('A｀)

#!/bin/sh
#

DIR=/usr/local/etc/ssl
CADIR=$DIR/demoCA
CACONFIG="-config $DIR/openssl.cnf"
CONFIG="server.cnf"
DAYS="-days 3650"

for i
do
case $i in
-\?|-h|-help)
	echo "usage: CA -newca|-newcrt" >&2
	exit 0
	;;
-newca)
	mkdir -p $DIR
	cp /etc/ssl/openssl.cnf $DIR/openssl.cnf.in
	sed -e 's/365/3650/' \
		-e 's/1024/2048/' \
		-e 's/AU/JP/' \
		-e 's/policy		= policy_match/policy		= policy_anything/' \
		-e 's/stateOrProvinceName_default/#stateOrProvinceName_default/' \
		-e 's/Internet Widgits Pty Ltd/Cocelo Style/' \
		-e 's/#organizationalUnitName_default	=/organizationalUnitName_default	= Private CA/' \
		-e 's/nsComment/# nsComment/' \
		$DIR/openssl.cnf.in > $DIR/openssl.cnf
	rm $DIR/openssl.cnf.in

	mkdir $CADIR
	mkdir $CADIR/certs
	mkdir $CADIR/crl
	mkdir $CADIR/newcerts
	mkdir $CADIR/private
	chmod 700 $CADIR/private
	echo "01" > $CADIR/serial
	touch $CADIR/index.txt

	openssl req -new -x509 -batch \
		$CACONFIG \
		-newkey rsa \
		$DAYS \
		-keyout $CADIR/private/cakey.pem \
		-out $CADIR/cacert.pem
	chmod 600 $CADIR/private/cakey.pem
	openssl ca $CACONFIG -gencrl -out $CADIR/cacrl.pem
	ln -s $CADIR/cacert.pem $CADIR/newcerts/`openssl x509 -noout -hash < $CADIR/cacert.pem`.0
	ln -s $CADIR/cacrl.pem $CADIR/crl/`openssl crl -noout -hash < $CADIR/cacrl.pem`.r0
	openssl x509 -text -noout -in $CADIR/cacert.pem
	RET=$?
	;;
-newcrt)
	dd if=/dev/urandom of=/tmp/ssl.rand count=1
	openssl req -new -newkey -nodes -sha1 \
		-config $DIR/$2/$CONFIG \
		-keyform PEM \
		-keyout $DIR/$2/server.key \
		-outform PEM \
		-out $DIR/$2/server.csr
	openssl rsa -in $DIR/$2/server.key \
		-out $DIR/$2/server.key
	chmod 600 $DIR/$2/server.key
	openssl gendh -rand /tmp/ssl.rand 512 > $DIR/$2/server.dh
	chmod 600 $DIR/$2/server.dh
	rm -f /tmp/ssl.rand
	openssl ca $CACONFIG \
		-in $DIR/$2/server.csr \
		-out $DIR/$2/server.crt
	openssl x509 -text -noout -in $DIR/$2/server.crt
	RET=$?
	;;
*)
	echo "Unknown arg $i";
	exit 1
	;;
esac
done
exit $RET