#! /usr/bin/ksh
#
# Script to create CP keystore and truststore
#

# Print usage on stdout
usage() {
    echo "Usage: $0 -n <name> -p <passwd file> [-d <security dir>]"
    exit 1
}

# do a clean up of unecessary files
clean() {
  # Remove CP certificate request
  rm -f ${SECURITY_DIR}/certreq.${CP_NAME}

  # Remove exported certificate
  rm -f ${SECURITY_DIR}/cert.${CP_NAME}

  # Remove CA exported certificate
  rm -f ${SECURITY_DIR}/nss/ca.cert
}

# Print error and do a clean up before leaving with exit code 1
error() {
  print "ERROR: " $1
  cat ${TMP_OUT}
  clean
  exit 1
}

EXEC_DIR=`dirname $0`

CP_NAME="null"
CP_PASS_FILE="null"

while getopts n:p:d: c
do
    case $c in
      n) CP_NAME=$OPTARG;;
      p) CP_PASS_FILE=$OPTARG;;
      d) SECURITY_DIR=$OPTARG;;
    esac
done

. ${EXEC_DIR}/.env

# Sanity check
if [ ! -d ${SECURITY_DIR} ]
then
  echo "Error: security dir $SECURITY_DIR does not exist."
  exit 1
fi

[ $CP_NAME = "null" ] && usage;
[ $CP_PASS_FILE = "null" ] && usage;
[ ! -f ${CP_PASS_FILE} ] && { echo "Error: password does not exist" ; exit 1; }
CP_PRIV_ALIAS=${CP_NAME}
CP_KEYSTORE=${SECURITY_DIR}/keystore.${CP_NAME}

# Remove any previous installed files
rm -f ${CP_KEYSTORE}
rm -f ${SECURITY_DIR}/certreq.${CP_NAME}
rm -f ${SECURITY_DIR}/cert.${CP_NAME}

# Generate the CP private key and the self-signed certificate
cat ${CP_PASS_FILE} ${CP_PASS_FILE} | ${KEYTOOL} -genkey \
        -alias ${CP_PRIV_ALIAS} \
	-keyalg $ALGO \
	-keysize $KEYSIZE \
	-sigalg $SIGALGO \
        -keystore ${CP_KEYSTORE} \
	-storetype ${STORETYPE} \
        -dname "$DNAME" \
	-validity $VALIDITY > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "cannot generate $CP_NAME private key."

# Sign the CP certificate with the MFWK CA certificate
# Create the certificate signing request for the agent
cat ${CP_PASS_FILE} ${CP_PASS_FILE} | ${KEYTOOL} -certreq \
	-alias ${CP_PRIV_ALIAS} \
	-sigalg $SIGALGO \
	-file ${SECURITY_DIR}/certreq.${CP_NAME} \
	-keystore ${CP_KEYSTORE} > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "Error: cannot generate CP ($CP_NAME) certificate signing request."

# Sign the CP certificate with the CA 
${CERTUTIL} -C \
	    -i ${SECURITY_DIR}/certreq.${CP_NAME} \
	    -c mfwk_ca \
	    -v $VALIDITY \
	    -a \
	    -o ${SECURITY_DIR}/cert.${CP_NAME}  \
	    -d ${SECURITY_DIR}/nss \
	    -f ${AGENT_PASS_FILE} > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "cannot sign agent certificate with CA."

# export MFWK CA self-signed certificate to a file
${CERTUTIL} -L \
	    -n mfwk_ca \
	    -a \
	    -o ${SECURITY_DIR}/nss/ca.cert \
	    -d ${SECURITY_DIR}/nss \
	    -f ${AGENT_PASS_FILE} > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "cannot export CA self-signed certificate"	 

# Import CA certificate in the CP keystore
cat $CP_PASS_FILE $CP_PASS_FILE | ${KEYTOOL} -import \
	    -noprompt \
	    -alias mfwk_ca \
	    -file ${SECURITY_DIR}/nss/ca.cert \
	    -keystore ${CP_KEYSTORE} > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "cannot import CA self-signed certificate into CP ($CP_NAME) keystore"

# Import certificate reply
cat $CP_PASS_FILE $CP_PASS_FILE | ${KEYTOOL} -import \
	 -alias ${CP_PRIV_ALIAS} \
	 -file ${SECURITY_DIR}/cert.${CP_NAME} \
	 -keystore ${CP_KEYSTORE} > ${TMP_OUT} 2>&1

[ $? -ne 0 ] && error "cannot import agent certificate into agent's keystore"

clean
exit 0