#!/bin/bash

#--------------------------------------
#Encryption Key Manipulation Functions
#(it is intended to be sourced by esg-node script
# that is where "checked_get" is defined)
#--------------------------------------

#uses: openssl

#In a nutshell...
# openssl pkcs8 -topk8 -nocrypt -in pcmdi3.llnl.gov.key -inform PEM -out key.der -outform DER
# openssl x509 -in pcmdi3.llnl.gov.cer -outform DER -out cert.der
# java -Dkeystore=keystore-tomcat ImportKey key.der cert.der tomcat
# keytool -list -v -keystore keystore-tomcat -storepass *****

#arg 1 -> directory for storing generated keys
generate_simpleCA_cert() {
    local gendir=${1:-/tmp/genkeystore}
    $GLOBUS_LOCATION/bin/grid-cert-request -host `hostname --fqdn` -dir ${gendir}
    [ $? != 0 ] && echo "oops" && exit 1
    $GLOBUS_LOCATION/bin/grid-ca-sign -in ${gendir}/hostcert_request.pem -out ${gendir}/hostsigned.pem
    [ $? != 0 ] && echo "ooops" && exit 1
    mv ${gendir}/hostsigned.pem ${gendir}/hostcert.pem
}

#arg 1 -> private key
#arg 2 -> public cert
generate_ssl_keypair() {
    echo "Generating private host key... "
    local private_key=${1:-"hostkey.pem"}
    openssl genrsa -out ${private_key} 1024
    [ $? == 0 ] && echo "[OK]" || (echo "[FAILED]" && return 1)
    chmod 400 ${private_key}

    echo "Generating Certificate Signing Request (csr)... "
    local public_cert_req=${2:-"hostcert.csr"}
    openssl req -new -nodes -key ${private_key} -out ${public_cert_req}
    [ $? == 0 ] && echo "[OK]" || (echo "[FAILED]" && return 2)

    echo "Generating temporary self-signed certificate... "
    openssl x509 -req -days 30 -in ${public_cert_req} -signkey ${private_key} -out ${public_cert_req%.*}.pem
    [ $? == 0 ] && echo "[OK]" || (echo "[FAILED]" && return 3)
    
    openssl x509 -noout -text -in ${public_cert_req%.*}.pem
}

#converts key pairs from PEM format to DER format
#(DER format is amenable to Java's keystore mechanism)
#arg 1 -> private key
#arg 2 -> public cert
convert_keys() {
    echo -n "Converting private key from PEM -> DER format... "
    local private_key=${1:-"hostkey.pem"}
    openssl pkcs8 -topk8 -nocrypt -in ${private_key} -inform PEM -out ${private_key%.*}.der -outform DER
    [ $? == 0 ] && echo "[OK]" || (echo "[FAILED]" && return 1)

    echo -n "Converting public cert from PEM -> DER format... "
    local public_cert=${2:-"hostcert.pem"}
    openssl x509 -in ${public_cert} -outform DER -out ${public_cert%.*}.der
    [ $? == 0 ] && echo "[OK]" || (echo "[FAILED]" && return 1)

    echo
    ls -l ${private_key%.*}.der ${public_cert%.*}.der
    echo
    return 0
}

#Creates a new keystore based on given keypair
#arg 1 -> private key
#arg 2 -> public cert
#arg 3 -> keystore name
#arg 4 -> alias
create_keystore() {
    local private_key=${1:-"hostkey.der"}
    local public_cert=${2:-"hostcert.der"}
    local keystore_name=${3:-"keystore-tomcat"}
    local key_alias=${4:-"tomcat"}
    wget -O ImportKey.class http://rainbow.llnl.gov/dist/utils/ImportKey.class
    [ $? != 0 ] && echo "Could not fetch keystore generator" && return 1
    CLASSPATH=. java -Dkeystore=${keystore_name} ImportKey ${private_key} ${public_cert} ${key_alias}
    [ $? != 0 ] && echo "Could not execute keystore generator" && return 1
    echo
    keytool -list -v -keystore ${keystore_name}
    return 0
}

show_keystore() {
    local keystore_name=${1:-"keystore-tomcat"}
    echo "keytool -list -v -keystore ${keystore_name}"
    keytool -list -v -keystore ${keystore_name}
    return 0
}