#!/bin/sh
#
# certhub-message-format - Run a command and format its output.

set -e
set -u

# Required binaries
BASENAME=/usr/bin/basename
ECHO=/bin/echo
OPENSSL=/usr/bin/openssl
XARGS=/usr/bin/xargs

# Print usage message and exit.
usage() {
    ${ECHO} "${0}: input-pem-file [x509|req] command [args...]"
    return 1
}

certhub_message_subject() {
    if [ -n "${CERTHUB_MESSAGE_SUBJECT:-}" ]; then
        ${ECHO} "${CERTHUB_MESSAGE_SUBJECT}"
    else
        COMMAND_BASE=$(${BASENAME} "${1}")
        ${ECHO} "${CERTHUB_MESSAGE_SUBJECT_PREFIX:-[Certhub]} ${CERTHUB_MESSAGE_SUBJECT_ACTION:-${COMMAND_BASE}}"
    fi
}

certhub_message_format() {
    PEM_FILE="${1}"
    PEM_TYPE="${2}"

    SUBJECT=$(certhub_message_subject "${3}")
    case "$PEM_TYPE" in
        x509)
            TEXTOPTS="${CERTHUB_MESSAGE_CERT_TEXTOPTS:--noout -text -certopt no_pubkey,no_sigdump,no_extensions -sha256 -fingerprint}"
            ;;
        req)
            TEXTOPTS="${CERTHUB_MESSAGE_CSR_TEXTOPTS:--noout -text -reqopt no_pubkey,no_sigdump}"
            ;;
        *)
            TEXTOPTS=""
            ;;
    esac
    shift 2

    ${ECHO} "${SUBJECT}"
    ${ECHO}

    "${@}" 2>&1

    if [ -f "${PEM_FILE}" ] && [ -n "${TEXTOPTS}" ]; then
        ${ECHO} "${TEXTOPTS}" | ${XARGS} ${OPENSSL} "${PEM_TYPE}" -in "${PEM_FILE}"
        ${ECHO}
    fi
}

if [ "${#}" -gt 2 ] && [ "${1:-}" != "-h" ] && [ "${1:-}" != "--help" ] && { [ "${2}" = "req" ] || [ "${2}" = "x509" ]; } ; then
    certhub_message_format "${@}"
else
    usage
fi
