#!/bin/sh

# Create necessary files to run tlsproxy in the current directory.
#
# Requires certtool (from GnuTLS).
#
# Copyright (C) 2011  Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


tempfile=`mktemp` || exit 1

die() {
    rm -f $tempfile
    exit 1
}

# Generate proxy CA key file.
certtool --generate-privkey > proxy-ca-key.pem || die
# Generate proxy CA.
echo 'cn = tlsproxy CA' > $tempfile
echo ca                >> $tempfile
echo cert_signing_key  >> $tempfile
certtool --generate-self-signed \
         --load-privkey proxy-ca-key.pem \
         --template $tempfile \
         --outfile proxy-ca.pem || die

# Generate proxy key file.
certtool --generate-privkey > proxy-key.pem || die

# Generate proxy "invalid" server certificate. It's used for problematic
# connections.
echo 'organization = tlsproxy' > $tempfile
echo 'cn = invalid'           >> $tempfile
echo tls_www_server           >> $tempfile
echo encryption_key           >> $tempfile
echo signing_key              >> $tempfile
certtool --generate-self-signed \
         --load-privkey proxy-key.pem \
         --template $tempfile \
         --outfile proxy-invalid.pem || die

rm $tempfile

echo done