#!/bin/sh
#
##  jgencert -- modified server cert generator (mod_ssl) modified
##  v1.1.3
##  Copyright (c) 1998-1999 Gomez Henri <nri@mail.dotcom.fr>
##  Part of Copyright (c) 1998-1999 Ralf S. Engelschall, All Rights Reserved.
##
##  Its based on one external program:
##
##     openssl ... get it from http://www.openssl.org
## or  ssleay  ... get it from ftp://ftp.psy.uq.oz.au/pub/Crypto/SSL/
##

#   parameters

if [ -x /usr/bin/openssl ]; then
        sslcmd="openssl"
else
        if [ -x /usr/bin/ssleay ]; then
                sslcmd="ssleay"
        else
                echo "missing openssl/ssleay..."
                exit 1
        fi;
fi;

# if openssl pkcs12 exist, it's at least openssl 0.9.3
# and sus no need for pkcs12 or ca-fix

$sslcmd pkcs12 -h >/dev/null 2>&1

if [ $? -eq 0 ]; then
 pkcs12="pkcs12"
 cafix="ca-fix"
else
  pkcs12="$sslcmd pkcs12"
  cafix=""
fi


sslcrtdir="/etc/jonama/conf/ssl.crt"
sslcsrdir="/etc/jonama/conf/ssl.csr"
sslkeydir="/etc/jonama/conf/ssl.key"
jmcacfg="/etc/jonama/conf/.jmca.cfg"
jmcaserial="/etc/jonama/conf/.jmca.serial"
jmcarand="/etc/jonama/conf/.rnd"

#   some optional terminal sequences
case $TERM in
    xterm|xterm*|vt220|vt220*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c", 27, 91, 49, 109); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c", 27, 91, 109); }'`
        ;;
    vt100|vt100*)
        T_MD=`echo dummy | awk '{ printf("%c%c%c%c%c%c", 27, 91, 49, 109, 0, 0); }'`
        T_ME=`echo dummy | awk '{ printf("%c%c%c%c%c", 27, 91, 109, 0, 0); }'`
        ;;
    default)
        T_MD=''
        T_ME=''
        ;;
esac

echo ""
echo "${T_MD}Generating Server Private Key${T_ME}"
echo "______________________________________________________________________"
echo ""

cat /var/log/* | $sslcmd md5 > $jmcarand

cat >$jmcacfg <<EOT
[ req ]
default_bits                    = 1024
distinguished_name              = req_DN
[ req_DN ]
countryName                     = "1. Country Name             (2 letter code)"
countryName_default             = XY
countryName_min                 = 2
countryName_max                 = 2
stateOrProvinceName             = "2. State or Province Name   (full name)    "
stateOrProvinceName_default     = Snake Desert
localityName                    = "3. Locality Name            (eg, city)     "
localityName_default            = Snake Town
0.organizationName              = "4. Organization Name        (eg, company)  "
0.organizationName_default      = Snake Oil, Ltd
organizationalUnitName          = "5. Organizational Unit Name (eg, section)  "
organizationalUnitName_default  = Webserver Team
commonName                      = "6. Common Name              (eg, FQDN)     "
commonName_max                  = 64
commonName_default              = www.snakeoil.dom
emailAddress                    = "7. Email Address            (eg, name@FQDN)"
emailAddress_max                = 40
emailAddress_default            = www@snakeoil.dom
EOT

$sslcmd genrsa -des3 -rand $jmcarand -out $sslkeydir/server.key 1024 
#$sslcmd rsa -noout -text -in $sslkeydir/server.key 
$sslcmd rsa -in $sslkeydir/server.key -out $sslkeydir/server.key.nopath

echo ""
echo "${T_MD}Generating Server Certificate Signing Request${T_ME}"
echo "______________________________________________________________________"
echo ""

$sslcmd req -config $jmcacfg -new -days 365 -key $sslkeydir/server.key -out $sslcsrdir/server.csr 
#$sslcmd req -noout -text -in $sslcsrdir/server.csr 

echo ""
echo "${T_MD}Generating X.509 Server Certificate signed by ${T_ME}"
echo "______________________________________________________________________"
echo ""

extfile=""
if [ ".$cafix" = . ]; then
	rm -f $jmcacfg
        extfile="-extfile $jmcacfg"
        cat >$jmcacfg <<EOT
extensions = x509v3
[ x509v3 ]
subjectAltName   = email:copy
nsCertType       = server
EOT
fi

$sslcmd x509 $extfile \
             -days 365 \
             -CAserial $jmcaserial \
             -CA       $sslcrtdir/ca.crt \
             -CAkey    $sslkeydir/ca.key \
             -in       $sslcsrdir/server.csr -req \
             -out      $sslcrtdir/server.crt

$sslcmd x509 -noout -text -in $sslcrtdir/server.crt 
rm -f $jmcacfg

echo ""
echo "${T_MD}Done${T_ME}"
echo "______________________________________________________________________"
echo ""