#!/bin/sh

T=testcert
KEY=512
CA=hash/testCA.PEM

/bin/rm -f $T.1 $T.2 $T.key

echo "generating test certificate"
# can be generated by make_cert, but there may not be perl on the system
cat <<EOF >$T.1
X.509-Certificate begin
CertificteInfo begin
- 0F
AlgorithmIdentifier begin
= 1 2 840 113549 1 1 4
= NULL
AlgorithmIdentifier end
Name begin
= 2 5 4 6
= AU
= 2 5 4 8
= QLD
= 2 5 4 3
- SSLeay/rsa test cert
Name end
Validity begin
= 941202235444Z
= 961201235444Z
Validity end
Name begin
= 2 5 4 6
= AU
= 2 5 4 8
= QLD
= 2 5 4 3
- SSLeay/rsa test cert
Name end
SubjectPublicKeyInfo begin
AlgorithmIdentifier begin
= 1 2 840 113549 1 1 1
= NULL
AlgorithmIdentifier end
- 00
SubjectPublicKeyInfo end
CertificteInfo end
AlgorithmIdentifier begin
= 1 2 840 113549 1 1 4
= NULL
AlgorithmIdentifier end
- 00
X.509-Certificate end
EOF

echo "There should be a 2 sequences of .'s and some +'s."
echo "There should not be more that at mosr 80 per line"
echo "This could take some time."

# add the -enc flag to encrypt the key with CBC DES
./genrsa $KEY > $T.key
if [ $? != 0 ]; then exit 1; fi

# The next 2 commands could be done in one x509 command.

echo "Selfsigning the certificate"
./x509 -inform text -in $T.1 -signkey $T.key -out $T.2
if [ $? != 0 ]; then exit 1; fi

echo "Signing certificate with CA certificate"
./x509 -in $T.2 -CA $CA -out $T.PEM -CAcreateserial -subject -issuer
if [ $? != 0 ]; then exit 1; fi

cat $T.key >>$T.PEM

echo "verify the signature"
SSL_CERT_DIR=./hash
export SSL_CERT_DIR
./verify $T.PEM 
if [ $? != 0 ]; then exit 1; fi

/bin/rm -f $T.1 $T.2 $T.key

exit 0
