#! /bin/sh

# catch the kill signal (ctrl-c) and do cleanup
trap do_trap 1 2 3 6 9 13 15

if test "`echo -n \"testecho\"`" = "testecho"; then
    ECHOOPTION=" -n "
    ECHOTAIL=""
else
    ECHOOPTION=""
    ECHOTAIL='\c'
fi

recho() {

    echo $ECHOOPTION $@ $ECHOTAIL
}

############################################################
# grid-ca-setup: Set up the CA configuration
############################################################

############################################################
# make_template_ca_setup: untars the template of the ca
#                         setup package into a tmp directory
############################################################
make_template_ca_setup() {

    template_package_dir=${GLOBUS_LOCATION}/setup/globus/
    template_package_file=${template_package_dir}/globus_simple_ca_setup_template.tar.gz
    tmp_ca_setup_dir=${GLOBUS_SH_TMP-/tmp/}/${USER}_tmp_ca_setup
    ${GLOBUS_SH_MKDIR-mkdir} -p ${tmp_ca_setup_dir}
    current_dir=${PWD}
    cd ${tmp_ca_setup_dir}
    
    ${GLOBUS_SH_GZIP-gzip} -dc ${template_package_file} | ${GLOBUS_SH_TAR-tar} xf -

    grid_security_conf_template=${tmp_ca_setup_dir}/grid-security.conf.tmpl
    ca_signing_policy_conf_template=${tmp_ca_setup_dir}/ca-signing-policy.conf.tmpl
    ssl_conf_template=${tmp_ca_setup_dir}/globus-ssl.conf.tmpl
}

############################################################
# create_ca_directory: asks the user for the CA dir path
#                      and sets up the appropriate files
############################################################
create_ca_directory() {

${GLOBUS_SH_MORE-cat} <<EOF
 

    C e r t i f i c a t e    A u t h o r i t y    S e t u p

This script will setup a Certificate Authority for signing Globus
users certificates.  It will also generate a simple CA package
that can be distributed to the users of the CA.

The CA information about the certificates it distrubtes will
be kept in:

${GRID_CA_DIR}
EOF

grid_ca_conf=${GRID_CA_DIR}/grid-ca-ssl.conf

if test -d "${GRID_CA_DIR}"; then
    echo ""
    echo "ERROR: It looks like a CA has already been setup at this location."
    recho "Do you want to overwrite this CA? (y/n) [n]: "
    read tmp_answer
    overwrite_answer=${tmp_answer:-n}
    if test ! `echo ${overwrite_answer} | ${GLOBUS_SH_TR-tr} 'A-Z' 'a-z' | ${GLOBUS_SH_CUT-cut} -c1` = 'y'; then
	exit;
    fi
else
    if test ! -d "${HOME}/.globus" && test -n "${default_loc}"; then
	${GLOBUS_SH_MKDIR-mkdir} ${HOME}/.globus
        if test $? -ne 0; then
            echo "ERROR: Couldn't create directory: ${HOME}/.globus/"
            echo "       make sure you have valid permissions set."
            exit 1;
        fi
    fi
    ${GLOBUS_SH_MKDIR-mkdir} ${GRID_CA_DIR}
    if test $? -ne 0; then
        echo "ERROR: Couldn't create directory: ${GRID_CA_DIR}"
        echo "       make sure you have valid permissions set."
        exit 1;
    fi
fi

CA_KEY_FILE=${GRID_CA_DIR}/private/cakey.pem
CA_CERT_FILE=${GRID_CA_DIR}/cacert.pem

${GLOBUS_SH_RM-rm} -rf ${GRID_CA_DIR}

# from the CA.sh script - setup the CA directory 
${GLOBUS_SH_MKDIR-mkdir} ${GRID_CA_DIR} ${GRID_CA_DIR}/certs/    \
			 ${GRID_CA_DIR}/crl/ ${GRID_CA_DIR}/newcerts/ \
			 ${GRID_CA_DIR}/private/  

echo "01" > ${GRID_CA_DIR}/serial
touch ${GRID_CA_DIR}/index.txt

# sets the permissions of the CA directory
${GLOBUS_SH_CHMOD-chmod} ${CA_DIR_PERMS}  \
${GRID_CA_DIR}                            \
${GRID_CA_DIR}/certs/                     \
${GRID_CA_DIR}/crl/                       \
${GRID_CA_DIR}/newcerts/                  \
${GRID_CA_DIR}/private/                   \
${GRID_CA_DIR}/serial                     \
${GRID_CA_DIR}/index.txt

