#!/bin/bash
#-----------------------------------------------------------------------------------------------------------------------------------
#
# Rx3 Cert Dump
#
# Copyright (C) 2025-2026 Arnaud G. GIBERT
# mailto:arnaud@rx3.net
#
# This is free software: you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published
# by the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this program; If not, see
# <https://www.gnu.org/licenses/>.
#
#-----------------------------------------------------------------------------------------------------------------------------------



#-----------------------------------------------------------------------------------------------------------------------------------
# Includes
#-----------------------------------------------------------------------------------------------------------------------------------

: "${RX3_LIB_DIR:=/usr/lib/rx3}"
. "${RX3_LIB_DIR}/base.bash"



#-----------------------------------------------------------------------------------------------------------------------------------
# Global Variables
#-----------------------------------------------------------------------------------------------------------------------------------

declare -g   VERSION="1.2.0"
declare -g      NAME="cert_dump"
declare -g      HELP="usage: [-h | --help] | [-V | --version] | [-v | --verbose] {ca|tc|key|csr|crt} [host]"

declare -g        MODE="DEFAULT"
declare -g     VERBOSE="FALSE"
declare -g     DRY_RUN="FALSE"
declare -g      RETVAL=0

declare -g       DEBUG=""
#declare -g       DEBUG="echo"
#declare -g       DEBUG=":"

declare -g         LOG=""
#declare -g         LOG=":"
#declare -g         LOG="echo"

declare -g OPENVPN_DIR="/etc/openvpn"
declare -g        TYPE=""
declare -g        HOST=""





#-----------------------------------------------------------------------------------------------------------------------------------
# Version Print
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_version_print()
{
    version_print
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Help Print
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_help_print()
{
    cdu_version_print
    help_print
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Arg Parse
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_args_parse()
{
    tmp_args=$(getopt -o hvV --long help,verbose,version -n "${NAME}" -- "$@")

    if [ $? != 0 ]; then echo "Terminating..." >&2; exit 1; fi

    eval set -- "${tmp_args}"

    while true
    do
        case "$1" in
            # Options
            -h|--help)        MODE="EXIT"; cdu_help_print;    shift;;
            -V|--version)     MODE="EXIT"; cdu_version_print; shift;;
            -v|--verbose)  VERBOSE="TRUE";                    shift;;

            # End of options
            --)                                               shift;  break;;
            *) echo "args_parse internal error [$1]!";                exit 1;;
        esac
    done

    if [[ "${MODE}" != "EXIT" ]]
    then
        if [[ "${#}" -lt "1" ]]
        then
            MODE="EXIT"

            echo_error "Not enough args!"
            cdu_help_print
        else
            case "$1" in
                "ca"|"tc")
                    MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
                ;;

                "key"|"csr"|"crt")
                    if [[ "${#}" -lt "2" ]]
                    then
                        MODE="EXIT"

                        echo_error "Missing host argument for type: [$1]"
                        cdu_help_print
                    else
                        MODE="$(echo "$1" | tr '[:lower:]' '[:upper:]')"
                        HOST="$2"
                    fi
                ;;

                *)
                    MODE="EXIT"

                    echo_error "Invalid type: [$1]"
                    cdu_help_print
                ;;
            esac
        fi
    fi
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Ca
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_cert_dump_ca()
{
    cat "${OPENVPN_DIR}/tls/certs/ca.crt"
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Tc
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_cert_dump_tc()
{
    cat "${OPENVPN_DIR}/tls/private/tc.key"
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Key
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_cert_dump_key()
{
    local host="$1"

    cat "${OPENVPN_DIR}/tls/private/${host}.key"
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Csr
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_cert_dump_csr()
{
    local host="$1"

    cat "${OPENVPN_DIR}/tls/certs/${host}.csr"
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Cert Dump Crt
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_cert_dump_crt()
{
    local host="$1"

    cat "${OPENVPN_DIR}/tls/certs/${host}.crt"
}





#-----------------------------------------------------------------------------------------------------------------------------------
# Main
#-----------------------------------------------------------------------------------------------------------------------------------

cdu_args_parse "$@"



if [[ "${MODE}" == "EXIT" ]]
then
    exit 0
fi



case "${MODE}" in
    "CA")
        cdu_cert_dump_ca
    ;;

    "TC")
        cdu_cert_dump_tc
    ;;

    "KEY")
        cdu_cert_dump_key "${HOST}"
    ;;

    "CSR")
        cdu_cert_dump_csr "${HOST}"
    ;;

    "CRT")
        cdu_cert_dump_crt "${HOST}"
    ;;

    *)
        cdu_help_print        
        RETVAL=1
    ;;
esac



exit ${RETVAL}