#! /bin/sh
DEST=${DEST-/opt/xkms/openssl}
CONF=${DEST}/xkms.conf
REQCONF=${DEST}/req.conf
ME=`basename $0`

##  Basic sanity check
if [ ! -d ${DEST} ] ; then
    echo ${ME}: ${DEST} not found. 2>&1
    exit 1
fi
if [ ! -f ${CONF} ] ; then
    echo ${ME}: ${CONF} not found. 2>&1
    exit 1
fi

if [ "x$1" = "x--restart" ]  ; then
    echo ''
    echo '**'
    echo '**  REMOVING PREVIOUS CONFIGURATION'
    echo '**'
    find ${DEST}/. -type f -a ! -name xkms.conf | xargs rm
fi

echo ''
echo '**'
echo '**  CREATING DIRECTORY HIERARCHY'
echo '**'

##  Create home for each CA.
for D in ${DEST}/ssl ${DEST}/root-ca ${DEST}/level1-ca ${DEST}/xkms-ca ; do
    test -d ${D} || mkdir ${D} || exit 1
done

##  Create items within each CA.
##  See ${CONF} for what needs to be created.
for CA in root level1 xkms ; do
    D=${DEST}/${CA}-ca
    test -f ${D}/serial || echo '01' > ${D}/serial
    touch ${D}/index.txt
    test -d ${D}/certs || mkdir ${D}/certs
    test -d ${D}/crls || mkdir ${D}/crls
done


echo ''
echo '**'
echo '**  CREATING DEFAULT CERTIFICATE PARAMETERS'
echo '**'


echo -n 'Enter two-letter country code:  '
read CC

echo -n 'Enter organization name:  '
read O

sed -e "s/%CC%/$CC/" -e "s/%O%/$O/" << 'EOF' >${DEST}/req.conf
[ req ]
default_bits       = 1024
default_keyfile    = privkey.pem
distinguished_name = req_dn
string_mask        = nombstr  # legal charsets; this seems a portable value

[ req_dn ]
countryName              = Country Code
countryName_default      = %CC%
countryName_min          = 2
countryName_max          = 2
organizationName         = Organization Name
organizationName_default = %O%
organizationalUnitName   = Organizational Unit (eg, department)
commonName               = Common Name (i.e., name of person or server)
commonName_max           = 80
emailAddress             = Email Address
emailAddress_max         = 64
EOF

echo ''
echo '**'
echo '**  DONE'
echo '**'