#! /bin/bash

set -e
set -u

options="${1:-}"
prefix="${2:-}"

case "$options" in
   server ) ;;
   client ) ;;
   all ) ;;
   * ) echo "USAGE: $0 [all|server|client] file_prefix"; exit 1 ;;
esac

cakey="$(mktemp)"
cacrt="$(mktemp)"

echo 1
openssl genrsa -out $cakey 4096
echo 2
echo '




localhost

' | openssl req -nodes -new -x509 -days 365 -key $cakey -out $cacrt

clientkey="$(mktemp)"
clientcsr="$(mktemp)"
clientcrt="$(mktemp)"
echo 3
openssl genrsa -out $clientkey 4096
echo 4
echo '




localhost



' | openssl req -nodes -new -key $clientkey -out $clientcsr
# self-signed
echo 5
openssl x509 -req -days 365 -in $clientcsr -CA $cacrt -CAkey $cakey -set_serial 01 -out $clientcrt

mv $cakey ./${prefix}server.key
mv $cacrt ./${prefix}server.crt
mv $clientkey ./${prefix}client.key
mv $clientcsr ./${prefix}client.csr
mv $clientcrt ./${prefix}client.crt