#!/bin/bash
#
# Create CA Intermediate
# 
# 
# This function will generate a CA Intermediate
# IN: UNIQ_ID_CA, SERIAL
#
PARAM1=$1
PARAM2=$2

usage() {
  echo
  echo "Generate a new certificate"
  echo
  echo "This program will generate a new certificate authority intermediate"
  echo "Requires the file ca-i.pem that is used to sign the certificates"
  echo "The script requires a CA Intermediate certificate used to sign the client"
  echo ""
  echo ""
  echo ""
  echo
  echo "Generate a new certificate"
  echo "  usage:   gen_server.sh  <CA Intermediate> <Org URL> <Serial>"
  echo
  echo "  example: gen_server.sh  ca_i_skunkworks.acme.xyz_10001.crt.pem \\"
  echo "                          skunkworks.acme.xyz \\"
  echo "                          10052 \\"
  echo
  exit 1
}

#
# Generate a Server Certificate
# IN: ${SERIAL}, ${UNIQ_ID}
#
generate_server() {
  openssl genrsa -out "server_${UNIQ_ID}.keys.pem" 4096

  openssl req -new -config $FQ_S_CNF -key "server_${UNIQ_ID}.keys.pem" \
              -subj "/C=OO/O=ACME/OU=ACME Standard/CN=${UNIQ_ID}" \
              -out "server_${UNIQ_ID}.csr.pem"

  # Intermediate signs Server
  openssl x509 -req -days 365 -extfile $FQ_S_CNF -extensions v3_server \
               -CA "ca_i_${UNIQ_ID_CA}.crt.pem" -CAkey "ca_i_${UNIQ_ID_CA}.keys.pem" -set_serial ${SERIAL} \
               -in "server_${UNIQ_ID}.csr.pem" -out "server_${UNIQ_ID}.crt.pem"

  # verify certificate (output to text file for review)
  openssl x509 -noout -text -in "server_${UNIQ_ID}.crt.pem" > "server_${UNIQ_ID}.crt.info.txt" 
}

# if all argument strings are empty, then continue execution
if [[ -n $1 ]] && [[ -n $2 ]] && [[ -n $3 ]]; then
	UNIQ_ID_CA=$1
	ORG_URL=$2
	SERIAL=$3
	UNIQ_ID="${ORG_URL}_${SERIAL}"
	generate_server
else
 usage
fi