#! /bin/sh

export PATH=/var/tmp/openssl/openssl-SNAP-20070223/apps:$PATH
days=$(( 365 * 10 + 3 ))

umask 022

if [ $# -ne 2 ]; then
    echo "Usage: rsa|dsa|ecdsa bits" 2>&1; exit 1
fi

if [ ! -f myCA/cert.cnf ]; then
    rsync openssl.cnf myCA/cert.cnf.tmp
    echo "distinguished_name = cert_distinguished_name" >> myCA/cert.cnf.tmp
    mv myCA/cert.cnf.tmp myCA/cert.cnf
fi

DGST=$(. ./newkey.sh "myCA/${1}key.pem" "$@") || exit 1
cd myCA
openssl req -$DGST -config cert.cnf -new -key "${1}key.pem" -out "${1}req.pem"

openssl ca -batch \
	-config ca.cnf \
	-cert cacert.pem \
	-keyfile cakey.pem \
	-extensions usr_cert \
	-days 365 \
	-in "${1}req.pem" \
	-out "${1}cert.pem"

rm "${1}req.pem"