#!/bin/bash

KEYPAIRDIR=/etc/nginx/intigua-sslcert
S3_SRC_ETC=/etc/intigua/nginx_crt_s3_source
KEYFN=intigua.key
CRTFN=intigua.crt
HN=intigua-server
SUBJECT="/O=Intigua Inc./CN=$HN"

function generate() {
	logger -i -p syslog.info "Intigua nginx key is not present, generating..."	
	T=`mktemp -d "${TMPDIR:-/tmp}"/foo.XXXX`
	openssl req -x509 -batch -nodes -days 3652 -newkey rsa:2048 -keyout "$T/$KEYFN" -out "$T/$CRTFN" -subj "$SUBJECT" && \
	chmod 400 $T/$KEYFN && \
	mkdir -p "$KEYPAIRDIR" && \
	mv -f "$T/$KEYFN" "$T/$CRTFN" "$KEYPAIRDIR/" && \
	logger -i -p syslog.info "Intigua nginx key generated!"
	rm -Rf $T
}

function get_from_s3() {
	local src=$1
	local bucket_url=$(awk -F "=" '/bucket_url/ {print $2}' $src)
	local region=$(awk -F "=" '/region/ {print $2}' $src)
	logger -i -p syslog.info "Intigua nginx key is not present, loading from s3 ${region} ${bucket_url}..."
	aws --region "$region" s3 cp "${bucket_url}intigua.crt" "$KEYPAIRDIR/intigua.crt" && chmod 0644 "$KEYPAIRDIR/intigua.crt"
	aws --region "$region" s3 cp "${bucket_url}intigua.key" "$KEYPAIRDIR/intigua.key" && chmod 0400 "$KEYPAIRDIR/intigua.key"
}

if [ ! -f "$KEYPAIRDIR/$KEYFN" ]; then
	if [ -f "$S3_SRC_ETC" ]; then
		get_from_s3 "$S3_SRC_ETC"
	else
		generate
	fi
fi


