#!/bin/bash
# $Id: makecerts.bash 551 2024-07-19 17:12:15Z bertrand $
# Ce script permet de générer les certificats SSL pour Apache et MySQL 
# (MariaDB) à partir du fichier de certificat PFS (PKCS12) provenant 
# d'une autorité de certification
target_file=$1
if [[ -n $target_file ]]; then
	if [[ -f $target_file ]]; then
		target_folder=$(dirname ${target_file})
		if [[ -d $target_folder ]]; then
			cert_file_src=$(basename ${target_file})
			cert_file_der_cert="${cert_file_src/.pfx/.cer}"	
			cert_file_der_key="${cert_file_src/.pfx/.key}"
			cert_file_pem_cert="server-cert.pem"
			cert_file_pem_key="server-key.pem"
			echo "++ Entering '$target_folder' ++"
			cd $target_folder
			echo "++ Setting security on source file ++"
			chown root:root $cert_file_src
			chmod 600 $cert_file_src
			ls -lh $cert_file_src
			if [[ ! -f $cert_file_der_cert ]]; then
				echo "++ Generating DER cert ++"
				openssl pkcs12 -in $cert_file_src -clcerts -nokeys -out $cert_file_der_cert
			else
				echo "-- DER cert file '$cert_file_der_cert' already exists --"
			fi
			echo "++ Setting security on DER cert file ++"
			chown root:root $cert_file_der_cert
			chmod 600 $cert_file_der_cert
			ls -lh $cert_file_der_cert
			if [[ ! -f $cert_file_der_key ]]; then
				echo "++ Generating DER key ++"
				openssl pkcs12 -in $cert_file_src -nocerts -nodes -out $cert_file_der_key
			else
				echo "-- DER key file '$cert_file_der_key' already exists --"
			fi
			echo "++ Setting security on DER key file ++"
			chown root:root $cert_file_der_key
			chmod 600 $cert_file_der_key
			ls -lh $cert_file_der_key
			if [[ ! -f $cert_file_pem_cert ]]; then
				echo "++ PEM cert ++"
				openssl x509 -in $cert_file_der_cert -out $cert_file_pem_cert -outform PEM
			else
				echo "-- PEM cert file '$cert_file_pem_cert' already exists --"
			fi
			echo "++ Setting security on PEM cert file ++"
			chown root:mysql $cert_file_pem_cert
			chmod 640 $cert_file_pem_cert
			ls -lh $cert_file_pem_cert
			if [[ ! -f $cert_file_pem_key ]]; then
				echo "++ PEM key ++"
				openssl rsa -in $cert_file_der_key -out $cert_file_pem_key -outform PEM
			else
				echo "-- PEM key file '$cert_file_pem_key' already exists --"
			fi
			echo "++ Setting security on PEM cert file ++"
			chown root:mysql $cert_file_pem_key
			chmod 640 $cert_file_pem_key
			ls -lh $cert_file_pem_key
		else
			echo "Target folder '$target_folder' not found"
		fi
		cd ..
	else
		echo "Target file '$target_file' not found"
	fi
else
	echo "Usage: $0 target_file"
fi