hms
/
nebula-tools


			
							#!/bin/bash
######################################################
#        Name: refresh-NebulaCA
# Description: Creates a new cert for a node based
# on the node cert provided.
#
# Created By: HMSheets
######################################################


POSITIONAL=()
while [[ $# -gt 0 ]]
do
key="$1"

case $key in
    -n|--caname)
    CANAME="$2"
    shift # past argument
    shift # past value
    ;;
    -r|--rootpath)
    ROOTPATH="$2"
    shift # past argument
    shift # past value
    ;;
    -f|--cafilename)
    CAFILENAME="$2"
    shift # past argument
    shift # past value
    ;;
#    -k|--cakeyname)
#    CAKEYNAME="$2"
#    shift # past argument
#    shift # past value
#    ;;
    -i|--issuer)
    ISSUER="$2"
    shift # past argument
    shift # past value
    ;;
    *)    # unknown option
    POSITIONAL+=("$1") # save it in an array for later
    shift # past argument
    ;;
esac
done
set -- "${POSITIONAL[@]}" # restore positional parameters

# Additional Parameter Evaluation
while [ -n "$1" ]; do # while loop starts

	case "$1" in

	-h) help_msg ;; # help

	--h) help_msg ;; # help

	*) invalid_args_msg ;; #catch all

	esac

	shift

done

invalid_args_msg () {
    echo "Invalid Parameter(s) Entered: $1"
    exit
}

help_msg () {
    echo "Usage of refresh-NebulaCA <flags>: refresh an existing nebula ca"
    echo "  -n|--caname"
    echo "      Name to use for the new CA. Used in the CA cert file and in the filename"
    echo "  -r|--rootpath"
    echo "      Root path of existing CA"
    echo "  -f|--cafilename"
    echo "      Filename of the existing CA"
    echo "  -i|--issuer"
    echo "      Name of the Org Issuing and authorizing the creation of the new Nebula CA"
    echo "  -h|--help"
    echo "      This help text, but you already knew that... right?!?!"
}

DATETIME=$(date '+%Y%m%d-%H%M%S')

#CANAME=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s .[].details.name | sed 's/["]//g')
#CAIPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.ips | sed 's/[]["]//g')
#NODEGROUPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.groups | sed 's/[]["]//g') # | sed 's/,/ /g'))
CERTISCASTATUS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${CAFILENAME} -json | jq -s --compact-output .[].details.isCa)

# Create new file name variable
NEWFILENAME="${CANAME}_${DATETIME}"

if [[ $CERTISCASTATUS == false ]]; then
    echo "Certificate is a Node Certificate. Try again by providing the CA Certificate."
    exit
fi

if [[ $CERTISCASTATUS == true ]]; then
    echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    echo "Node Name: ${CANAME}"
    echo "Node IPs: ${ISSUER}"
    #echo "Node Groups: ${NODEGROUPS[@]}"
    echo "Certificate isCa Status: ${CERTISCASTATUS}"
    echo "DateTime: ${DATETIME}"
    echo "NEWFILENAME: ${NEWFILENAME}"
    echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
    ${ROOTPATH}/nebula-cert sign -name ${CANAME} -out-crt ${ROOTPATH}/${NEWFILENAME}.crt -out-key ${ROOTPATH}/${NEWFILENAME}.key
fi