#!/bin/bash
# = Parabola Social
# Generates a self-signed certificate and installs it.
# From: http://www.akadia.com/services/ssh_test_certificate.html

# This script is released in the Public Domain.

# Exit status:
# 0 - Everything OK
# 1 - Private key generation failed
# 2 - CSR generation failed
# 3 - Copying the encrypted key failed
# 4 - Private key decryption failed
# 5 - CSR signing failed
# 6 - Linking local key failed
# 7 - Linking local certificate failed

# Standard Arch's SSL directories
ssl_dir=/etc/ssl
ssl_key_dir=${ssl_dir}/private
ssl_crt_dir=${ssl_dir}/certs

# Hostname should be already set
hostname=`hostname` 

echo ":: Generating a private key.
    The generated file *must not be shared* with anyone. It's private."
openssl genrsa -des3 \
               -out ${ssl_dir}/${hostname}.key 1024 || exit 1

echo ":: Generating a Certificate Signing Request.
    This can be signed by you or by a Certificate Authority."
openssl req -new \
            -key ${ssl_dir}/${hostname}.key \
            -out ${ssl_dir}/${hostname}.csr || exit 2

cp ${ssl_dir}/${hostname}.key{,.encrypted} || exit 3

echo ":: Decrypting the private key..."
openssl rsa -in ${ssl_dir}/${hostname}.key.encrypted \
            -out ${ssl_key_dir}/${hostname}.key || exit 4

echo ":: Signing the Certificate Signing Request.
    This step will generate your self-signed certificate to use on secure connections."
openssl x509 -req \
             -days 365 \
             -in ${ssl_dir}/${hostname}.csr \
             -signkey ${ssl_key_dir}/${hostname}.key \
             -out ${ssl_crt_dir}/${hostname}.crt || exit 5

echo ":: Installing private key and certificate into local directories."
ln -s ${ssl_key_dir}/${hostname}.key ${ssl_key_dir}/local.key || exit 6
ln -s ${ssl_crt_dir}/${hostname}.crt ${ssl_crt_dir}/local.crt || exit 7

exit 0