#!/bin/bash

set -eu

read -p "Specify the output path: " OUTPUT_PATH

if [ -z "$OUTPUT_PATH" ]; then
  OUTPUT_PATH="$(pwd)/output"

  if [[ ! -e "$OUTPUT_PATH" ]]; then 
    mkdir "$OUTPUT_PATH"
  fi 
fi

if [[ ! -e "$OUTPUT_PATH" ]]; then 
  printf "$OUTPUT_PATH doesn't exist" 
  exit;
fi

read -p "Specify the path where the cfssl and cfssljson are placed: " TOOL_PATH

CFSSLEXE=${TOOL_PATH}/cfssl
CFSSLJSONEXE=${TOOL_PATH}/cfssljson

echo ${CFSSLEXE}
if [ ! -e "$CFSSLEXE" ]; then
    printf "no cfssl found"
    exit;
fi

if [ ! -e "$CFSSLJSONEXE" ]; then
    printf "no cfssljson found"
    exit;
fi


cd $OUTPUT_PATH

${CFSSLEXE} print-defaults csr | ${CFSSLEXE} gencert -initca - | ${CFSSLJSONEXE} -bare ldap-ca 

CONFIG_CFSSL_JSON=${OUTPUT_PATH}/cfssl.json

cat <<EOF >> ${CONFIG_CFSSL_JSON}
{
  "signing": {
    "default": {
      "expiry": "87600h",
      "usages": ["signing", "key encipherment", "server auth"]
    }
  }
}

EOF

read -p "Give a name to the certificate: " CERT_NAME

read -p "Input the hostname(example.org,127.0.0.1): " CERT_HOSTNAME

echo '{}' | ${CFSSLEXE} gencert -ca=ldap-ca.pem -ca-key=ldap-ca-key.pem -config=${CONFIG_CFSSL_JSON} \
    -hostname="${CERT_HOSTNAME}" - | ${CFSSLJSONEXE} -bare ${CERT_NAME}