#!/bin/bash

_retval=

name_arg=
email_arg=
if [ $# -ne 2 ] ; then
    echo "You need to pass exactly two parameters in the following order: the full name, between double quotes, and the email address"
    exit 1
else
    name_arg="$1"
    email_arg="$2"
fi

easy_rsa_base_dir={{ easy_rsa_pki_basedir }}
easy_rsa_issued_dir="${easy_rsa_base_dir}/pki/issued"
easy_rsa_keys_dir="${easy_rsa_base_dir}/pki/private"
easy_rsa_reqs_dir="${easy_rsa_base_dir}/pki/reqs"
easy_vars_file="${easy_rsa_base_dir}/vars"
if [ -f "${easy_vars_file}.tmpl" ] ; then
    echo "There's a template file ${easy_vars_file}.tmpl present. Check that nothing wrong happened, then remove it before proceeding."
    exit 1
fi

if [ -f "${easy_rsa_issued_dir}/${name_arg}.crt" ] ; then
    echo ""
    echo "A certificate already exists"
    echo "If you want to renew it, then use the command renew-personal-certificate"
    echo ""
    exit 1
fi

echo ""
echo "Starting the creation of a client host certificate."
echo "Remember that you need to supply a passphrase for the private key."
echo ""

sleep 5

cd "$easy_rsa_base_dir"
cp -f "$easy_vars_file" "${easy_vars_file}.tmpl"
sed -i -e "s/{{ easy_rsa_req_email }}/$email_arg/g" "$easy_vars_file"
./easyrsa build-client-full "$name_arg"
mv -f "${easy_vars_file}.tmpl" "$easy_vars_file"

retval=$?

if [ $retval -eq 0 ] ; then
    echo ""
    echo "Done."
    echo "The certificate file is ${easy_rsa_issued_dir}/${name_arg}.crt"
    echo "The private key file is ${easy_rsa_keys_dir}/${name_arg}.key"
    echo ""
else
    echo ""
    echo "Something went wrong, the certificate creation failed"
    echo ""
fi

exit 0