#!/usr/bin/env bash
set -Eeuo pipefail

# Prosess 1:
# Genererer DKIM private/public key-filer for ett eller flere domener.
#
# Filer lages under:
#   private/dkim/<domene>.<selector>.private.pem
#   private/dkim/<domene>.<selector>.public.pem
#
# Dette scriptet er trygt å publisere.
# Selve nøklene ligger i private/, som skal være i .gitignore.

selector="${DKIM_SELECTOR:-mail}"

usage() {
  cat <<EOF
Bruk:
  $0 <domene> [domene...]

Eksempel:
  $0 tvheggland.no privix.no

Valgfritt:
  DKIM_SELECTOR=mail $0 tvheggland.no
EOF
}

if [[ $# -lt 1 ]]; then
  usage
  exit 1
fi

mkdir -p private/dkim
chmod 700 private private/dkim

for domain in "$@"; do
  private_key="private/dkim/${domain}.${selector}.private.pem"
  public_key="private/dkim/${domain}.${selector}.public.pem"

  if [[ -e "$private_key" || -e "$public_key" ]]; then
    echo "SKIP: DKIM-filer finnes allerede for ${domain}"
    echo "  $private_key"
    echo "  $public_key"
    echo
    continue
  fi

  openssl genrsa -out "$private_key" 2048

  openssl rsa \
    -in "$private_key" \
    -pubout \
    -out "$public_key" >/dev/null 2>&1

  chmod 600 "$private_key" "$public_key"

  echo "OK: Genererte DKIM-nøkler for ${domain}"
  echo "  Privat nøkkel:   $private_key"
  echo "  Offentlig nøkkel: $public_key"
  echo
done