#!/bin/sh

set -ex

# CA

if [ ! -d ca ]
then
	mkdir ca 
	chmod 700 ca
	certtool -p --outfile ca/key.pem
	certtool -s --outfile ca/cert.pem \
		    --template ca.template \
		    --load-privkey ca/key.pem 
	chmod 600 ca/key.pem
	chmod 755 ca
fi

# Server

if [ ! -d server ]
then
	mkdir server 
	chmod 700 server
	certtool -p --outfile server/key.pem
	certtool -c --outfile server/cert.pem \
		    --template server.template \
		    --load-privkey server/key.pem \
		    --load-ca-privkey ca/key.pem \
		    --load-ca-certificate ca/cert.pem 
	chmod 600 server/key.pem
	chmod 755 server
fi

# Client

if [ ! -d client ]
then
	mkdir client 
	chmod 700 client
	certtool -p --outfile client/key.pem
	certtool -c --outfile client/cert.pem \
		    --template client.template \
		    --load-privkey client/key.pem \
		    --load-ca-privkey ca/key.pem \
		    --load-ca-certificate ca/cert.pem 
	chmod 600 client/key.pem
	chmod 755 client
fi

