#!/bin/sh
##
##  gencert.sh -- Create self-signed test certificate
##  Christian Zoffoli <czoffoli@linux-mandrake.com> 
##  Version 0.2 - 20010501
##
##


### external tools
openssl="/usr/bin/openssl"

### some optional terminal sequences
case $TERM in
    xterm|xterm*|vt220|vt220*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
        ;;
    vt100|vt100*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
        ;;
    default)
        T_MD=''
        T_ME=''
        ;;
esac

#   find some random files
#   (do not use /dev/random here, because this device 
#   doesn't work as expected on all platforms)
randfiles=''
for file in /var/log/messages /var/adm/messages \
            /kernel /vmunix /vmlinuz \
            /etc/hosts /etc/resolv.conf; do
    if [ -f $file ]; then
        if [ ".$randfiles" = . ]; then
            randfiles="$file"
        else
            randfiles="${randfiles}:$file"
        fi
    fi
done


echo ""
echo "${T_MD}"
echo "----------------------------------------------------------------------"
echo "Create self-signed test certificate"
echo ""
echo "Christian Zoffoli <czoffoli@linux-mandrake.com> "
echo "Version 0.2 - 20010501"
echo ""
echo ""
echo "______________________________________________________________________${T_ME}"
echo ""
echo ""


if [ ! -e ./ldap.pem ];then 
	echo "Will create ldap.pem in `pwd`"
else
	echo "ldap.pem already exist, dying"
	exit
fi


mkdir -p /tmp/tmpssl-$$
pushd /tmp/tmpssl-$$ > /dev/null

echo ""
echo ""
echo "${T_MD}Generating Certificate "
echo "______________________________________________________________________${T_ME}"
echo ""


COMMONNAME=`hostname`

if [ ! -n "$COMMONNAME" ]
		then
		COMMONNAME="www.openldap.org"
fi
#. /etc/sysconfig/i18n
if [ -n "$COUNTRY" ]
		then
		COUNTRY=`echo $LANG | sed -e "s/.*_//;s/@.*//;s/\..*//;s/_.*//" |tr a-z A-Z`
else
	COUNTRY="US"	
fi

cat >.cfg <<EOT
[ req ]
default_bits                    = 1024
distinguished_name              = req_DN
RANDFILE                        = ca.rnd
[ req_DN ]
countryName                     = "1. Country Name             (2 letter code)"
countryName_default             = "$COUNTRY"
countryName_min			= 2
countryName_max			= 2
stateOrProvinceName		= "2. State or Province Name   (full name)    "
stateOrProvinceName_default	= ""
localityName                    = "3. Locality Name            (eg, city)     "
localityName_default		= ""
0.organizationName		= "4. Organization Name        (eg, company)  "
0.organizationName_default	= "LDAP Server"
organizationalUnitName		= "5. Organizational Unit Name (eg, section)  "
organizationalUnitName_default	= "For testing purposes only"
commonName			= "6. Common Name              (eg, CA name)  "
commonName_max			= 64
commonName_default		= "$COMMONNAME"
emailAddress			= "7. Email Address            (eg, name@FQDN)"
emailAddress_max		= 40
emailAddress_default		= ""
EOT

$openssl req -config .cfg -new  -rand $randfiles -x509 -nodes -out ldap.pem -keyout ldap.pem -days 999999  

if [ $? -ne 0 ]; then
       	echo "cca:Error: Failed to generate certificate " 1>&2
	exit 1
fi


popd >/dev/null


rm -f /tmp/tmpssl-$$/*.csr
rm -f /tmp/tmpssl-$$/ca.*
chmod 400 /tmp/tmpssl-$$/*

echo "Certificate creation done!"
cp /tmp/tmpssl-$$/ldap.* .
chown ldap:ldap ldap.*

rm -rf /tmp/tmpssl-$$