#!/usr/bin/env bash
#
# Copyright (C) 2003 VA Linux Systems Japan, K.K.
#
# LICENSE NOTICE
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
#   notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
#   notice, this list of conditions and the following disclaimer in the
#   documentation and/or other materials provided with the distribution.
# 3. Neither the name of the company nor the names of its contributors
#   may be used to endorse or promote products derived from this software
#   without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.

# This product includes software developed by the OpenSSL Project
# for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
# This is just used to produce SSL certificate file.

# $Id: keyman,v 1.1 2004/10/10 16:08:16 taru Exp $

set -e

eval `ultrapossum-config init`
tmp=`tempfile`
trap "/bin/rm -f $tmp; eval `ultrapossum-config term`" 0

case "$1" in
  keygen)
    if test -f "$TLSCERTIFICATEKEYFILE"; then
      echo "$TLSCERTIFICATEKEYFILE already exist" 1>&2
      exit 0
    fi
    if test -f "$TLSCERTIFICATEFILE"; then
      echo "$TLSCERTIFICATEFILE already exist" 1>&2
      exit 0
    fi

    progress "Creating SSL certificate fie... "
    touch $TLSCERTIFICATEKEYFILE $TLSCERTIFICATEFILE
    chmod 640 $TLSCERTIFICATEKEYFILE
    ( echo "$CERTCOUNTRY";
      echo "$CERTSTATE";
      echo "$CERTLOCALITY";
      echo "$CERTORGANIZATION";
      echo "$CERTUNIT";
      echo "$CERTHOST";
      echo "$CERTEMAIL"; ) | \
        /usr/bin/openssl req -new -x509 -nodes \
        -days 365 -out $TLSCERTIFICATEFILE -keyout $TLSCERTIFICATEKEYFILE 2> $tmp || cat $tmp 1>&2
    progress "Creating SSL certificate fie... done"
    ;;
  remove)
    /bin/rm -f $TLSCERTIFICATEKEYFILE $TLSCERTIFICATEFILE
    ;;
  *)
    echo "Usage: $0 <keygen|remove>" 1>&2
    exit 1
    ;;
esac
