#!/bin/bash

outdir="${1:-./out}"

genca() {
    local name="$1"

    echo "Generating $name ..."
    openssl req -nodes -new -x509 \
        -keyout "${name}_key.pem" \
        -out "${name}_cert.pem" \
        -addext basicConstraints=CA:TRUE \
        -days 1825 -config CA.cnf
}

gencert() {
    local ca="$1"
    local i="$2"

    openssl req -sha256 -nodes -newkey rsa:2048 \
        -keyout "peer${ca}_${i}_key.pem" \
        -out "peer${i}.csr" -config "peer${i}.cnf"
    openssl x509 -req -days 398 -in "peer${i}.csr" \
        -CA "${ca}_cert.pem" \
        -CAkey "${ca}_key.pem" \
        -CAcreateserial -out "peer${ca}_${i}_cert.pem" \
        -extensions req_ext \
        -extfile "peer${i}.cnf"
    rm "peer${i}.csr"
}

genca CA1
genca CA2
gencert CA1 1
gencert CA1 2
gencert CA2 1
gencert CA2 2