#!/bin/sh
set -e

certs_dir="$(cd "${0%/*}" 2>/dev/null; echo "${PWD}")/certs"
cd "${certs_dir}"
mkdir -p "${certs_dir}/out"

if [ ! -e "${certs_dir}/out/ca-cert.pem" ]; then
  ./certs self-signed \
    --out-cert out/ca-cert.pem --out-key out/ca-key.pem \
    --template root-ca \
    --subject "/CN=CouchDB Root CA"
fi

if [ ! -e "${certs_dir}/out/cert.pem" ]; then
  ./certs create-cert \
    --issuer-cert out/ca-cert.pem --issuer-key out/ca-key.pem \
    --out-cert out/cert.pem --out-key out/key.pem \
    --template server \
    --subject "/CN=127.0.0.1"
fi

if [ ! -e "${certs_dir}/out/couch_dist.conf" ]; then
  cat <<EOF >"${certs_dir}/out/couch_dist.conf"
[
  {server, [
    {cacertfile, "$(pwd)/out/ca-cert.pem"},
    {certfile,   "$(pwd)/out/cert.pem"},
    {keyfile,    "$(pwd)/out/key.pem"},
    {secure_renegotiate, true},
    {verify, verify_peer},
    {fail_if_no_peer_cert, true}
  ]},
  {client, [
    {cacertfile, "$(pwd)/out/ca-cert.pem"},
    {certfile,   "$(pwd)/out/cert.pem"},
    {keyfile,    "$(pwd)/out/key.pem"},
    {secure_renegotiate, true},
    {verify, verify_peer}
  ]}
].
EOF
fi
