#!/bin/bash

set -e

ROOTCA_DIR="./rootCA"
ROOTCA_KEY="$ROOTCA_DIR/rootCA.key"
ROOTCA_PEM="$ROOTCA_DIR/rootCA.pem"
ROOTCA_SRL="$ROOTCA_DIR/rootCA.srl"

# Check if the rootCA directory and files exist
if [ -f "$ROOTCA_KEY" ] && [ -f "$ROOTCA_PEM" ]; then
    echo "Certificates already exist."
    read -p "Do you want to overwrite them? (y/n): " -n 1 -r
    echo
    if [[ $REPLY =~ ^[Yy]$ ]]; then
        # Create backup directory with timestamp
        current_datetime=$(date +"%Y%m%d_%H%M%S")
        BACKUP_DIR="./$ROOTCA_DIR/bak_$current_datetime"
        mkdir -p "$BACKUP_DIR"
        mv "$ROOTCA_KEY" "$ROOTCA_PEM" "$BACKUP_DIR"

        if [ -e "$ROOTCA_SRL" ]; then
            mv "$ROOTCA_SRL" "$BACKUP_DIR"
        fi

        echo "Old certificates moved to $BACKUP_DIR."
    else
        echo "Operation cancelled by the user."
        exit 0
    fi
fi

# Create rootCA directory if it does not exist
mkdir -p "$ROOTCA_DIR"

# Generate new certificates
openssl genrsa -out "$ROOTCA_KEY" 2048
openssl req -x509 -new -nodes -key "$ROOTCA_KEY" -sha256 -days 1024 -out "$ROOTCA_PEM"

echo "rootCA created."