#!/bin/sh

# These defaults were extracted from Barrier source file:
# src/gui/src/SslCertificate.cpp
#
# A private key and certificate is generated in the profile
# directory (~/.barrier/SSL/Barrier.pem). Then a fingerprint
# is generated that can be used to verify the client is
# connecting to the correct server
# (~/.barrier/SSL/Fingerprints/Local.txt)

umask 177
if hash syntool 2>/dev/null; then
    if hash openssl 2>/dev/null; then
        mkdir -p "$(syntool --get-profile-dir)/SSL" && openssl req -x509 -nodes -days 365 -subj '/CN=Barrier' -newkey rsa:4096 -keyout "$(syntool --get-profile-dir)/SSL/Synergy.pem" -out "$(syntool --get-profile-dir)/SSL/Synergy.pem" && mkdir -p "$(syntool --get-profile-dir)/SSL/Fingerprints/" &&  openssl x509 -fingerprint -sha1 -noout -in "$(syntool --get-profile-dir)/SSL/Synergy.pem" | cut -d= -f2 > "$(syntool --get-profile-dir)/SSL/Fingerprints/Local.txt"
    else
        echo "openssl not found in path"
    fi
    echo "Server Fingerprint:"
    cat "$(syntool --get-profile-dir)/SSL/Fingerprints/Local.txt"
else
    echo "syntool not found in path"
fi