#!/usr/bin/env sh

# This script generates an openSSL key pair which can be used to expose a
# Docker API over the internet.


# Defaults
days=365


# Displays how to use the program
function usage() {
    echo "This script generates OpenSSL certificate pairs which can be used to expose a Docker API."
    echo
    echo "Usage: $0 [-h] [-d DAYS] HOST IP"
    exit 1
}


while getopts ':hd:' c; do
    case $c in
        h ) usage ;;
        d ) days="$OPTARG" ;;
    esac
done
shift $((OPTIND - 1))

# Check for correct amount of arguments
[ $# -eq 2 ] || usage


# Generate CA key
openssl genrsa -aes256 -out ca-key.pem 4096
openssl req -new -x509 -days "$DAYS" -key ca-key.pem -sha256 -out ca.pem

# Generate server key
openssl genrsa -out server-key.pem 4096
openssl req -subj "/CN=$HOST" -sha256 -new -key server-key.pem -out server.csr

# Create extfile.cnf

echo subjectAltName = "DNS:$HOST,IP:$IP,IP:127.0.0.1" > extfile.cnf
echo extendedKeyUsage = serverAuth >> extfile.cnf