#! /bin/bash

set -e

# check if FQDN was passed as arguement in setup.sh
if [[ -z ${1} ]]
then
  FQDN="$(hostname --fqdn)"
else
  FQDN="${1}"
fi

SSL_CFG_PATH="/tmp/docker-mailserver/ssl"

if [[ ! -d ${SSL_CFG_PATH} ]]
then
  mkdir --parents "${SSL_CFG_PATH}"
fi

cd "${SSL_CFG_PATH}" || { echo "cd ${SSL_CFG_PATH} error" ; exit ; }

# Create CA certificate
/usr/lib/ssl/misc/CA.pl -newca

# Create an unpassworded private key and create an unsigned public key certificate
openssl req -new -nodes -keyout "${SSL_CFG_PATH}"/"${FQDN}"-key.pem -out "${SSL_CFG_PATH}"/"${FQDN}"-req.pem -days 3652

# Sign the public key certificate with CA certificate
openssl ca -out "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem -infiles "${SSL_CFG_PATH}"/"${FQDN}"-req.pem

# Combine certificates for courier
cat "${SSL_CFG_PATH}"/"${FQDN}"-key.pem "${SSL_CFG_PATH}"/"${FQDN}"-cert.pem > "${SSL_CFG_PATH}"/"${FQDN}"-combined.pem