#!/bin/sh

set -e

generate_default_certificate() {
  local CRT_LIST_PATH=/etc/haproxy/ssl/crt-list.txt
  local DEFAULT_CRT_KEY_PATH=/tmp/default_key.pem
  local DEFAULT_CRT_CA_PATH=/tmp/default_ca.pem
  local DEFAULT_CRT_CERT_PATH=/etc/haproxy/ssl/default-cert.pem

  if [[ ! -f ${DEFAULT_CRT_CERT_PATH} ]]; then
    openssl req -x509 -newkey rsa:2048 -keyout ${DEFAULT_CRT_KEY_PATH} -out ${DEFAULT_CRT_CA_PATH} -days 90 -nodes -subj '/CN=*/O=Temp SSL Cert/C=US'
    cat ${DEFAULT_CRT_KEY_PATH} ${DEFAULT_CRT_CA_PATH} > ${DEFAULT_CRT_CERT_PATH}
    rm ${DEFAULT_CRT_KEY_PATH} ${DEFAULT_CRT_CA_PATH}
    echo "Default certification is generated in ${DEFAULT_CRT_CERT_PATH}"
  fi

  mkdir -p /etc/haproxy/ssl

  if [[ ! -f ${CRT_LIST_PATH} ]]; then
    touch ${CRT_LIST_PATH}

    echo -e "$DEFAULT_CRT_CERT_PATH www.example.com" > ${CRT_LIST_PATH}

    echo "Certification list file is generated in ${CRT_LIST_PATH}"
  fi
}

generate_default_certificate