#!/bin/bash
#
# Univention SSL
#  openssl wrapper
#
# Copyright 2004-2014 Univention GmbH
#
# http://www.univention.de/
#
# All rights reserved.
#
# The source code of this program is made available
# under the terms of the GNU Affero General Public License version 3
# (GNU AGPL V3) as published by the Free Software Foundation.
#
# Binary versions of this program provided by Univention to you as
# well as other copyrighted, protected or trademarked materials like
# Logos, graphics, fonts, specific documentations and configurations,
# cryptographic keys etc. are subject to a license agreement between
# you and Univention and not subject to the GNU AGPL V3.
#
# In the case you use this program under the terms of the GNU AGPL V3,
# the program is provided in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public
# License with the Debian GNU/Linux or Univention distribution in file
# /usr/share/common-licenses/AGPL-3; if not, see
# <http://www.gnu.org/licenses/>.
set -o errexit

usage ()
{
	if [ -n "$1" ]; then
		echo ""
		echo "$1"
		echo ""
	fi

	echo ""
	echo "Usage: univention-certificate command [options] "
	echo ""
	echo "Commands:"
	echo "        new"
	echo "        revoke"
	echo "        renew"
	echo "        check"
	echo "        dump"
	echo "        list"
	echo ""
	echo "Options:"
	echo "        -name <name>"
	echo "        -days <days>"
	echo ""

	exit 2
}

command="$1"
shift

if [ "$command" != "new" -a "$command" != "revoke" -a "$command" != "renew" -a "$command" != "check" -a "$command" != "list" -a "$command" != "dump" ]; then
	if [ -n "$command" ]; then
		usage "unknown command: $command" >&2
	else
		usage >&2
	fi
fi

while [ $# -gt 0 ]; do
	case "$1" in
	"-path")
		path="$2"
		shift 2 || usage "Missing argument to -path" >&2
		;;
	"-name")
		name="$2"
		shift 2 || usage "Missing argument to -name" >&2
		;;
	"-days")
		days="$2" || usage "Missing argument to -days" >&2
		shift 2
		;;
	*)
		usage "unknown option $1" >&2
		;;
	esac
done

if [ "$command" != "list" -a -z "$name" ]; then
	usage "missing -name" >&2
fi

cd /etc/univention/ssl

. /usr/share/univention-ssl/make-certificates.sh

case "$command" in
	"new")
		echo "Creating certificate: $name"
		gencert "/etc/univention/ssl/$name" "$name"
		if getent group "DC Backup Hosts" 2>&1 >/dev/null
		then
			chgrp -R "DC Backup Hosts" "/etc/univention/ssl/$name"
			chmod -R g+rX "/etc/univention/ssl/$name"
		fi
		;;
	"revoke")
		echo "Revoke certificate: $name"
		revoke_cert "$name"
		;;
	"renew")
		if [ -z "$days" ]; then
			usage "missing -days" >&2
		fi
		echo "Renew certificate: $name"
		renew_cert "$name" "$days"
		;;
	"check")
		echo -n "Certificate \"$name\" is "
		if has_valid_cert "$name"
		then
			echo "valid"
			exit 0
		else
			echo "invalid"
			exit 1
		fi
		;;
	"list")
		echo "List all certificates"
		list_cert_names
		;;
	"dump")
		echo "Dump certificate: $name"
		openssl x509 -in "/etc/univention/ssl/$name/cert.pem" -noout -text
		;;
esac
