#!/bin/bash
cd -- "$( dirname -- "${BASH_SOURCE[0]}" )"

mkdir -p secrets
mkdir -p tmp
chmod 700 secrets

[[ -f "secrets/ca_key.pem" ]] || {
  openssl genrsa -out secrets/ca_key.pem 4096
  chmod 400 secrets/ca_key.pem
}

[[ -f "ca_cert.pem" ]] || {
  openssl req -x509 -new -nodes \
    -key secrets/ca_key.pem -sha256 \
    -days 3650 -out ca_cert.pem
}

[[ -f "secrets/staging_key.pem" ]] || {
  openssl genrsa -out secrets/staging_key.pem 2048
  chmod 400 secrets/staging_key.pem 
}

[[ -f "tmp/staging_csr.pem" ]] || {
  openssl req -new -key secrets/staging_key.pem \
    -out tmp/staging_csr.pem -config staging_brain.cnf
}

[[ -f "staging_cert.pem" ]] || {
  openssl x509 -req -in tmp/staging_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
    -CAcreateserial -out staging_cert.pem -days 825 -sha256 \
    -extfile staging_brain.cnf -extensions req_ext
}

[[ -f "secrets/testnet_key.pem" ]] || {
  openssl genrsa -out secrets/testnet_key.pem 4096
  chmod 400 secrets/testnet_key.pem 
}

[[ -f "tmp/testnet_csr.pem" ]] || {
  openssl req -new -key secrets/testnet_key.pem \
    -out tmp/testnet_csr.pem -config testnet_brain.cnf
}

[[ -f "testnet_cert.pem" ]] || {
  openssl x509 -req -in tmp/testnet_csr.pem -CA ca_cert.pem -CAkey secrets/ca_key.pem \
    -CAcreateserial -out testnet_cert.pem -days 825 -sha256 \
    -extfile testnet_brain.cnf -extensions req_ext
}