#!/bin/bash
#############################################################
# Script name: create-CA.sh
# Author: Gilles Mouchet (gilles.mouchet@gmail.com
# Version: 1.0.0
# Description: Script to create a own CA
# License: GNU GPL v3
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Changelog
# [1.0.0] - 2026-04-19
# Added:
#   - CA creation  
# Project initialization:
#   - initialization by gilles.mouchet@gmail.com
#
############################################################

version=1.0.0

############################################################
# FUNCTIONS
############################################################
#-----------------------------------------------------------
# display usage
usage() {
    cat << EOF
Usage: ./$(basename "$0") -n <commonName>
Template script
Options:
    -n, --cn <cn>  - CA common name [mandatory]
    -h, --help              - show this help
    -v, --version           - show script version
 
Examples:
    Create CA called "GMOLab CA"
        ./$(basename "$0") -n "GMOLab CA"
EOF
}

#-----------------------------------------------------------
############################################################
# MAIN
############################################################

main(){
    SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
    ROOT_DIR="$(dirname "$SCRIPT_DIR")"
    
# read library
    source "$ROOT_DIR/lib/stdlib.sh"
    
# check if param exist
    if [ -z "$1" ]; then
        usage
        exit 1
    fi
    
# init config
    init_default 
    init_env
    
# set color
    set_color
    
# check if script is runnibf with sudo
    check_sudo
    
    # read cli parameters
    while [[ "$#" -gt 0 ]]; do
        case "$1" in
            -n|--commonname)
                # check if param $2 exist
                if [ -z "$2" ]; then
                    echo -e "\n${RED}Error: Argument missing for option -n or --name${NC}\n"
                    usage
                    exit 1
                else
                   COMMON_NAME="$2"
                fi
                shift 2
            ;;    
            version|-v|--version)
                cat << EOF       
$(basename "$0") $version Copyright (C) 2003 - $(date +%Y) Gilles Mouchet
EOF
                exit
            ;;
            *|-h|--help)
                usage
                exit
            ;;
       esac
    done
    
    
      # clean variable commonName
    CA_NAME=$(clean_string "${COMMON_NAME}")
    # summary
     
    printf "
${CYAN}Summary
----------------------------------------------------------------------------${NC}
CA private file name (key): ${GREEN}%s.key${NC}
CA public file name (crt): ${GREEN}%s.crt${NC}
 
${CYAN}Informations${NC}
Country name: ${ORANGE}%s${NC}
State or province name: ${ORANGE}%s${NC}
Locality name: ${ORANGE}%s${NC}
Organization name: ${ORANGE}%s${NC}
Organizational unit name: ${ORANGE}%s${NC}
Common name: ${ORANGE}%s${NC}
Email address: ${ORANGE}%s${NC}
 
${RED}IMPORTANT${NC}
You will be asked for a password. Choose a ${RED}STRONG PASSWORD${NC}
and KEEP IT SECURE.

You will be asked for it when creating certificates.

For automation, save the password in /root/.cred (KEY_CA_PASS=password).

" "${KEY_CA_PATH}/${CA_NAME}" "${CRT_CA_PATH}/${CA_NAME}"  \
  "$COUNTRY_NAME" "$STATE_OR_PROVINCE_NAME" "$LOCALITY_NAME" \
  "$ORGANIZATION_NAME" "$ORGANIZATIONAL_UNIT_NAME" "$COMMON_NAME" "$EMAIL_ADDRESS"
     
    yes_no "Is it ok"

# check if CA files exist
    if [ -f "$KEY_CA_PATH/$CA_NAME.key" ]; then
        msg_warn "\n$KEY_CA_PATH/$CA_NAME.key already exists!\n"
        yes_no "Are you sure you want to delete it"
    fi
     
# config ca-conf file
    sed -e "s|%COUNTRY_NAME%|$COUNTRY_NAME|" \
        -e "s|%STATE_OF_PROVINCE_NAME%|$STATE_OR_PROVINCE_NAME|" \
        -e "s|%LOCALITY_NAME%|$LOCALITY_NAME|" \
        -e "s|%ORGANIZITION_NAME%|$ORGANIZATION_NAME|" \
        -e "s|%ORGANiZATION_UNIT_NAME%|$ORGANIZATIONAL_UNIT_NAME|" \
        -e "s|%COMMON_NAME%|$COMMON_NAM|" \
        -e "s|%EMAIL_ADDRESS%|$EMAIL_ADDRESS|" < $ROOT_DIR/config/ca-config.tmpl > $ROOT_DIR/config/ca-config
     
# create ca
    openssl req -new -x509 -extensions v3_ca -days 1825 -newkey rsa:4096 \
            -keyout ${KEY_CA_PATH}/${CA_NAME}.key \
            -out ${CRT_CA_PATH}/${CA_NAME}.crt \
            -config $ROOT_DIR/config/ca-config \
            -batch > /dev/null 2>&1
    
    if [ "$?" == "0" ]; then
        echo -e "${RED}!! Keep your password safe !! ${NC}"
        echo -e "${GREEN}CA created successfully ${NC}"
        echo -e "Install ${ORANGE}${CRT_CA_PATH}/${CA_NAME}.crt${NC} in you browser."
    else
       echo -e "${RED}An error occured (rc: $?)${NC}"
    fi
}
main "$@"