#! /usr/bin/env nix-shell
#! nix-shell -p gnutls -p dash -i dash --impure
# shellcheck shell=dash

# For development and testing.
# Create a CA key and cert, and use that to generate a server key and cert.
# Creates:
#   ca.key.pem
#   ca.cert.pem
#   server.key.pem
#   server.cert.pem

export SEC_PARAM=ultra
export EXPIRATION_DAYS=123456
export ORGANIZATION="Vhack.eu Test Keys"
export COUNTRY=EU
export SAN="acme.test"
export KEY_TYPE="ed25519"

BASEDIR="$(dirname "$0")"
GENERATION_LOCATION="$BASEDIR/output"
cd "$BASEDIR" || {
    echo "(BUG?) No basedir ('$BASEDIR')" 1>&2
    exit 1
}

ca=false
clients=false

usage() {
    echo "Usage: $0 --ca|--clients"
    exit 2
}

if [ "$#" -eq 0 ]; then
    usage
fi

for arg in "$@"; do
    case "$arg" in
    "--ca")
        ca=true
        ;;
    "--clients")
        clients=true
        ;;
    *)
        usage
        ;;
    esac
done

[ -d "$GENERATION_LOCATION" ] || mkdir --parents "$GENERATION_LOCATION"
cd "$GENERATION_LOCATION" || echo "(BUG?) No generation location fould!" 1>&2

[ "$ca" = true ] && ../generate.ca

# Creates:
#   <client_name>.key.pem
#   <client_name>.cert.pem
#
[ "$clients" = true ] && ../generate.client "acme.test"

echo "(INFO) Look for the keys at: $GENERATION_LOCATION"

# vim: ft=sh