#!/bin/bash

set -e

if [ ! -e "openssl.conf" ]; then
  >&2 echo "The configuration file 'openssl.conf' doesn't exist in this directory"
  exit 1
fi

base_dir=$(cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd)
certs_dir="${base_dir}"/certs
ta_dir="${base_dir}"/trust-anchors
vomsdir="${base_dir}"/vomsdir

rm -rf "${certs_dir}"
mkdir -p "${certs_dir}"
rm -rf "${ta_dir}"
mkdir -p "${ta_dir}"
rm -rf "${vomsdir}"
mkdir -p "${vomsdir}"

[ -d "igi_test_ca2" ] && remove_ca.sh igi_test_ca2
export CA_NAME=igi_test_ca2
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca2 "${ta_dir}"

make_cert.sh untrusted_voms
cp igi_test_ca2/certs/untrusted_voms.* "${certs_dir}"

[ -d "igi_test_ca" ] && remove_ca.sh igi_test_ca
export CA_NAME=igi_test_ca
make_ca.sh
make_crl.sh
install_ca.sh igi_test_ca "${ta_dir}"

export X509_CERT_DIR="${ta_dir}"

make_cert.sh test0
cp igi_test_ca/certs/test0.* "${certs_dir}"

make_cert.sh star_test_example
cp igi_test_ca/certs/star_test_example.* "${certs_dir}"
mkdir -p "${vomsdir}"/test.vo
openssl x509 -in "${certs_dir}"/star_test_example.cert.pem -noout -subject -issuer -nameopt compat \
  | sed -e 's/subject=//' -e 's/issuer=//' > "${vomsdir}"/test.vo/voms.example.lsc

# test 1
echo | voms-proxy-init -cert "${certs_dir}"/test0.p12 --valid 10:0 --out "${certs_dir}"/0.pem --pwstdin
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/0.pem > "${certs_dir}"/0.key.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/0.pem > "${certs_dir}"/0.cert.pem

# test 3
cat "${certs_dir}"/test0.cert.pem "${ta_dir}"/igi_test_ca.pem > "${certs_dir}"/test0+ca.pem

# long-lived proxy certificate, with an expired AC
proxy_name=1
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem

# expired proxy certificate
proxy_name=2
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem

# valid proxy certificate with valid AC
proxy_name=3
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem

# proxy with VOMS generic attributes containing special characters
proxy_name=4
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem

# proxy with valid VOMS attributes, untrusted AC signature (LSC missing) and VOMS trust-anchor missing
proxy_name=5
voms-proxy-fake --debug -conf proxies.d/${proxy_name}.conf -out "${certs_dir}"/${proxy_name}.pem
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem

# proxy chain with 3 delegations, without VOMS attributes
proxy_name=6
env X509_USER_PROXY="${certs_dir}/3.pem" X509_CERT_DIR="${ta_dir}" voms-proxy-init2 --out "${certs_dir}"/${proxy_name}.pem -noregen -dont-verify-ac
awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.cert.pem
awk '/BEGIN RSA PRIVATE KEY/,/END RSA PRIVATE KEY/' "${certs_dir}"/${proxy_name}.pem > "${certs_dir}"/${proxy_name}.key.pem
chmod 600 "${certs_dir}"/${proxy_name}.key.pem