#!/bin/sh

# Create necessary files to run tlsproxy in the current directory.
#
# Requires certtool (from GnuTLS).
#
# Copyright (C) 2011-2013  Simon Ruderich
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.


set -e

tempfile=`mktemp`
trap 'rm -f "$tempfile"' EXIT

# Generate proxy CA key file.
certtool --generate-privkey \
         --sec-param high \
         --outfile proxy-ca-key.pem
# Generate proxy CA.
echo 'cn = tlsproxy CA' > "$tempfile"
echo ca                >> "$tempfile"
echo cert_signing_key  >> "$tempfile"
echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
         --load-privkey proxy-ca-key.pem \
         --template "$tempfile" \
         --outfile proxy-ca.pem

# Generate proxy key file.
certtool --generate-privkey \
         --sec-param high \
         --outfile proxy-key.pem

# Generate proxy "invalid" server certificate. It's used for problematic
# connections.
echo 'organization = tlsproxy' > "$tempfile"
echo 'cn = invalid'           >> "$tempfile"
echo tls_www_server           >> "$tempfile"
echo encryption_key           >> "$tempfile"
echo signing_key              >> "$tempfile"
echo 'expiration_days = 3650' >> "$tempfile"
certtool --generate-self-signed \
         --load-privkey proxy-key.pem \
         --template "$tempfile" \
         --outfile proxy-invalid.pem

rm "$tempfile"

echo done