#!/bin/sh

# Take the correct binary to create the certificates
CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
if [ -z "$CERTTOOL" ]
then
  echo "ERROR: No certtool found" >&2
  exit 1
fi

. ./vars

if ! [ -f ca.key.pem ]
then
  # Create a CA key.
  $CERTTOOL \
    --generate-privkey \
    --sec-param $SEC_PARAM \
    --outfile ca.key.pem
fi

chmod 600 ca.key.pem

if ! [ -f ca.template ]
then
  # Sign a CA cert.
  cat <<EOF >ca.template
organization = $ORGANIZATION
cn = $CN CA
country = $COUNTRY
expiration_days = $EXPIRATION_DAYS
ca
EOF
#state = $STATE
#locality = $LOCALITY
fi

if ! [ -f ca.cert.pem ]
then
  $CERTTOOL \
    --generate-self-signed \
    --load-privkey ca.key.pem \
    --template ca.template \
    --outfile ca.cert.pem
fi

chmod 600 ca.cert.pem