#!/bin/sh

RCSID='$Id: mycert,v 1.1 2002-12-26 01:06:31 jonas Exp $'

# Script for enabling user certificates authorized by CA.
# The user is given a certificate + key and need to merge them into a
# pkcs12 file (understood by Netscape and others) and add a password.
#
# Originally found here:
# http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml
# adapted to non-YP environment and strings replacable from /etc.
#
# -- Jonas Smedegaard <dr@jones.dk>

help="hostmaster@`cat /etc/mailname 2> /dev/null || hostname -d`" # Email address of technical staff
cadir="/etc/ssl/certs"
caname=`hostname -d` # Abbrev. of organisation

if [ -f /etc/local/mycert.conf ]; then
	. /etc/local/mycert.conf
fi

if [ ! -f newcert.pem ]; then
   echo "No newcert.pem file found in the current directory."
   exit 0
fi
if [ ! -f newreq.pem ]; then
   echo "No newreq.pem file found in the current directory."
   exit 0
fi

uname=`/usr/bin/id | /usr/bin/awk '{print $1}' | /bin/sed -e 's,^.*(,,' -e 's,).*,,'`
if [ "x$uname" = "x" ]; then
   echo "ERROR: unable to determine username."
   echo "       Please email $help for help"
   exit 0
fi

name=`getent passwd $uname | awk -F : '{print $5}'`
if [ "x$name" = "x" ]; then
   echo "ERROR: unable to determine full name from password map."
   echo "       Please email $help for help"
   exit 0
fi

/usr/local/bin/openssl pkcs12 -export -in newcert.pem -inkey newreq.pem \
	-certfile $cadir/cacert.pem \
	-name "$name [$caname]" -out newcert.p12 -nodes