#!/bin/sh
set -e

if [ -n "$EX4DEBUG" ]; then
	echo "now debugging $0 $@"
	set -x
fi

DIR=/etc/exim
CERT=$DIR/exim.crt
KEY=$DIR/exim.key

if ! which openssl > /dev/null ;then
	echo "$0: openssl is not installed, exiting" 1>&2
	exit 1
fi

if [ "$1" != "--force" ] && [ -f $CERT ] && [ -f $KEY ]; then
	echo "[*] $CERT and $KEY exists!"
	printf "\n    Use \"$0 --force\" to force generation!\n"
	exit 0
fi

case "$1" in
	--force) shift;;
	--help) echo "Usage: $0 -or- $0 days keysize"; exit 0;;
esac

DAYS=${1:-1095}
KEYSIZE=${2:-4096}
SSLEAY="$(mktemp)" && chmod 600 "$SSLEAY"

cat > "$SSLEAY" <<-EOF
	RANDFILE = $HOME/.rnd
	[ req ]
	default_bits = $KEYSIZE
	default_keyfile = exim.key
	distinguished_name = req_distinguished_name
	[ req_distinguished_name ]
	countryName = Country Code (2 letters)
	countryName_default = US
	countryName_min = 2
	countryName_max = 2
	stateOrProvinceName = State or Province Name (full name)
	localityName = Locality Name (eg, city)
	organizationName = Organization Name (eg, company; recommended)
	organizationName_max = 64
	organizationalUnitName = Organizational Unit Name (eg, section)
	organizationalUnitName_max = 64
	commonName = Server name (eg. ssl.domain.tld; required!!!)
	commonName_max = 64
	emailAddress = Email Address
	emailAddress_max = 40
EOF

cat <<-EOF

	[*] Generating a self signed SSL certificate for Exim:

	    Key Size  = $KEYSIZE  Validity = $DAYS days
	    Key File  = $KEY
	    Cert File = $CERT

EOF
read -p 'Continue [ Y/n ] ? : ' ans

case "$ans" in
	n*|N*)	exit 0;;
	*)	printf "\n    Please enter the hostname of your MTA at the Common Name (CN) prompt:\n"
		openssl req -config "$SSLEAY" -x509 -newkey rsa:$KEYSIZE -keyout $KEY -out $CERT -days $DAYS -nodes
		rm -f "$SSLEAY"

		chown root:exim $KEY $CERT $DH
		chmod 640 $KEY $CERT $DH

		printf "\n[*] Done generating self signed certificates for exim!"
		;;
esac