#!/bin/bash

path="$( cd "$(dirname "$0")" ; pwd -P )"

#############
# variables
acme_dir=/srv/certs/acme-challenge/.well-known/acme-challenge
opt_folder=$path/opt
le_cert=$opt_folder/lets-encrypt-x3-cross-signed.pem
account_key=$opt_folder/account.key
acme_tiny=$opt_folder/acme_tiny.py
openssl_conf=$opt_folder/openssl.conf


#############
# script


# check if needed files are provided
if [ $# -eq 0 ]; then
  echo "No arguments provided."
  echo "Usage: $0 [folder]"
  exit 1
fi

if [ ! -d "$acme_dir" ]; then
  echo "acme directory ($acme_dir) doesn't exists!"
  exit 1
fi

if [ ! -f "$account_key" ]; then
  echo "Account Key doesn't exists!" 
  exit 1
fi

if [ ! -f "$acme_tiny" ]; then
  echo "Python script acme_tiny.py is missing"
  exit 1
fi

if [ ! -f "$le_cert" ]; then
  echo "LetsEncrypt cert doesn't exists!" 
  echo "Downloading root cert..."
  wget -O - https://letsencrypt.org/certs/lets-encrypt-x3-cross-signed.pem > $le_cert
fi

acme_dir=${acme_dir%/}
opt_folder=${opt_folder%/}

# check if python is installed
command -v python >/dev/null 2>&1 || { echo >&2 "I require python but it's not installed.  Aborting."; exit 1; }

counter=0

for arg in "$@"
do
  arg="$path/${arg%/}"

  if [ ! -d "$arg" ]; then
    echo "Folder $arg doesn't exists!"
    continue
  fi

  if [ ! -f "$arg/domain.conf" ]; then
    echo "Configuration file doen't exists!"
    continue
  fi

  # load configuration variables
  source "$arg/domain.conf"


  # check domain.conf variables
  if [ -z "$NAME" ]; then
    echo "No name given for domain \"$arg\"".
    continue
  fi

  if [ ${#DOMAINS[@]} -eq 0 ]; then
    echo "No domains given for \"$name\"."
    continue
  fi


  # domain key 
  key="$arg/$NAME.key"

  if [ ! -f "$key" ]; then
    echo "Domain key doesn't exists. Generating..."
    openssl genrsa 4096 > "$key"
  fi 

  # domain csr
  csr="$arg/$NAME.csr"

  if [ ! -f "$csr" ]; then
    echo "Domain csr file doesn't exists. Generating..."
    if [ ${#DOMAINS[@]} -eq 1 ]; then
      # single domain
      openssl req -new -sha256 -key "$key" -subj "/CN=$DOMAINS" > "$csr"
    else
      # multi domain
      # expand domain array with ",DNS:"
      read -r DOMAINS < <( printf "%s,DNS:" "${DOMAINS[@]:0:$((${#DOMAINS[@]} - 1))}"; echo "${DOMAINS[@]: -1}"; )
      san_string="[SAN]\nsubjectAltName=DNS:$DOMAINS"
      openssl req -new -sha256 -key "$key" -subj "/" -reqexts SAN -config <(cat "$openssl_conf" <(printf "$san_string")) > "$csr"
    fi
  fi

  if [ $? != 0 ]; then
    echo "Creating csr/key files FAILED for \"$NAME\"!"
    continue
  fi

  # get certificate
  python "$path/$acme_tiny" --account-key "$account_key" --csr "$csr" --acme-dir "$acme_dir" > "$arg/tmp.crt"

  if [ $? != 0 ]; then
    rm -rf $arg/tmp.crt
    echo "Getting certificate for \"$NAME\" FAILED!"
    continue
  fi

  mv -f "$arg/tmp.crt" "$path/$arg/$NAME.crt"

  # append letsencrypt cert
  cat "$arg/$NAME.crt" "$le_cert" > "$arg/$NAME.pem"

  echo "Certificate for \"$name\" successfully created!"
  counter=$((counter+1))

done

echo "$counter new certificates created!"