#!/bin/sh -efu
# SPDX-License-Identifier: GPL-2.0-or-later

# shellcheck enable=all disable=SC2250

# shellcheck source=bin/alt-signer-functions.in
. alt-signer-functions

if [ "$#" -ne 2 ]; then
	printf 'Usage: %s <module> <key-nickname>\n' "${0##*/}" >&2
	exit 1
fi

type_input="$1"; shift
nickname="$1"; shift

validate_nickname "$nickname"

case "$type_input" in
	module)
		efikeygen_flag=--module
		;;
	*)
		echo >&2 'unsupported input file type'
		exit 1
		;;
esac

check_db

cn="$nickname"
if [ -n "${ALT_SIGNER_KEYGEN_COMMON_NAME_PREFIX-}" ]; then
	cn="$ALT_SIGNER_KEYGEN_COMMON_NAME_PREFIX$nickname"
fi

ca_nick="${ALT_SIGNER_CA_NICKNAME:-CA}"

# shellcheck disable=SC2310
if ! show_cert "$nickname" >/dev/null 2>&1; then
	efikeygen \
		--dbdir "$dbdir" \
		"$efikeygen_flag" \
		--signer="$ca_nick" \
		--common-name "CN=$cn" \
		--nickname "$nickname" \
		>&2
fi

show_cert "$nickname"
