#!/usr/bin/perl

use strict;
use warnings;

use Getopt::Long qw(GetOptions);
use Pod::Usage qw(pod2usage);
use YAML::XS qw();

use Crypt::PK::RSA qw();
use Crypt::OpenSSL::RSA qw();

#my $file = '/home/rkrenn/sipwise/git/vagrant-ngcp/config.yml';
my $file = '/etc/ngcp-config/config.yml';
my $type;
my $size;
GetOptions(
   "type=s" => \$type,
   "size=i" => \$size,
) or pod2usage(2);

$type //= 'rsa';
my $yaml = YAML::XS::LoadFile($file);
if ('rsa' eq lc($type)) {
   $size //= 2048;
   die("invalid size $size for RSA keys\n") if ($size < 256 or $size > 8192);
   
   my $rsa = Crypt::OpenSSL::RSA->generate_key($size);

   my $pk = Crypt::PK::RSA->new();
   $pk->import_key(\$rsa->get_private_key_string());
   $yaml->{www_admin}->{security}->{rsa_private_key} = $pk->export_key_jwk('private', 1);

   $pk->import_key(\$rsa->get_public_key_string());
   $yaml->{www_admin}->{security}->{rsa_public_key} = $pk->export_key_jwk('public', 1);
   
   print "$size bit RSA keypair saved to $file.\n";
} elsif ('voucher' eq lc($type)) {
   #todo
} else {
   die("unsupported key type: $type\n")
}

YAML::XS::DumpFile($file, $yaml);

print "Please run ngcpcfg to apply.\n";

exit(0);

__END__

=head1 NAME

ngcp-create-keys - Generate encryption keys for ngcp-panel

=head1 SYNOPSIS

B<ngcp-create-keys> [I<options>]

=head1 DESCRIPTION

This program will generate new master key(s) required by ngcp-panel e.g. for encryption/decryption of JSON values.

=head1 OPTIONS

=over 4

=item B<--type=>I<key type>

Specify what key to generate. Defaults to "rsa" (encryption of JSON fields).

=item B<--size=>I<key length>

Specify the key size in bits.

=back

=head1 EXAMPLES

ngcp-create-keys --alg="rsa" --size="2048"

=head1 AUTHOR

Sipwise Development Team C<< <support@sipwise.com> >>

=head1 LICENSE

This software is Copyright © 2020 by Sipwise GmbH, Austria.

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this package.  If not, see <https://www.gnu.org/licenses/>.

=cut