#!/bin/sh

#
# Make a certificate/private key pair using a locally generated
# root certificate.
#

if test $# -ne 2; then
        echo "usage: build-key <network_name> <client_name>";
        exit 1
fi

network_name=$1
client_name=$2

export D=/etc/openvpn
export KEY_CONFIG=$D/openssl.cnf
export KEY_DIR=$D/${network_name}
export KEY_NAME="${client_name}"
. ${KEY_DIR}/key_defaults

if test $KEY_DIR; then
        cd $KEY_DIR && \
        openssl req -days 3650 -nodes -new -keyout ${client_name}.key -out ${client_name}.csr -config $KEY_CONFIG -batch && \
        openssl ca -days 3650 -out ${client_name}.crt -in ${client_name}.csr -config $KEY_CONFIG -batch && \
        chmod 0600 ${client_name}.key

        machine_key_dir="$KEY_DIR/${client_name}"
        mkdir "$machine_key_dir"
        ln "$KEY_DIR/${client_name}.key" "$machine_key_dir/client.key"
        ln "$KEY_DIR/${client_name}.crt" "$machine_key_dir/client.crt"
        ln "$KEY_DIR/ca.crt" "$machine_key_dir/ca.crt"
        ln "$KEY_DIR/client.conf" "$machine_key_dir/${network_name}.conf"
        ln "$KEY_DIR/client.ovpn" "$machine_key_dir/${network_name}.ovpn"
else
        echo you must define KEY_DIR
fi