#!/bin/sh

[ $(id -u) -ne 0 ] && exit 0

export EASY_RSA="/etc/tcos/ssl"
export OPENSSL="openssl"

export KEY_CONFIG="/etc/tcos/ssl/openssl.cnf"

export KEY_DIR="/etc/tcos/ssl"

export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
export KEY_SIZE="1024"
export CA_EXPIRE="3650"
export KEY_EXPIRE="3650"
export KEY_COUNTRY="ES"
export KEY_PROVINCE="TCOS"
export KEY_CITY="TCOS"
export KEY_ORG="TCOS"
export KEY_EMAIL="tcos@tcosproject.org"
export KEY_OU="TCOS"
export KEY_CN="TCOS"

[ ! -e ${KEY_DIR}/tcos_dh${KEY_SIZE}.pem ] && $OPENSSL dhparam -out ${KEY_DIR}/tcos_dh${KEY_SIZE}.pem ${KEY_SIZE}

[ ! -e ${KEY_DIR}/tcos_ca.crt ] && $OPENSSL req -batch -days $KEY_EXPIRE -nodes -new -newkey rsa:${KEY_SIZE} -sha1 -x509 -keyout ${KEY_DIR}/tcos_ca.key -out ${KEY_DIR}/tcos_ca.crt -config $KEY_CONFIG

[ ! -e ${KEY_DIR}/tcos_server.pem ] && cat ${KEY_DIR}/tcos_ca.crt ${KEY_DIR}/tcos_ca.key > ${KEY_DIR}/tcos_server.pem


if [ -d ${KEY_DIR} ]; then 
   chmod -f 640 ${KEY_DIR}/* 2>/dev/null
   chown -f root:tcos ${KEY_DIR}/* 2>/dev/null
fi