#!/bin/sh

ROOT_UID=0   # Root has $UID 0.

if [ "$UID" -eq "$ROOT_UID" ] ; # Will the real "root" please stand up?
then
	echo "Root OK"
else
	echo "You are just an ordinary user (you must be root to run this script)."
	exit 0
fi
DEFAULT=www.jamesmcdonald.id.au

echo -n "Please enter the hostname default ($DEFAULT) "
read x

if [ -z "$x" ] ; then
	HOSTNAME=$DEFAULT
else
	HOSTNAME=$x
fi
	
CONF=/etc/httpd/conf

# make the tarket folders if needed

for i in key csr crt
do
	if [ ! -d "${CONF}/ssl.$i" ] ; then

		# creating folders
		mkdir -p "${CONF}/ssl.$i"

	fi
done

KEY=${CONF}/ssl.key/server.key
CSR=${CONF}/ssl.csr/server.csr
CRT=${CONF}/ssl.crt/server.crt

BUILD_ROOT=$HOME
CERT_BUILD_DIR=$BUILD_ROOT/makecerts

# try to get path to openssl by searching path...
OPENSSL=`which openssl 2> /dev/null` # | /path/to/openssl
if [ -z $OPENSSL ]
then
echo -n "Please enter the path to openssl binary [/usr/local/openssl]: "
read OPENSSL
if [ ! -e $OPENSSL ] ; then
echo "Incorrect Path Please restart script and enter correct path to openssl"
exit 0
else
# only needs setting when it aint in path
export PATH=$PATH:$OPENSSL
fi
fi

if ! -d $CERT_BUILD_DIR ; then
	mkdir -p $CERT_BUILD_DIR
fi

cd $CERT_BUILD_DIR

rm -rf * 2>/dev/null

openssl genrsa 1024 > ${HOSTNAME}.key
openssl req -new -days 1092 -key ${HOSTNAME}.key -out ${HOSTNAME}.csr
openssl req -x509 -days 1092 -key ${HOSTNAME}.key -in ${HOSTNAME}.csr -out ${HOSTNAME}.crt

echo -n "Do you want to install these certs? [Y/n]"
read y

case $y in
	y|Y)
	# backup up old certs format is filename.orig.process_id
	cp ${KEY} ${KEY}.orig.$$
	cp ${CSR} ${CSR}.orig.$$
	cp ${CRT} ${CRT}.orig.$$

	cp ${HOSTNAME}.key ${KEY}
	cp ${HOSTNAME}.csr ${CSR}
	cp ${HOSTNAME}.crt ${CRT}
	;;

	*)
		echo not installed
	;;
esac