#!/bin/bash
# makecsr - Make a private key file and CSR (Certificate Signing Request)
#
# Outputs the following files:
# * private_key.pem file
# * client_cert.csr file
# * truststore.pem file
# * kafka.client.keystore.jks file
# * kafka.client.truststore.jks file

cacerts_file=`find /usr/lib/jvm -name cacerts -print`
keystore_file=kafka.client.keystore.jks
truststore_jks=kafka.client.truststore.jks
truststore_pkcs=truststore.p12
private_key_file=private_key.pem
csr_file=client_cert.csr

if [ -z "cacerts_file" ]
then
        echo "Java is not installed. To install Java: $ yum -y install java-1.8.0"
        exit 1
fi

read -s -p "Enter your password for all key files: " keypass

echo -e "\nCreating Keystore files."
echo -e "\nEnter your Certificate parameters."
keytool -genkey -alias kafka-key  -keyalg RSA -keystore $keystore_file -storetype pkcs12  -storepass $keypass

echo -e "\nCreating Certificate Sign Request files."
keytool -keystore $keystore_file -certreq -file raw-client-cert.csr -alias kafka-key -storepass $keypass
sed 's/NEW //' raw-client-cert.csr > $csr_file

echo -e "\nCreating P12 file."
keytool -importkeystore -srckeystore $keystore_file -destkeystore client.p12 -srcstoretype jks -deststoretype pkcs12 -deststorepass $keypass -srcstorepass $keypass

echo -e "\nExporting Private Key to pem file."
openssl pkcs12 -in client.p12 -out $private_key_file -passin pass:$keypass -passout pass:$keypass

echo -e "\nCreating Truststore files."
cp $cacerts_file $truststore_jks
keytool -importkeystore -srckeystore  $truststore_jks -srcstorepass changeit -destkeystore $truststore_pkcs -srcstoretype jks -deststoretype pkcs12 -deststorepass $keypass

echo -e "\nExporting Truststore to pem file."
openssl pkcs12 -in $truststore_pkcs -out truststore.pem -passin pass:$keypass
rm -f $truststore_pkcs

# Deleting unnecessary files
rm -f raw-client-cert.csr
rm -f client.p12