#!/bin/bash

commajoin() {
    f=y
    for arg in "$@"; do
	if [ -z "$f" ]; then echo -n ,; fi
	echo -n "$arg"
	f=
    done
}

usage() {
    echo "usage: certreq [-h] [-a ALTNAMES] SUBJECT KEYFILE"
    echo '        SUBJECT is of the form `/PART1=VALUE1/PART2=VALUE2/...'\'
    echo '        ALTNAMES is of the form `DNS:name1,DNS:name,...'\'
}

declare -A reqexts config
while getopts ha: OPT; do
    case "$OPT" in
	h)
	    usage
	    exit 0
	    ;;
	a)
	    reqexts[SAN]=1
	    config[SAN]=1
	    config_SAN=("${config_SAN[@]}" "subjectAltName=$OPTARG")
	    ;;
    esac
done
shift $((OPTIND - 1))
if [ $# -lt 2 ]; then
    usage >&2
    exit 1
fi

args=(openssl req -new)
if [ -n "${!reqexts[*]}" ]; then
    for reqext in "${!reqexts[@]}"; do
	args=("${args[@]}" -reqexts "$reqext")
    done
fi
if [ -n "${!config[*]}" ]; then
    confpath="$(mktemp /tmp/certreq-XXXXXX)"
    cat /etc/ssl/openssl.cnf >>"$confpath"
    for section in "${!config[@]}"; do
	echo "[${section}]" >>"$confpath"
	var="config_${section}[@]"
	for confopt in "${!var}"; do
	    echo "$confopt" >>"$confpath"
	done
	echo >>"$confpath"
    done
    trap 'rm -f "$confpath"' EXIT
    args=("${args[@]}" -config "$confpath")
fi
args=("${args[@]}" -subj "$1" -key "$2")

"${args[@]}"