#!/bin/bash
openssl genrsa -out dssm-ca.key 4096
openssl req -x509 -new -nodes -sha384 \
    -key dssm-ca.key -days 365 \
    -subj '/O=Redis Test/CN=Certificate Authority' \
    -out dssm-ca.crt
openssl genrsa -out dssm-key.key 4096
openssl req -new -sha384 -key dssm-key.key \
    -subj '/O=Redis Test/CN=Server' | \
    openssl x509 -req -sha384 -CA dssm-ca.crt \
        -CAkey dssm-ca.key -CAserial dssm-ca.txt \
        -CAcreateserial  -days 365 \
        -out dssm-cert.crt
openssl dhparam -out dhparam2048.pem 2048
openssl base64 -A -in dssm-ca.crt -out dssm-ca-encode.crt
openssl base64 -A -in dssm-cert.crt -out dssm-cert-encode.crt
openssl base64 -A -in dhparam2048.pem -out dhparam2048-encode.pem
openssl base64 -A -in dssm-key.key -out dssm-key-encode.key
echo "apiVersion: v1" > certs-secret.yaml
echo "kind: Secret" >> certs-secret.yaml
echo "metadata:" >> certs-secret.yaml
echo " name: dssm-certs-secret" >> certs-secret.yaml
echo "data:" >> certs-secret.yaml
echo " dssm-ca.crt: `cat dssm-ca-encode.crt`"  >> certs-secret.yaml
echo " dssm-cert.crt: `cat dssm-cert-encode.crt`" >> certs-secret.yaml
echo " dhparam2048.pem: `cat dhparam2048-encode.pem`" >> certs-secret.yaml
echo "apiVersion: v1" > keys-secret.yaml
echo "kind: Secret" >> keys-secret.yaml
echo "metadata:" >> keys-secret.yaml
echo " name: dssm-keys-secret" >> keys-secret.yaml
echo "data:" >> keys-secret.yaml
echo " dssm-key.key: `cat dssm-key-encode.key`" >> keys-secret.yaml