#!/bin/bash

source bin/helper.sh

WORKDIR=$(dirname "$0")
LOCAL_DOMAIN=$1
SSL_CONFIG=$(mktemp)
CERT="${WORKDIR}/s04tls.crt"
KEY="${WORKDIR}/s04tls.key"


if [[ ! -f ${CERT} ]]; then
        (
            echo "[req]"; \
            echo "distinguished_name=req"; \
            echo "req_extensions=san"; \
            echo "[san]"; \
            echo "subjectAltName=DNS:s04.${LOCAL_DOMAIN}"
        ) > ${SSL_CONFIG}

        openssl req -new -newkey rsa:4096 -x509 -sha256 -days 365 -nodes \
        -subj "/C=RU/ST=SPB/L=St.Petersburg/O=TrueCloudLab/OU=TrueCloudLab/CN=s04.${LOCAL_DOMAIN}" \
        -keyout "${KEY}" -out "${CERT}" -extensions san -config "${SSL_CONFIG}" &> /dev/null || {
            die "Failed to generate SSL certificate for s04"
        }
fi