#!/bin/sh

# quit if no FQDN specified
if test -z $1; then
	echo "No FQDN specified!"
	exit 1
fi

# capture the first arg into a file so that we can shift it below
fqdn=$1

# shift moves all arguments down (ie $2 becomes $1)
shift

# empty var for appending
subjectAltNames="DNS:${fqdn}"

# this looks through them all and sets up for multple alt names
for args in "$@"; do
	subjectAltNames="${subjectAltNames},DNS:${args}"
done

# CSR config file prep
csrCnfFilename="${fqdn}/csr.cnf"
csrFilename="${fqdn}/csr.pem"
keyEncFilename="${fqdn}/key-enc.pem"
keyFilename="${fqdn}/key.pem"
keyPwFilename="${fqdn}/key.pw"
keyBits=4096
orgName=secmayl
dnsNames="${subjectAltNames}"

# make the folder for the files
mkdir -p "${fqdn}"

# this creates the config file
echo "[ req ]"				> "${csrCnfFilename}"
echo "default_bits=${keyBits}"		>> "${csrCnfFilename}"
echo "default_md=sha256"		>> "${csrCnfFilename}"
echo "prompt=no"			>> "${csrCnfFilename}"
echo "encrypt_key=no"			>> "${csrCnfFilename}"
echo "distinguished_name=req_dn"	>> "${csrCnfFilename}"
echo "attributes=req_attr"		>> "${csrCnfFilename}"
echo "req_extensions=req_ext"		>> "${csrCnfFilename}"
echo ""					>> "${csrCnfFilename}"
echo "[ req_dn ]"			>> "${csrCnfFilename}"
echo "0.DC=com"				>> "${csrCnfFilename}"
echo "1.DC=${orgName}"			>> "${csrCnfFilename}"
echo "CN=${fqdn}"				>> "${csrCnfFilename}"
echo ""					>> "${csrCnfFilename}"
echo "[ req_attr ]"			>> "${csrCnfFilename}"
echo ""					>> "${csrCnfFilename}"
echo "[ req_ext ]"			>> "${csrCnfFilename}"
echo "subjectAltName=${dnsNames}"	>> "${csrCnfFilename}"

# generate a strong key
#openssl ecparam -name sect571r1 -genkey -out "$keyFilename"
openssl genrsa -aes256 -out "${keyEncFilename}" -passout file:"${keyPwFilename}" "${keyBits}"

# decrypt key
openssl rsa -in "${keyEncFilename}" -out "${keyFilename}" -passin file:"${keyPwFilename}"

# create a new CSR for this key
openssl req -new -config "${csrCnfFilename}" -key "${keyFilename}" -out "${csrFilename}"

# print the CSR
#cat "$csrFilename"