#/bin/sh

if [ "$#" -ne 2 ]; then
    echo "Usage: make_certs.sh <namespace> <streamid>"
    exit 1
fi

namespace=$1
streamid=$2

rm -rf certs
mkdir certs

echo Creating root ca and key
openssl req -new -x509 -out "certs/ca" -newkey rsa:4096 -keyout "certs/key" -nodes -subj /O=kxi-rt -days 60 && [ -s ca -a -s key ]

echo Creating server cert and key
mkdir certs/server
openssl req -new -x509 -out "certs/server/server.tmp.pem" -newkey rsa:4096 -keyout "certs/server/key" -nodes -subj /O=kxi-rt
openssl req -new -key "certs/server/key" -nodes -out "certs/server/server.csr" -subj "/CN=$streamid"
openssl x509 -req -in "certs/server/server.csr" -out "certs/server/cert" -CA "certs/ca" -CAkey "certs/key" -CAcreateserial -days 10
cp "certs/ca" "certs/server/ca"
rm certs/server/server*

echo Creating client cert and key
mkdir certs/client
openssl req -new -x509 -out "certs/client/client.tmp.pem" -newkey rsa:4096 -keyout "certs/client/key" -nodes -subj /O=kxi-rt
openssl req -new -key "certs/client/key" -nodes -out "certs/client/client.csr" -subj "/CN=$streamid"
openssl x509 -req -in "certs/client/client.csr" -out "certs/client/cert" -CA "certs/ca" -CAkey "certs/key" -CAcreateserial -days 10
cp "certs/ca" "certs/client/ca"
rm certs/client/client*

	
kubectl create secret generic "${streamid}-certs--secret" --from-file=certs/server -n "${namespace}"