#!/bin/sh

SCRIPT=$(realpath "$0")
DIR=$(dirname "$SCRIPT")
CA="$DIR/ca"

if [ ! -f "$CA.key" ]; then
    openssl req \
            -x509 \
            -sha256 \
            -days 1825 \
            -newkey rsa:2048 \
            -keyout "$CA.key" \
            -out "$CA.crt"
fi

if [ -n "$1" ]; then
    FILE="$DIR/$1"

    echo "Generating key for $1"
    openssl req \
            -newkey rsa:2048 \
            -nodes \
            -keyout "$FILE.key" \
            -out "$FILE.csr"

    echo ""

    cat <<EOF > "$FILE.ext"
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
subjectAltName = @alt_names

[alt_names]
DNS.1 = $1
EOF

    echo ""
    openssl x509 \
            -req \
            -CA "$CA.crt" \
            -CAkey "$CA.key" \
            -in "$FILE.csr" \
            -out "$FILE.crt" \
            -days 365 \
            -CAcreateserial \
            -extfile "$FILE.ext"

    echo ""
    echo "Creating PKCS12 archive"
    cat "$FILE.key" "$FILE.crt" | openssl pkcs12 -export -in - -out "$FILE.p12"
else
    echo "USAGE: generate-key.sh KEYNAME"
fi