#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.

PROPS_FILE="$1"
KS_FILE="$2.new"
KS_PASS="$3"
KS_VALIDITY="$4"
CSR_FILE="$5"

ALIAS="cloud"

# Re-use existing password or use the one provided
if [ -f "$PROPS_FILE" ]; then
    OLD_PASS=$(sed -n '/keystore.passphrase/p' "$PROPS_FILE" 2>/dev/null  | sed 's/keystore.passphrase=//g' 2>/dev/null)
    if [ ! -z "${OLD_PASS// }" ]; then
        KS_PASS="$OLD_PASS"
    else
        sed -i "/keystore.passphrase.*/d" $PROPS_FILE 2> /dev/null || true
        echo "keystore.passphrase=$KS_PASS" >> $PROPS_FILE
    fi
fi

# Generate keystore
rm -f "$KS_FILE"
CN=$(hostname --fqdn)
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE"

# Generate CSR
rm -f "$CSR_FILE"
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE"
cat "$CSR_FILE"

# Fix file permissions
chmod 600 $KS_FILE
chmod 600 $PROPS_FILE
chmod 600 $CSR_FILE