#!/bin/sh

set -ex

fullpath() {
  (
    cd $(dirname $1)
    echo $PWD/$(basename $1)
  )
}

# Place keys and certificates here
depot_path=$(fullpath ./test-certs)
mkdir -p ${depot_path}

# Install certstrap
go get -v github.com/square/certstrap

# CA to distribute to loggregator certs
certstrap --depot-path ${depot_path} init --passphrase '' --common-name loggregatorCA --expires "25 years"
mv -f ${depot_path}/loggregatorCA.crt ${depot_path}/CA.crt
mv -f ${depot_path}/loggregatorCA.key ${depot_path}/CA.key
mv -f ${depot_path}/loggregatorCA.crl ${depot_path}/CA.crl

# Client certificate
certstrap --depot-path ${depot_path} request-cert --passphrase '' --common-name metron
certstrap --depot-path ${depot_path} sign metron  --CA CA --expires "25 years"
mv -f ${depot_path}/metron.crt ${depot_path}/server.crt
mv -f ${depot_path}/metron.key ${depot_path}/server.key

# Server certificate
certstrap --depot-path ${depot_path} request-cert --passphrase '' --common-name reverselogproxy
certstrap --depot-path ${depot_path} sign reverselogproxy --CA CA --expires "25 years"
mv -f ${depot_path}/reverselogproxy.crt ${depot_path}/client.crt
mv -f ${depot_path}/reverselogproxy.key ${depot_path}/client.key

# Create invalid cert
echo "foobar" > ${depot_path}/invalid-ca.crt
