echo off

echo Usage create_self_signed_certificate.bat 'location_root' 'unique_name' 'subj'
echo where subj has the form: "/C=%COUNTRY%/L=%LOCATION%/ST=%STATE%/O=%ORGANIZATION%/OU=%ORGANIZATION_UNIT%/CN=%TO%"

SET BATCH_DIR=%~dp0
SET OPENSSL_EXE_DIR=%BATCH_DIR%..\..\..\Tools\OpenSSL_3.0\Bin\

if %1.==. GOTO NO_PATH_CREATE_SELF_SIGNED_CERTIFICATE
if %2.==. GOTO NO_NAME_CREATE_SELF_SIGNED_CERTIFICATE
if %3.==. GOTO NO_SUBJ_CREATE_SELF_SIGNED_CERTIFICATE

set LOCATION=%~1
set NAME=%2
set SUBJ=%3
set REQDAYS=%4
echo Subject: %3

set CA_PRIVATE_KEY_LOCATION=%LOCATION%\ca_private_key.der
set CA_CERTIFICATE_LOCATION=%LOCATION%\ca_cert.der
set PRIVATE_KEY_LOCATION=%LOCATION%\private\private_key_%NAME%.pem
set REQUEST_LOCATION=%LOCATION%\request\req_%NAME%.csr
set CERTIFICATE_LOCATION=%LOCATION%\certs\cert_%NAME%.der
set TEMP_CERTIFICATE_LOCATION=%LOCATION%\certs\cert_%NAME%.pem

echo Root dir: %LOCATION%
echo Name: %NAME%
echo CA private key location: %CA_PRIVATE_KEY_LOCATION%
echo CA certificate location: %CA_CERTIFICATE_LOCATION%
echo Subject: %SUBJ%
echo ReqDays: %REQDAYS%
echo Creating CA root certificate

echo Step 1	: Initialize location

md "%LOCATION%"
md "%LOCATION%\private"
md "%LOCATION%\certs"
md "%LOCATION%\crl"
md "%LOCATION%\request"

echo Step 2	: Creating private key
"%OPENSSL_EXE_DIR%openssl" genrsa -des3 -out "%PRIVATE_KEY_LOCATION%"  -passout pass:pass 2048 

echo Step 3	: Creating certificate request
"%OPENSSL_EXE_DIR%openssl" req -config "%BATCH_DIR%openssl.cnf" -new -days %REQDAYS% -key "%PRIVATE_KEY_LOCATION%" -outform PEM -out "%REQUEST_LOCATION%"  -passin pass:pass -subj %SUBJ% -reqexts v3_req_self_signed
rem sub ===> /C=%COUNTRY%/L=%LOCATION%/ST=%STATE%/O=%ORGANIZATION%/OU=%ORGANIZATION_UNIT%/CN=%TO%

echo Step 4	: Creating self signed cert
REM openssl x509 -req -days 365 -in %REQUEST_LOCATION% -signkey %PRIVATE_KEY_LOCATION% -outform DER -out %CERTIFICATE_LOCATION%
"%OPENSSL_EXE_DIR%openssl" ca -config "%BATCH_DIR%openssl.cnf" -batch -selfsign -keyfile "%PRIVATE_KEY_LOCATION%"  -in "%REQUEST_LOCATION%" -out "%TEMP_CERTIFICATE_LOCATION%"  -subj %SUBJ% -passin pass:pass 

REM 	Convert PEM certificate to DER format
"%OPENSSL_EXE_DIR%openssl" x509 -inform PEM -in "%TEMP_CERTIFICATE_LOCATION%" -outform DER -out "%CERTIFICATE_LOCATION%"

GOTO END_CREATE_SELF_SIGNED_CERTIFICATE

:NO_PATH_CREATE_SELF_SIGNED_CERTIFICATE
echo No path has been specified
GOTO END_CREATE_SELF_SIGNED_CERTIFICATE

:NO_NAME_CREATE_SELF_SIGNED_CERTIFICATE
echo No name has been specified
GOTO END_CREATE_SELF_SIGNED_CERTIFICATE

:NO_SUBJ_CREATE_SELF_SIGNED_CERTIFICATE
echo No subject has been specified
GOTO END_CREATE_SELF_SIGNED_CERTIFICATE

:END_CREATE_SELF_SIGNED_CERTIFICATE