#!/bin/sh

# Take the correct binary to create the certificates
CERTTOOL=$(command -v gnutls-certtool 2>/dev/null || command -v certtool 2>/dev/null)
if [ -z "$CERTTOOL" ]; then
    echo "ERROR: No certtool found" >&2
    exit 1
fi

. ./vars

if ! [ -f ca.key.pem ]; then
    # Create a CA key.
    $CERTTOOL \
        --generate-privkey \
        --sec-param $SEC_PARAM \
        --outfile ca.key.pem
fi

chmod 600 ca.key.pem

if ! [ -f ca.template ]; then
    # Sign a CA cert.
    cat <<EOF >ca.template
organization = $ORGANIZATION
cn = $CN CA
country = $COUNTRY
expiration_days = $EXPIRATION_DAYS
ca
EOF
#state = $STATE
#locality = $LOCALITY
fi

if ! [ -f ca.cert.pem ]; then
    $CERTTOOL \
        --generate-self-signed \
        --load-privkey ca.key.pem \
        --template ca.template \
        --outfile ca.cert.pem
fi

chmod 600 ca.cert.pem