#!/bin/bash

usage() {
    cat <<EOF
Usage: start_openssl <options>

Starts a openssl server.

List of options:
    -h, --help          Print this help
    --prefix <str>      The prefix to the "bin/openssl" executable
    --cipher <str>      The list of ciphers passed to openssl
    -p, --port <int>    The listening port for the openssl server
    -c, --cert <str>    The type of the certificate to use. Valid values:
                            rsa, ecdsa, dsa, x25519, x448
                        The keys, certificate and certificate chains are
                        must be located under the directory specified by
                        the --certdir parameter.
    -d, --cert2 <str>   An optional alternative to --cert allowing to offer
                        two different certificates by the openssl server.
                        The same rules than for --cert apply.
    --certdir <str>     The base directory to look for the certificates.
                        Defaults to "$server_dir".
    --                  Indicates the end of the options for this script.
                        All following options will be passed transparently
                        to the openssl command.
EOF
    exit 1
}


openssl_prefix=/usr
auth1=rsa
port=44330
cipher=ALL
server_dir=~/project/private-ca/server
while [[ "$#" -gt 0 ]]; do
    case $1 in
        -h|--help) usage ;;
        --prefix) openssl_prefix="$2"; shift ;;
        --cipher) cipher="$2"; shift ;;
        -p|--port) port="$2"; shift ;;
        -c|--cert) auth1="$2"; shift ;;
        -d|--cert2) auth2="$2"; shift ;;
        -e|--cert3) auth3="$2"; shift ;;
        --certdir) server_dir="$2"; shift ;;
        --) shift; break ;;
        *) echo "Unknown option $1"; usage; exit 1 ;;
    esac
    shift
done


key1=$server_dir/private/server-$auth1.key
key2=$server_dir/private/server-$auth2.key
key3=$server_dir/private/server-$auth3.key
cert1=$server_dir/certs/server-$auth1.crt
cert2=$server_dir/certs/server-$auth2.crt
cert3=$server_dir/certs/server-$auth3.crt
#chain1=$server_dir/chains/server-$auth1.pem
#chain2=$server_dir/chains/server-$auth2.pem
#chain3=$server_dir/chains/server-$auth3.pem
cafile=$server_dir/../cafile.pem

cert_params=" -key $key1 -cert $cert1"
if [ -n "$auth2" ]; then
    cert_params2=" -key2 $key2 -cert2 $cert2"
fi
if [ -n "$auth3" ]; then
    cert_params2=" -dkey $key3 -dcert $cert3"
fi

kill `lsof -t -i :$port`

export OPENSSL_TRACE=TLS
export LD_LIBRARY_PATH=$openssl_prefix/lib:$LD_LIBRARY_PATH
cmd="$openssl_prefix/bin/openssl s_server $cert_params $cert_params2 $cert_params3 -CAfile $cafile -accept $port -www -cipher $cipher $@"
echo $cmd
$cmd
