#!/bin/bash

path="$( cd "$(dirname "$0")" ; pwd -P )"

#############
# variables
acme_dir=/var/www/.well-known/acme-challenge/
opt_folder=$path/opt
le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem
account_key=$opt_folder/account.key
acme_tiny=$opt_folder/acme_tiny.py
openssl_conf=$opt_folder/openssl.conf


#############
# script

# check if needed files are provided
if [ $# -eq 0 ]; then
  echo "No arguments provided."
  echo "Usage: $0 [folder]"
  exit 1
fi

if [ ! -d $acme_dir ]; then
  echo "acme directory ($acme_dir) doesn't exists!"
  exit 1
fi

if [ ! -f $account_key ]; then
  echo "Account Key doesn't exists!" 
  exit 1
fi

if [ ! -f $acme_tiny ]; then
  echo "Python script acme_tiny.py is missing"
  exit 1
fi

if [ ! -f $le_cert ]; then
  echo "LetsEncrypt cert doesn't exists!" 
  echo "Downloading root cert..."
  wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert
fi

# check if python is installed
command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed.  Aborting."; exit 1; }

counter=0

for arg in "$@"
do
  arg=$path/$arg

  if [ ! -d $arg ]; then
    echo "Folder $arg doesn't exists!"
    continue
  fi

  if [ ! -f $arg/domain.conf ]; then
    echo "Configuration file doen't exists!"
    continue
  fi

  # load configuration variables
  source $arg/domain.conf


  # check domain.conf variables
  if [ -z "$NAME" ]; then
    echo "No name given for domain \"$arg\"".
    continue
  fi

  if [ ${#DOMAINS[@]} -eq 0 ]; then
    echo "No domains given for \"$name\"."
    continue
  fi


  # domain key 
  key=$arg/$NAME.key

  if [ ! -f $key ]; then
    echo "Domain key doesn't exists."
    echo "Generating..."
    openssl genrsa 4096 > $key
  fi 

  # domain csr
  csr=$arg/$NAME.csr

  if [ ! -f $csr ]; then
    echo "Domain csr file doesn't exists."
    echo "Generating..."
    if [ ${#DOMAINS[@]} -eq 1 ]; then
      # single domain
      openssl req -new -sha256 -key $key -subj "/CN=$DOMAINS" > $csr
    else
      # multi domain
      # expand domain array with ",DNS:"
      if [ ! -f $opensll_conf ]; then
        echo "Error: openssl.conf file is missing."
	exit 1
      fi
      read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
      san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
      echo "san_string: $san_string"
      openssl req -new -sha256 -key $key -subj "/" -reqexts SAN -config <(cat $openssl_conf <(printf "$san_string")) > $csr
    fi
  fi

  if [ $? != 0 ]; then
    echo "Creating csr/key files FAILED for \"$NAME\"!"
    continue
  fi

  # get certificate
  python $path/$acme_tiny --account-key $account_key --csr $csr --acme-dir $acme_dir > $path/$arg/tmp.crt

  if [ $? != 0 ]; then
    rm -rf $arg/tmp.crt
    echo "Getting certificate for \"$NAME\" FAILED!"
    continue
  fi

  mv -f $arg/tmp.crt $path/$arg/$NAME.crt

  # append letsencrypt cert
  cat $arg/$NAME.crt $le_cert > $arg/$NAME.pem

  echo "Certificate for \"$name\" successfully created!"
  counter=$((counter+1))

done

echo "$counter new certificates created!"