#!/usr/bin/bash

set -e

FQDN=`hostname`
ssldotconf=/etc/httpd/conf.d/ssl.conf

if test -f /etc/pki/tls/certs/localhost.crt -a \
        -f /etc/pki/tls/private/localhost.key; then
    exit 0
fi

if test -f /etc/pki/tls/certs/localhost.crt -a \
        ! -f /etc/pki/tls/private/localhost.key; then
    echo "Missing certificate key!"
    exit 1
fi

if test ! -f /etc/pki/tls/certs/localhost.crt -a \
         -f /etc/pki/tls/private/localhost.key; then
    echo "Missing certificate, but key is present!"
    exit 1
fi

if ! test -f ${ssldotconf} || \
   ! grep -q '^SSLCertificateFile /etc/pki/tls/certs/localhost.crt' ${ssldotconf} || \
   ! grep -q '^SSLCertificateKeyFile /etc/pki/tls/private/localhost.key' ${ssldotconf}; then
    # Non-default configuration, do nothing.
    exit 0
fi

sscg -q                                                             \
     --cert-file           /etc/pki/tls/certs/localhost.crt         \
     --cert-key-file       /etc/pki/tls/private/localhost.key       \
     --ca-file             /etc/pki/tls/certs/localhost.crt         \
     --lifetime            365                                      \
     --hostname            $FQDN                                    \
     --email               root@$FQDN