#!/bin/sh -e

USER="$1"
if test -z "$USER"; then
	echo Usage: domtool-addcert USERNAME
	exit 1
fi   

  KEYDIR=/afs/hcoop.net/common/etc/domtool/keys/$1
 KEYFILE=$KEYDIR/key.pem
CERTFILE=/afs/hcoop.net/common/etc/domtool/certs/$1.pem
  NEWREQ=~/.newreq.pem
     NEW=~/.new.pem
   KEYIN=~/.keyin

mkdir -p $KEYDIR
openssl genrsa -out $KEYFILE
chown -R domtool.domtool $KEYDIR
fs sa $KEYDIR $USER read
echo "." >$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "." >>$KEYIN
echo "$USER" >>$KEYIN
echo "$USER@hcoop.net" >>$KEYIN
echo "" >>$KEYIN
echo "" >>$KEYIN
openssl req -new -key $KEYFILE -out $NEWREQ -days 365 <$KEYIN
rm $KEYIN
cat $NEWREQ $KEYFILE >$NEW
rm $NEWREQ
openssl ca -batch -config /etc/domtool/openssl.cnf -policy policy_anything -out $CERTFILE -infiles $NEW
rm $NEW
chown domtool.domtool $CERTFILE