#!/bin/sh

RST=$(tput sgr0)
RED=$(tput setaf 1)
GREEN=$(tput setaf 2)
YELLOW=$(tput setaf 3)
BOLD=$(tput bold)

set -e

usage() {
	>&2 echo "usage: $0 client_name"
	exit 1
}

echoinfo() {
	echo "${CYAN}$@${RST}"
}

echoerr() {
	echo "${RED}${BOLD}error:${RST}${RED} $@${RST}"
}

askpass() {
	prompt="$1"
	passvar="$2"

	while true; do
		echo -n "$prompt "
		read -s $passvar

		if [ ${#password} -ge 4 ]; then
			echo
			break
		else
			echoerr "Password must be at least 4 characters long."
		fi
	done
}

dir=$(CDPATH= cd -- "$(dirname -- "$0")" && pwd -P)
email="admin@example.org"
orgname="org_name"
common_name="example.org"

client_name="$1"
[ $# -lt 1 ] && usage

askpass "Enter your key password:" password
askpass "Enter your export password:" exportpassword

openssl genrsa -des3 -out $client_name.key -passout pass:$password 4096
openssl req -new -key $client_name.key -out $client_name.csr -passin pass:$password \
	-subj "/C=RU/ST=MOSCOW/L=/O=$orgname/OU=/CN=$common_name/emailAddress=$email"

echo "${YELLOW}Now you will be asked for CA private key password.${RST}"
openssl x509 -req -days 1825 -in "$client_name.csr" -CA "$dir/ca.crt" -CAkey "$dir/ca.key" -set_serial 01 -out "$client_name.crt" 

openssl pkcs12 -export -clcerts -in $client_name.crt -inkey $client_name.key -out $client_name.p12 \
	-passin pass:$password -passout pass:$exportpassword

echo "${GREEN}Done! Your certificate is saved to ${BOLD}$client_name.p12${RST}"