#!/bin/sh
#
#  Copyright (c) 02005 sense.lab <senselab@systemausfall.org>
#
#  License:  This script is distributed under the terms of version 2
#            of the GNU GPL. See the LICENSE file included with the package.
#
# $Id$
#
# this script creates the stunnel certificate for https
#
# parameter: "destination file"
#
# called by:
#	- cbox-manage.sh during network-up if no certificate was found on the config partition
#

set -eu

# parse config file
. /etc/cryptobox/cryptobox.conf


## vcert values are in openssl.conf
CERTFILE="$1"
TMP_FILE=/tmp/cryptobox-cert.tmp

[ ! -f "$OPENSSL_CONF_FILE" ] && echo "`basename $0`: $OPENSSL_CONF_FILE not found" && exit 2
# this command creates the certificate
# this is required, because the certbuilding asks for 5 returns
echo -ne "\n\n\n\n\n" | openssl req -new -x509 -nodes -days 3650 -config "$OPENSSL_CONF_FILE" -out "$CERTFILE" -keyout "$CERTFILE"
chmod 600 "$CERTFILE"

# next step needs a lot of randomdata
dd if=/dev/urandom of="$TMP_FILE" bs=1024 count=1024
openssl dhparam -rand "$TMP_FILE" 512 >> "$CERTFILE"
rm "$TMP_FILE"

#ln -sf ${CERTPATH}stunnel.pem ${CERTPATH}`openssl x509 -noout -hash < "${CERTPATH}stunnel.pem"`.0

## print out cert values
#openssl x509 -subject -dates -fingerprint -in stunnel.pem