#!/usr/bin/env bash

set -e

SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
source "$SCRIPTDIR/common"

OUTDIR="$SCRIPTDIR/build"

: ${NAMESPACE:=enmasse-infra}

rm -Rf "$OUTDIR"
mkdir -p "$OUTDIR"

export SAN=""

# Create root

openssl req -x509 -config "$SCRIPTDIR/ca.cnf" -nodes -newkey rsa:4096 -keyout "$OUTDIR/root-key.pem" -out "$OUTDIR/root-cert.pem" -days 365 -subj "/O=EnMasse/OU=IoT/CN=root"

# Create CA

openssl req -config "$SCRIPTDIR/ca.cnf" -reqexts intermediate_ext -nodes -newkey rsa:4096 -keyout "$OUTDIR/ca-key.pem" -days 365 -subj "/O=EnMasse/OU=IoT/CN=ca" | \
openssl x509 -req -extfile "$SCRIPTDIR/ca.cnf" -extensions intermediate_ext -out "$OUTDIR/ca-cert.pem" -days 365 -CA "$OUTDIR/root-cert.pem" -CAkey "$OUTDIR/root-key.pem" -CAcreateserial

# Create trust base

cat "$OUTDIR/ca-cert.pem" "$OUTDIR/root-cert.pem" > "$OUTDIR/trusted-certs.pem"

# Export information

CA_SUBJECT=$(openssl x509 -in "$OUTDIR/ca-cert.pem" -noout -subject -nameopt RFC2253 | sed s/^subject=//)
PK=$(openssl x509 -in "$OUTDIR/ca-cert.pem" -noout -pubkey | sed /^---/d)

echo $CA_SUBJECT
echo $PK

function createServiceKeyAndCert() {
  openssl req -config "$SCRIPTDIR/ca.cnf" -nodes -newkey rsa:4096 -keyout "$OUTDIR/$1-key.pem" -days 365 -subj "/O=EnMasse/OU=IoT/CN=$1" | \
  SAN="DNS.1:${1}.svc,DNS.2:${1}.${NAMESPACE}.svc,DNS.3:localhost" openssl x509 -req -extfile "$SCRIPTDIR/ca.cnf" -extensions "san_ext" -out "$OUTDIR/$1.pem" -days 365 -CA "$OUTDIR/ca-cert.pem" -CAkey "$OUTDIR/ca-key.pem" -CAcreateserial

  cat "$OUTDIR/$1.pem" "$OUTDIR/ca-cert.pem" > "$OUTDIR/$1-fullchain.pem"

  #openssl x509 -noout -text -in "$OUTDIR/$1.pem"
}

for i in ${IOT_SERVICES}; do
    createServiceKeyAndCert "$i"
done
