From 3aa403691c792e23cb33741507834d3955f02a57 Mon Sep 17 00:00:00 2001
From: Andrey Arapov <andrey.arapov@nixaid.com>
Date: Tue, 3 Jul 2018 11:16:01 +0200
Subject: [PATCH] add root user check +refactor

---
 gencert.sh | 83 ++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 55 insertions(+), 28 deletions(-)

diff --git a/gencert.sh b/gencert.sh
index 0bcac60..6f2f8b5 100755
--- a/gencert.sh
+++ b/gencert.sh
@@ -20,6 +20,9 @@ print_help() {
   --cadays   - CA cert expiration in days\t(default: 3650)\n"
 }
 
+#  Parse command line arguments
+##
+
 # A POSIX variable
 OPTIND=1 # Reset in case getopts has been used previously in the shell.
 
@@ -96,6 +99,9 @@ fi
 # echo ARG_CA=$ARG_CA
 # echo ARG_CADAYS=$ARG_CADAYS
 
+#  prepare common variables
+##
+
 OPENSSL_CONFIG="openssl.cnf"
 CA_KEY="${ARG_CAKEY:-ca.key}"
 CA_CERT="${ARG_CA:-ca.crt}"
@@ -107,6 +113,46 @@ DAYS="${ARG_DAYS:-365}"
 # set -x
 set -e
 
+#  install openssl
+##
+
+install_openssl() {
+  set +e
+  type openssl >/dev/null 2>&1
+  if [ $? -eq 0 ]; then
+    return;
+  fi
+
+  if [ $(id -u) -ne 0 ]; then
+     echo "This script must be run as root in order to install openssl package."
+     echo "If you cannot run this script as root, then make sure you have the openssl package."
+     exit 1
+  fi
+
+  if [ -f /etc/debian_version ]; then
+    echo "[${ME}] Installing openssl in Debian/Ubuntu"
+    export DEBIAN_FRONTEND=noninteractive
+    apt-get update
+    apt-get -y install openssl
+  elif [ -f /etc/alpine-release ]; then
+    echo "[${ME}] Installing openssl in Alpine"
+    apk add --update openssl
+  elif [ -f /etc/centos-release ]; then
+    echo "[${ME}] Installing openssl in CentOS"
+    yum -y install openssl
+  fi
+
+  type openssl >/dev/null
+  if [ $? -ne 0 ]; then
+    echo "[${ME}] ERROR: Could not install openssl. Exitting."
+    exit 1
+  fi
+  set -e
+}
+
+#  generate openssl config
+##
+
 gen_openssl_config() {
   OPENSSL_CONFIG_CONTENT="[ req ]
 distinguished_name = req_distinguished_name
@@ -131,6 +177,9 @@ subjectAltName = @alt_names
   printf "${OPENSSL_CONFIG_CONTENT}\n${PAYLOAD}\n" > "${OPENSSL_CONFIG}"
 }
 
+#  generate CA certificate
+##
+
 gen_ca() {
   echo "[${ME}] Generating new CA: ${CA_KEY} / ${CA_CERT} ..."
   openssl ecparam -name prime256v1 -genkey -noout -out "${CA_KEY}"
@@ -139,6 +188,9 @@ gen_ca() {
               -subj "/CN=my-CA"  -extensions v3_ca -config "${OPENSSL_CONFIG}"
 }
 
+#  generate server certificate
+##
+
 gen_server_x509() {
   echo "[${ME}] Generating new server x509: ${SERVER_KEY} / ${SERVER_CERT} ..."
   openssl ecparam -name prime256v1 -genkey -noout -out "${SERVER_KEY}"
@@ -149,34 +201,6 @@ gen_server_x509() {
                    -extensions v3_req_server -extfile "${OPENSSL_CONFIG}"
 }
 
-install_openssl() {
-  set +e
-  type openssl >/dev/null 2>&1
-  if [ $? -eq 0 ]; then
-    return;
-  fi
-
-  if [ -f /etc/debian_version ]; then
-    echo "[${ME}] Installing openssl in Debian/Ubuntu"
-    export DEBIAN_FRONTEND=noninteractive
-    apt-get update
-    apt-get -y install openssl
-  elif [ -f /etc/alpine-release ]; then
-    echo "[${ME}] Installing openssl in Alpine"
-    apk add --update openssl
-  elif [ -f /etc/centos-release ]; then
-    echo "[${ME}] Installing openssl in CentOS"
-    yum -y install openssl
-  fi
-
-  type openssl >/dev/null
-  if [ $? -ne 0 ]; then
-    echo "[${ME}] ERROR: Could not install openssl. Exitting."
-    exit 1
-  fi
-  set -e
-}
-
 start() {
   echo "[${ME}] Started in ${PWD} directory."
 
@@ -208,4 +232,7 @@ start() {
   echo "${CERT_INFO}" | grep -E "CN=|IP Address|Not\ "
 }
 
+#  script starts here
+##
+
 start;