#!/bin/sh

echo "Welcome to use gencsr tools for linux/unix/mac/aix os"
echo "Author: joe@zhetao.com"
echo "Website: https://easy.zhetao.com http://www.zhetao.com"

KEY_SIZE=4096

DNS_NAMES=
CN_NAME=
SSL_CNF=

if [ -r "./openssl.cnf" ]; then
	SSL_CNF="./openssl.cnf"
elif [ -r "/etc/pki/tls/openssl.cnf" ]; then
	SSL_CNF="/etc/pki/tls/openssl.cnf"
elif [ -r "/etc/openssl.cnf" ]; then
	SSL_CNF="/etc/openssl.cnf"
elif [ -r "/etc/pki/ssl/openssl.cnf" ]; then
	SSL_CNF="/etc/pki/ssl/openssl.cnf"
elif [ -r "/etc/ssl/openssl.cnf" ]; then
	SSL_CNF="/etc/ssl/openssl.cnf"
elif [ -r "/etc/openssl/openssl.cnf" ]; then
	SSL_CNF="/etc/openssl/openssl.cnf"
elif [ -r "/usr/local/ssl/openssl.cnf" ]; then
	SSL_CNF="/usr/local/ssl/openssl.cnf"
elif [ -r "/usr/local/openssl/openssl.cnf" ]; then
	SSL_CNF="/usr/local/openssl/openssl.cnf"
elif [ -r "/usr/openssl/openssl.cnf" ]; then
	SSL_CNF="/usr/openssl/openssl.cnf"
elif [ -r "/openssl/openssl.cnf" ]; then
	SSL_CNF="/openssl/openssl.cnf"
elif [ -r "/openssl/ssl/openssl.cnf" ]; then
	SSL_CNF="/openssl/ssl/openssl.cnf"
elif [ -r "/openssl/tls/openssl.cnf" ]; then
	SSL_CNF="/openssl/tls/openssl.cnf"
elif [ -r "/usr/lib/openssl/openssl.cnf" ]; then
	SSL_CNF="/usr/lib/openssl/openssl.cnf"
elif [ -r "/usr/lib/ssl/openssl.cnf" ]; then
	SSL_CNF="/usr/lib/ssl/openssl.cnf"
else
	echo "openssl.cnf Not Found! Please copy the openssl.cnf to current directory!"
	exit 2
fi

echo "openssl.cnf found at: $SSL_CNF"

PRE_PARAM=

for i in $* ;
do
	if [ "$i" = "-keysize" ]; then
		PRE_PARAM="KS"
	elif [ "$PRE_PARAM" = "KS" ]; then
		PRE_PARAM=""
		KEY_SIZE="$i"
	elif [ "$DNS_NAMES" = "" ]; then
		DNS_NAMES="DNS:$i"
		CN_NAME="$i"
	else
		DNS_NAMES="$DNS_NAMES,DNS:$i"
	fi
done



if [ "$CN_NAME" = "" ]; then
	echo "Usage: ./gencsr [-keysize N] domainname1 domainname2 ..."
	exit 1
fi


cp -rf "$SSL_CNF" tmp.cnf


openssl genrsa -out $CN_NAME.key $KEY_SIZE

echo "[ SAN ]" >> tmp.cnf
echo "subjectAltName = $DNS_NAMES" >> tmp.cnf

openssl req -new -sha256 -key $CN_NAME.key -subj "/CN=$CN_NAME" -reqexts SAN -config tmp.cnf -out $CN_NAME.csr

openssl req -in $CN_NAME.csr -text -noout -config tmp.cnf

echo "  "
echo "$CN_NAME.key Generated(KEYSIZE: $KEY_SIZE)!"
echo "$CN_NAME.csr Generated!"

rm -rf tmp.cnf