#!/usr/bin/env bash
# install cfssl

set -e

usernames=$(cat contestants.csv | cut "-d;" -f1)

mkdir -p certs
cd certs

cat <<EOF > ca.json
{
  "CN": "SOI Contest Root CA",
  "key": {
    "algo": "rsa",
    "size": 2048
  }
}

EOF

if [ ! -f ca.pem ]; then
  cfssl gencert -initca ca.json | cfssljson -bare ca
fi

cat <<EOF >client-config.json
{
  "signing": {
    "default": {
      "expiry": "438000h"
    },
    "profiles": {
      "client": {
        "usages": ["signing", "key encipherment", "digital signature", "client auth"],
        "expiry": "438000h"
      }
    }
  }
}

EOF

for username in $usernames; do

cat <<EOF >client-csr-$username.json
{
  "CN": "$username",
  "key": {
    "algo": "rsa",
    "size": 2048
  }
}

EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=client-config.json -profile=client client-csr-$username.json | cfssljson --bare $username-cert

openssl pkcs12 -export -in $username-cert.pem -inkey $username-cert-key.pem -out $username.p12 -passout pass:

done