#!/bin/sh
#
# Initialize SSL certificate
#

SSL=/usr/bin/openssl
SSLCONF=/etc/ssl/openssl.cnf
SSLCONFTMPL=/etc/ssl/openssl.cnf.tmpl
SSLCONFOPT=/mnt/conf/ssl/ssl.opt
SSLCERT=/mnt/conf/ssl/cacert.pem

SETMOD=chmod
PERM=0600
DAYS=365

NTPSERV="192.168.10.1"
NTPCLI=/home/ntpclient

settime () {
    export TZ=UTC 
    [ -e $NTPCLI ] && $NTPCLI -s -c 1 -h $NTPSERV -i 10
}

newreq () {
    settime ;
    $SSL req -new -x509 -keyout $SSLCERT -out $SSLCERT \
    -config $SSLCONF -days $DAYS -nodes -batch
}

setperm () {
    $SETMOD $PERM $SSLCERT
}

set -e

test -f $SSL || exit 0

SSLCNFDIR=${SSLCERT%%ca*}
if [ ! -e $SSLCNFDIR ]; then
    mkdir $SSLCNFDIR
fi

# Default conf options
if [ ! -e $SSLCONFOPT ]; then
    DCOUNTRYNAME="TW"
    DSTATENAME="Taipei"
    DLOCTNAME="Taipei"
    DORGNAME="SeenergyCorp."
    DCOMMONNAME="seenergy.com.tw"
    DEMAILID="svr@seenergy.com.tw"
    echo countryName $DCOUNTRYNAME > $SSLCONFOPT
    echo stateName $DSTATENAME >> $SSLCONFOPT
    echo localityName $DLOCTNAME >> $SSLCONFOPT
    echo organizationName $DORGNAME >> $SSLCONFOPT
    echo commonName $DCOMMONNAME >> $SSLCONFOPT
    echo emailAddress $DEMAILID >> $SSLCONFOPT
fi

cfgval() {
  sed -n "s/^$1 \\(.*\\)/\\1/p" $SSLCONFOPT
}

if [ ! -e $SSLCERT ]; then
    COUNTRYNAME=`cfgval countryName`;
    STATENAME=`cfgval stateName`;
    LOCTNAME=`cfgval localityName`;
    ORGNAME=`cfgval organizationName`;
    COMMONNAME=`cfgval commonName`;
    EMAILID=`cfgval emailAddress`;

    sed 's/\$COUNTRYNAME\$/'$COUNTRYNAME'/;s/\$STATENAME\$/'$STATENAME'/;\
    s/\$LOCTNAME\$/'$LOCTNAME'/;s/\$ORGNAME\$/'$ORGNAME'/;\
    s/\$COMMONNAME\$/'$COMMONNAME'/;s/\$EMAILID\$/'$EMAILID'/' $SSLCONFTMPL > $SSLCONF

    newreq ;
    setperm ;
fi


