#!/bin/bash
#
# vhost-ssl-request
#
# Generate a certificate signing request (CSR) for a virtual host.
#

# How many bits to use for the key?
# Default: a lot.
NUM_BITS=4096

function usage() {
    echo "Usage: $0 [-b NUM_BITS] <vhost>"
    echo ''
    echo '<vhost>        Your virtual hostname, i.e. the common name on the certificate.'
    echo ''
    echo "-b NUM_BITS    Create keys of length NUM_BITS (default ${NUM_BITS})."
    echo ''
}

# Some exit codes.
EXIT_BAD_ARGS=1
EXIT_KEY_EXISTS=2
EXIT_CSR_EXISTS=3

while getopts "b:" option; do
    case $option in
	b ) NUM_BITS=$OPTARG;;
	* ) usage
	    exit $EXIT_BAD_ARGS;;
    esac
done

# Get rid of the -p option if it was passed.
shift $((OPTIND-1))

if [ $# -lt 1 ]; then
    usage
    exit $EXIT_BAD_ARGS
fi

VHOST=$1

KEYFILE=${VHOST}.key
TODAY=`date +"%Y-%m-%d"`
CSRFILE=${VHOST}-${TODAY}.csr

# Make sure the key/CSR don't already exist before we proceed.
if [ -f $KEYFILE ]; then
    echo "Key file $KEYFILE already exists. Bailing."
    exit $EXIT_KEY_EXISTS
fi

if [ -f $CSRFILE ]; then
    echo "CSR file $CSRFILE already exists. Bailing."
    exit $EXIT_CSR_EXISTS
fi

# Generate the private key.
openssl genrsa -out $KEYFILE $NUM_BITS

# The private key is private! Make it read-only.
chmod 400 $KEYFILE

# Generate the signing request.
openssl req -new -key $KEYFILE -out $CSRFILE