#!/bin/bash

generate() {
    # read in certificate and alter the last part of the signature
    num_lines=$(wc -l < $cert)
    i=1

    rm -f $pem_out
    touch $pem_out
    while IFS= read -r line
    do
        if [[ $((i+1)) -eq ${num_lines} ]]; then
            # last line before END tag. Alter the sig here
            idx=`expr ${#line} - 4`
            chr=${line:idx:1}
            if [ "$chr" == "x" ] || [ "$chr" == "X" ]; then
                echo "${line:0:${idx}}a${line:$((idx+1)):$((idx+4))}" >> $pem_out
            else
                echo "${line:0:${idx}}x${line:$((idx+1)):$((idx+4))}" >> $pem_out
            fi
        else
            echo "$line" >> $pem_out
        fi
    let i++
    done < "$cert"

    # output to DER format also
    openssl x509 -in $pem_out -out $der_out -outform DER
}

# create server RSA certificate with bad signature
cert="../server-cert.pem"
pem_out=server-cert-rsa-badsig.pem
der_out=server-cert-rsa-badsig.der
generate

# create server ECC certificate with bad signature
cert="../server-ecc.pem"
pem_out=server-cert-ecc-badsig.pem
der_out=server-cert-ecc-badsig.der
generate