#!/bin/bash
#
# Copyright 2018 Amazon.com, Inc. or its affiliates. All Rights Reserved.
# SPDX-License-Identifier: MIT-0

DEVICE=$1
CA=${2:-root}

if [[ -z "$DEVICE" ]]; then
	echo "Usage: $0 deviceName [CA]"
	exit
fi

if [[ ! -f "$CA.ca.pem" ]]; then
	echo "Could not find certificate for $CA"
	exit
fi

openssl genrsa -out "$DEVICE.key" 2048
openssl req -new -key "$DEVICE.key" -out "$DEVICE.csr"  -subj "/CN=$DEVICE"
openssl x509 -req -in $DEVICE.csr -CA "$CA.ca.pem" -CAkey "$CA.ca.key" -CAcreateserial -out "$DEVICE.crt.tmp" -days 500 -sha256
cat "$DEVICE.crt.tmp" "$CA.ca.pem" > "$DEVICE.crt"
rm "$DEVICE.crt.tmp"
rm "$DEVICE.csr"

endpoint=$(aws iot describe-endpoint --endpoint-type iot:Data-ATS | jq -r .endpointAddress )

mosquitto_pub --cafile certs/AmazonRootCA1.pem --cert $DEVICE.crt --key $DEVICE.key \
	-h $endpoint -p 8883 -q 0 -i $DEVICE -d --tls-version tlsv1.2 -m '' -t '/register'
mosquitto_pub --cafile certs/AmazonRootCA1.pem --cert $DEVICE.crt --key $DEVICE.key \
	-h $endpoint -p 8883 -q 0 -i $DEVICE -d --tls-version tlsv1.2 -m '' -t '/register'