#!/usr/bin/bash
# Usage: request_cert.sh <filename.json>
# Sample JSON:
# {
#                  "common_name": "",
#                  "alt_names": "",
#                  "ip_sans": "212.12.255.3,212.12.255.4,213.12.255.3,213.12.255.4",
#                  "ttl": "180d"

# }
#
# Simple Usage: request_cert.sh -s <fqdn>
#

set -eu

if [ -z "${VAULT_TOKEN-}" ]; then
   read -p USER: LDAPUSER
   read -s -p PASSWORD: LPDAPASSWD
   VAULT_TOKEN=$( curl -s -X POST -H "Content-Type: application/json" -d "{ \"password\": \"$LPDAPASSWD\"}" https://vault.dings:8200/v1/auth/ldap/login/$LDAPUSER | jq -r ".auth.client_token" )
   echo $VAULT_TOKEN
fi


if [ -z "${1-}" ]; then
   echo "USAGE: $0 -s <fqdn>|<filename>"
   exit 1
fi

if [ "$1" == "-s" ]; then
   CN=$2
   DATA=$( curl -s --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data "{ \"common_name\": \"$CN\", \"ttl\": \"90d\" }" https://vault.dings:8200/v1/pki_rz_q-ca_2021aa/issue/rz-drv  )
else
   CN=$( cat $1 | jq -r ".common_name" )
   DATA=$( curl -s --header "X-Vault-Token: $VAULT_TOKEN" --request POST --data @$1 https://vault.dings:8200/v1/pki_rz_q-ca_2021aa/issue/rz-drv  )
fi

[ -d $CN ] && rm -r $CN
mkdir $CN || exit 1

echo $DATA > $CN/$CN.json
echo $DATA | jq -r '.data.certificate' > $CN/$CN.cer
echo $DATA | jq -r '.data.private_key' > $CN/$CN.key
echo $DATA | jq -r '.data.ca_chain|join("\n")' > $CN/$CN.ca_chain
cat $CN/$CN.cer $CN/$CN.ca_chain > $CN/$CN.cer_with_ca_chain