )";
mkdir -pv "${HOME}/SSL/${VREME}";
cd "${HOME}/SSL/${VREME}";
pwd;

SSL_CN="$1";
if [ -z "$2" ]; then SSL_FIRMA="${SSL_FIRMA:-mCloud d.o.o}"; else SSL_FIRMA="$2"; fi;
if [ -z "$3" ]; then SSL_OJEDI="${SSL_OJEDI:-IT}"; else SSL_OJEDI="$3"; fi;
if [ -z "$4" ]; then SSL_LOKAC="${SSL_LOKAC:-Belgrade}"; else SSL_LOKAC="$4"; fi;
if [ -z "$5" ]; then SSL_DRZAV="${SSL_DRZAV:-Serbia}"; else SSL_DRZAV="$5"; fi;
if [ -z "$6" ]; then SSL_DRZKO="${SSL_DRZKO:-RS}"; else SSL_DRZKO="$6"; fi;
if [ -z "$7" ]; then SSL_EMAIL="${SSL_EMAIL:-admin@$( echo "$SSL_CN" | sed -e 's/^\(www\|mail\)\.//' )}"; else SSL_EMAIL="$7"; fi;
if [ -z "$8" ]; then SSL_SELFS="${SSL_SELFS:-no}"; else SSL_SELFS="$8"; fi;

echo;
echo -e "# SSL_CN:\t${SSL_CN}";
echo -e "# SSL_EMAIL:\t${SSL_EMAIL}";
echo -e "# SSL_FIRMA:\t${SSL_FIRMA}";
echo -e "# SSL_OJEDI:\t${SSL_OJEDI}";
echo -e "# SSL_LOKAC:\t${SSL_LOKAC}";
echo -e "# SSL_DRZAV:\t${SSL_DRZAV}";
echo -e "# SSL_DRZKO:\t${SSL_DRZKO}";
echo -e "# SSL_SELFS:\t${SSL_SELFS}";

echo -e "\n# ---------------------------------------------------------------------- #\n";
openssl req -sha256 -new -newkey rsa:4096 -nodes -out "./${SSL_CN}.csr" -keyout "./${SSL_CN}.key" \
-subj "\
/C=${SSL_DRZKO}\
/ST=${SSL_DRZAV}\
/L=${SSL_LOKAC}\
/O=${SSL_FIRMA}\
/OU=${SSL_OJEDI}\
/CN=${SSL_CN}\
/emailAddress=${SSL_EMAIL}\
";
openssl req -text -noout -verify -in "./${SSL_CN}.csr" | tee "./${SSL_CN}.csr.info" | sed -e '/^ \+[0-9a-f:]\+$/d';
echo -e "\n# ---------------------------------------------------------------------- #\n";
cat "./${SSL_CN}.csr";
echo;


if [ "$SSL_SELFS" == "yes" ]
 then
    echo -e "\n# ---------------------------------------------------------------------- #\n";
    openssl x509 -req -days 365 -in "./${SSL_CN}.csr" -sha512 -signkey "./${SSL_CN}.key" -out "./${SSL_CN}.crt.self";
    openssl x509 -text -noout -in "./${SSL_CN}.crt.self" | tee "./${SSL_CN}.crt.self.info" | sed -e '/^ \+[0-9a-f:]\+$/d';
    echo;
    openssl verify -CAfile "./${SSL_CN}.crt.self" "./${SSL_CN}.crt.self";
    echo -e "\n# ---------------------------------------------------------------------- #\n";
fi;

exit 0;