#! /bin/bash
# Copyright (C) 2008, 2009 Red Hat, Inc.  All rights reserved.
#
# This copyrighted material is made available to anyone wishing to use, modify,
# copy, or redistribute it subject to the terms and conditions of the GNU
# General Public License v.2.  This program is distributed in the hope that it
# will be useful, but WITHOUT ANY WARRANTY expressed or implied, including the
# implied warranties of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
# See the GNU General Public License for more details.  You should have
# received a copy of the GNU General Public License along with this program; if
# not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth
# Floor, Boston, MA 02110-1301, USA.  Any Red Hat trademarks that are
# incorporated in the source code or documentation are not subject to the GNU
# General Public License and may only be used or replicated with the express
# permission of Red Hat, Inc.
#
# Red Hat Author: Miloslav Trmac <mitr@redhat.com>

mkdir -p ~/.sigul
cd ~/.sigul
if [ ! -f cert8.db ]; then
    echo ----------------------------------------
    echo 'Creating a NSS database.'
    echo ' Choose a NSS database password, which will be necessary to use the '
    echo ' sigul client.'
    echo ----------------------------------------
    certutil -d . -N
fi

echo ----------------------------------------
echo 'Importing CA certificate'
echo ----------------------------------------
certutil -d . -A -n fedora-ca -t TC,, -a < ~/.fedora-server-ca.cert

echo ----------------------------------------
echo 'Importing user certificate.'
echo ' Choose an "export password".  You will only need to remember it until'
echo ' this script finishes.'
echo ----------------------------------------
openssl pkcs12 -export -out client.pem -in ~/.fedora.cert \
    -name sigul-client-cert
pk12util -d . -i client.pem
shred -u client.pem

if [ -f client.conf ]; then
    echo ----------------------------------------
    echo '~/.sigul/client.conf exists, not replacing it.'
    echo 'Edit [nss] nss-password if necessary.'
    echo ----------------------------------------
else
    echo ----------------------------------------
    echo -n 'Enter the NSS database password again: '
    stty -echo
    read -r nss_pw
    stty echo
    echo
    echo ----------------------------------------
    cat > client.conf <<EOF
[nss]
nss-password: $nss_pw
EOF
fi

echo 'Done.'
