#!/bin/sh

# Generate markdown and CSV files containing cert info for each host.

set -o errexit  # (-e) exit immediately if any command has a non-zero exit status
set -o nounset  # (-u) don't accept undefined variables
#set -o xtrace  # for debugging

# Go where this script is.
cd "$(dirname "$0")" || exit

# Table header
md_table="| Host | Cert | Expiry | Key Algorithm | Key Size (bits) | Signature Algorithm |
--- | --- | --- | --- | --- | ---\n"
csv_table="Host,Expiry,Key Algorithm,Key Size (bits),Signature Algorithm\n"

for cert_file in certs/*.pem; do

  host=$(expr "$cert_file" : '^certs\/\(.*\)\:[0-9]*\.pem$')
  port=$(expr "$cert_file" : '^certs\/.*\:\([0-9]*\)\.pem$')
  if [ "$port" != 1965 ]; then
    host="$host:$port"
  fi

  # Get cert details: expiry, key algo, key size, signature algo.
  end_date=$(openssl x509 -in "$cert_file" -enddate -noout | cut -d '=' -f 2)
  end_date=$(date -d "$end_date" +"%Y-%m-%d" --utc)

  cert_details=$(openssl x509 -in "$cert_file" -noout -text)

  key_algo=$(echo "$cert_details" | grep 'Public Key Algorithm:' | cut -d ':' -f 2)
  if [ "$key_algo" = ' id-ecPublicKey' ]; then
    key_algo='ECDSA'
  elif [ "$key_algo" = ' rsaEncryption' ]; then
    key_algo='RSA'
  elif [ "$key_algo" = ' ED25519' ]; then
    key_algo='ED25519'
  fi

  if [ "$key_algo" = 'ED25519' ]; then
    key_size='256'
  else
    key_size=$(echo "$cert_details" | grep 'Public-Key:' | cut -d ':' -f 2)
    key_size=$(expr "$key_size" : '^..\([0-9]*\).*$')
  fi

  sig_algo=$(echo "$cert_details" | grep '        Signature Algorithm:' | cut -d ':' -f 2 | cut -c2-)

  # Add a table row.
  md_table="$md_table| [$host](gemini://$host/) | [PEM]($cert_file) | $end_date | $key_algo | $key_size | $sig_algo |\n"
  csv_table="$csv_table""$host,$end_date,$key_algo,$key_size,$sig_algo\n"

done

# Write to files.
echo "$md_table" > cert-details.md
echo "$csv_table" > cert-details.csv

echo OK