#/bin/sh

topic="data"

rm -rf certs
mkdir certs

echo Creating root ca and key
openssl req -new -x509 -out "certs/ca" -newkey rsa:4096 -keyout "certs/key" -nodes -subj /O=rt-docker-compose -days 60 && [ -s ca -a -s key ]

echo Creating server cert and key
mkdir certs/server
openssl req -new -x509 -out "certs/server/server.tmp.pem" -newkey rsa:4096 -keyout "certs/server/key" -nodes -subj /O=rt-docker-compose
openssl req -new -key "certs/server/key" -nodes -out "certs/server/server.csr" -subj "/CN=$topic"
openssl x509 -req -in "certs/server/server.csr" -out "certs/server/cert" -CA "certs/ca" -CAkey "certs/key" -CAcreateserial -days 10
cp "certs/ca" "certs/server/ca"
rm certs/server/server*

echo Creating client cert and key
mkdir certs/client
openssl req -new -x509 -out "certs/client/client.tmp.pem" -newkey rsa:4096 -keyout "certs/client/key" -nodes -subj /O=rt-docker-compose
openssl req -new -key "certs/client/key" -nodes -out "certs/client/client.csr" -subj "/CN=$topic"
openssl x509 -req -in "certs/client/client.csr" -out "certs/client/cert" -CA "certs/ca" -CAkey "certs/key" -CAcreateserial -days 10
cp "certs/ca" "certs/client/ca"
rm certs/client/client*