#!/bin/sh

# Create necessary files to run tlsproxy in the current directory.
#
# Requires certtool (from GnuTLS).
#
# Copyright (C) 2011-2014  Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


set -e


if test "$#" -ge 1 && test x"$*" != 'x--force'; then
    echo "Usage: $0 [--force]" >&2
    exit 1
fi

# Prevent accidental overwrites.
if test x"$1" != 'x--force'; then
    for x in proxy-ca-key.pem proxy-ca.pem \
             proxy-key.pem proxy-invalid.pem proxy-dh.pem; do
        if test -f "$x"; then
            echo "File '$x' already exists. Use --force to overwrite." >&2
            exit 2
        fi
    done
fi


tempfile=`mktemp`
trap 'rm -f "$tempfile"' EXIT

# Generate proxy CA key file.
certtool --generate-privkey \
         --sec-param high \
         --outfile proxy-ca-key.pem
# Generate proxy CA.
echo 'cn = tlsproxy CA' > "$tempfile"
echo ca                >> "$tempfile"
echo cert_signing_key  >> "$tempfile"
echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
         --load-privkey proxy-ca-key.pem \
         --template "$tempfile" \
         --outfile proxy-ca.pem

# Generate proxy key file.
certtool --generate-privkey \
         --sec-param high \
         --outfile proxy-key.pem

# Generate proxy "invalid" server certificate. It's used for problematic
# connections.
echo 'organization = tlsproxy' > "$tempfile"
echo 'cn = invalid'           >> "$tempfile"
echo tls_www_server           >> "$tempfile"
echo encryption_key           >> "$tempfile"
echo signing_key              >> "$tempfile"
echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
         --load-privkey proxy-key.pem \
         --template "$tempfile" \
         --outfile proxy-invalid.pem

rm "$tempfile"

# Generate proxy Diffie-Hellman parameters.
certtool --generate-dh-params \
         --sec-param high \
         --outfile proxy-dh.pem

echo done