#!/bin/bash

set -e

ACMEUSER="$1"

CERTS_DIR="$2"

SUBJ="$3"

if [ -z "$ACMEUSER" ] || [ -z "$CERTS_DIR" ] || [ -z "$SUBJ" ]; then

  echo "Usage: $0 acmeuser /mysite/certs/dir/ /CN=mysite.com/CN=www.mysite.com"

  exit 0

fi

BASE_DIR=$(cd `dirname "$0"`; pwd)

NAME=`date +%Y-%m-%d--%H-%M-%S--%N`

PREFIX="$CERTS_DIR/$NAME"

echo " -------------------------------------------- "

echo " begin $PREFIX "

echo " -------------------------------------------- "

mkdir -p "$CERTS_DIR"

openssl genrsa -out "$PREFIX.key" 4096

openssl req -new -sha512 -key "$PREFIX.key" -out "$PREFIX.csr" -subj "$SUBJ"

sudo -u "$ACMEUSER" "$BASE_DIR/sign-cert.py" "$PREFIX.csr" "$PREFIX.crt"

echo "compare modulus"

$MUDULUS_CRT=`openssl x509 -noout -modulus -in "$PREFIX.csr"`

$MUDULUS_KEY=`openssl rsa -noout -modulus -in "$PREFIX.key"`

if [ "$MODULUS_CRT" != "$MUDULUS_KEY" ]; then

  echo "ERROR: modulus of certificate do not matches modulus of key"

  exit 1

fi

echo "ok"

cd "$CERTS_DIR"

ln -fs "$PREFIX.key" "private.key"

ln -fs "$PREFIX.key" "public.crt"

echo " -------------------------------------------- "

echo " done $PREFIX "

echo " -------------------------------------------- "