#!/bin/sh -x

#
#  This is a script to help generate certificates for use with
#  the EAP-TLS module.
#

SSL=/usr/local/ssl

export PATH=${SSL}/bin/:${SSL}/ssl/misc:${PATH}

export LD_LIBRARY_PATH=${SSL}/lib

rm -rf demoCA roo* cert* *.pem *.der

echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate private key"
echo -e "\t\tname : name-root"
echo -e "\t\tCA.pl -newcert"
echo -e "\t\t##################\n"

openssl req -new -x509 -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever

echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreate CA"
echo -e "\t\tuse just created 'newreq.pem' private key as filename"
echo -e "\t\tCA.pl -newca"
echo -e "\t\t##################\n"

echo "newreq.pem" | /usr/local/ssl/misc/CA.pl -newca

#ls -lg demoCA/private/cakey.pem

echo -e ""
echo -e "\t\t##################"
echo -e "\t\texporting ROOT CA"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\topenssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.pem"
echo -e "\t\topenssl pkcs12 -in root.cer -out root.pem"
echo -e "\t\t##################\n"

openssl pkcs12 -export -in demoCA/cacert.pem -inkey newreq.pem -out root.p12 -cacerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in root.p12 -out root.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in root.pem -out root.der 

echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating client certificate"
echo -e "\t\tname : name-clt"
echo -e "\t\tclient certificate stored as cert-clt.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"

openssl req -new -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
openssl ca  -policy policy_anything -out newcert.pem -passin pass:whatever -key whatever -extensions xpclient_ext -extfile xpextensions -infiles newreq.pem

openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-clt.p12 -clcerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in cert-clt.p12 -out cert-clt.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in cert-clt.pem -out cert-clt.der 

echo -e ""
echo -e "\t\t##################"
echo -e "\t\tcreating server certificate"
echo -e "\t\tname : name-srv"
echo -e "\t\tserver certificate stored as cert-srv.pem"
echo -e "\t\tCA.pl -newreq"
echo -e "\t\tCA.pl -signreq"
echo -e "\t\t##################\n"

openssl req -new  -keyout newreq.pem -out newreq.pem -days 730 -passin pass:whatever -passout pass:whatever
openssl ca  -policy policy_anything  -out newcert.pem -passin pass:whatever -key whatever -extensions xpserver_ext -extfile xpextensions -infiles newreq.pem 

 openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -out cert-srv.p12 -clcerts -passin pass:whatever -passout pass:whatever
openssl pkcs12 -in cert-srv.p12 -out cert-srv.pem -passin pass:whatever -passout pass:whatever
openssl x509 -inform PEM -outform DER -in cert-srv.pem -out cert-srv.der 

echo -e "\n\t\t##################\n"