#!/bin/sh

cd /etc/openvpn/server

clean() {
    rm -vf *.pem ta.key client.ovpn
}

gen_certs() {
    sscg \
        --force \
        --lifetime=3650 \
        --country=US \
        --state=Washington \
        --organization="Inland Integration" \
        --organizational-unit=Controls \
        --ca-file=ca.cert.pem \
        --cert-file=openvpn.cert.pem \
        --cert-key-file=openvpn.key.pem \
        --client-file=client.cert.pem \
        --client-key-file=client.key.pem \
        --dhparams-file=dhparams.pem

    openvpn --genkey secret ta.key

    cat client.ovpn.in >client.ovpn
    echo "<ca>" >>client.ovpn
    cat ca.cert.pem >>client.ovpn
    echo "</ca>" >>client.ovpn
    echo "<cert>" >>client.ovpn
    cat client.cert.pem >>client.ovpn
    echo "</cert>" >>client.ovpn
    echo "<key>" >>client.ovpn
    cat client.key.pem >>client.ovpn
    echo "</key>" >>client.ovpn
    echo "<tls-auth>" >>client.ovpn
    cat ta.key >>client.ovpn
    echo "</tls-auth>" >>client.ovpn
}

if [ -f "ca.cert.pem" ]; then
    openssl verify -CAfile ca.cert.pem openvpn.cert.pem
    if [ $? -ne 0 ]; then
        rm -f client.ovpn
    fi
fi

if [ ! -f "client.ovpn" ]; then
    clean
    gen_certs
fi

if [ ! -f "localhost.conf" ]; then
    LAN=${LAN:-green0}
    LAN_IP="`ifconfig ${LAN} 2>/dev/null | grep -m 1 'inet' | awk '{print $2}' | sed -e 's/.*://'`"
    if [ -z "${LAN_IP}" ]; then
        echo "Failed to find LAN IP address"
        exit 1
    fi
    LAN_MASK="`ifconfig ${LAN} 2>/dev/null | grep -m 1 'Mask' | awk '{print $4}' | sed -e 's/.*://'`"
    if [ -z "${LAN_MASK}" ]; then
        echo "Failed to find LAN netmask"
        exit 1
    fi
    LAN_NET="`ipcalc ${LAN_IP}/${LAN_MASK} 2>/dev/null | grep -m 1 'Network' | awk '{print $2}' | sed -e 's/\/.*$//'`"
    if [ -z "${LAN_NET}" ]; then
        echo "Failed to find LAN network"
        exit 1
    fi
    sed -e "s/@NETWORK@/$LAN_NET/" localhost.conf.in >localhost.conf
fi
