#!/usr/bin/env bash

# Copyright (C) 2017 Maciej Delmanowski <drybjed@gmail.com>
# Copyright (C) 2017 DebOps <https://debops.org/>
# SPDX-License-Identifier: GPL-3.0-only

# Exctract public RSA key from private DomainKeys and output it as a DNS zone
# Usage: ./lib/extract-domainkey-zone <path/to/keys*.pem>


set -o nounset -o pipefail -o errexit

if [ $# -gt 0 ] ; then
    for keyfile in "${@}" ; do
        if [ -r "${keyfile}" ] && [[ "${keyfile}" == *_*.pem ]] ; then

            filename=$( basename "${keyfile}" )
            filename_stripped="${filename%.pem}"
            domain="${filename_stripped%%_*}"
            selector="${filename_stripped##*_}"
            key=$( openssl rsa -in "${keyfile}" -pubout -outform pem 2>/dev/null | grep -v '^-' | sed -e 's/^\|$/"/g' -e '2,$s/^/\          /g' )

            printf "%s._domainkey\\tIN\\tTXT\\t( \"v=DKIM1; k=rsa; \"\\n\\tp=%s )  ; ----- DKIM key %s for %s\\n" \
                "${selector}" "${key}" "${selector}" "${domain}"
        fi
    done
else
    printf "%s\\n" "Output DNS zone with DNSSEC public keys

Usage: ${0} path/to/*.pem
The private keys need to be named using the '<domain>_<selector>.pem' format"
    exit 1
fi
