#!/bin/bash -ex
rm -rf demoTS
export OPENSSL_CONF=$(realpath openssl-demoTS.cnf)
mkdir -p demoTS/newcerts
mkdir -p demoTS/private
touch demoTS/index.txt
echo "01" > demoTS/serial
openssl genrsa -out demoTS/private/cakey.pem 1024
openssl req -new -x509 -key demoTS/private/cakey.pem -out demoTS/cacert.pem -batch
openssl genrsa -out demoTS/tsakey.pem 1024
openssl req -new -key demoTS/tsakey.pem -out demoTS/tsacert.req -subj /CN=TSA-test -batch
openssl ca -in demoTS/tsacert.req -out demoTS/tsacert.pem -batch
openssl ts -query -data ../README -out tsq -cert -sha224;
openssl ts -reply -queryfile tsq -out tsr -signer demoTS/tsacert.pem -rmd sha512 -inkey demoTS/tsakey.pem
openssl ts -verify -data ../README -in tsr -CApath demoTS/ -CAfile demoTS/cacert.pem