}

############################################################
# generate_unique_name: finds a unique name for the CA
#                       based on the hostname
############################################################
generate_unique_name() {

tmp_hostname=`${GLOBUS_LOCATION}/bin/globus-hostname`

if test -z "${tmp_hostname}"; then
    echo "" 
    echo "The hostname of this machine is not set.  Set the"
    echo "hostname before running this script."
    echo ""
    exit 1
fi

echo "simpleCA-${tmp_hostname}"
}

############################################################
# get_ca_info: gets the CA information from the user to 
#              create the CA certificate
############################################################
get_ca_info() {


CA_ORG_NAME=`generate_unique_name`

GSI_CA_BASE_DN="ou=${CA_ORG_NAME}, ou=GlobusTest, o=Grid"
GSI_CA_NAME="Globus Simple CA"

got_subject=""
while test -z "${got_subject}" ; do

    casubject="cn=${GSI_CA_NAME}, ${GSI_CA_BASE_DN}"
	
    echo ""
    echo "The unique subject name for this CA is:"
    echo ""
    echo "${casubject}"
    echo ""
    recho "Do you want to keep this as the CA subject (y/n) [y]: "

    read _answer
    answer=${_answer:-y}
    first_char_answer="`echo ${answer} | ${GLOBUS_SH_TR-tr} 'A-Z' 'a-z' | ${GLOBUS_SH_CUT-cut} -c1`";

    if test "${first_char_answer}" = "n"; then
    
	echo ""
	recho "Enter a unique subject name for this CA: "
	read casubject
	echo ""
	if test -n "${casubject}"; then
	    GSI_CA_NAME=`echo ${casubject} | ${GLOBUS_SH_SED-sed} -e "s/[Cc][Nn]=\([^,]*\),.*/\1/"`
	    GSI_CA_BASE_DN=`echo ${casubject} | ${GLOBUS_SH_SED-sed} -e "s/[Cc][Nn]=[^,]*,\(.*\)/\1/"`
            HAS_GLOBUS_NS=`echo ${GSI_CA_BASE_DN} | ${GLOBUS_SH_SED-sed} -e "s/.*\([Oo]=[Gg][Ll][Oo][Bb][Uu][Ss],[ ]*[Oo]=[Gg][Rr][Ii][Dd]\)/\1/"` 
	    check_for_globus_ns "$GSI_CA_BASE_DN"
	    if test -z "${GSI_CA_NAME}" || 
               test -z "${GSI_CA_BASE_DN}"; then
		echo "" 
		echo "The subject: ${casubject} is not a valid subject name"
		echo "Use the default subject name if you don't know the correct"
		echo "format to use"
	    elif test "`check_for_globus_ns "$GSI_CA_BASE_DN"`" = "YES"; then
                echo ""
                echo "ERROR: The Globus namespace (o=Globus, o=Grid) is restricted."
                echo "Please use a different namespace."
                
                GSI_CA_BASE_DN="ou=${CA_ORG_NAME}, ou=GlobusTest, o=Grid"
                GSI_CA_NAME="Globus Simple CA"

            else
		got_subject="yes"
	    fi
	fi
     elif test "${first_char_answer}" = "y"; then
	got_subject="yes"
     fi

done

get_ca_email=""
while test -z "${get_ca_email}"; do

    echo ""
    echo "Enter the email of the CA (this is the email where certificate"
    recho "requests will be sent to be signed by the CA): "
    read GSI_CA_EMAIL_ADDR
    if test -n ${GSI_CA_EMAIL_ADDR}; then
	get_ca_email="done"
    fi
done
    
${GLOBUS_SH_MORE-cat}  <<EOF

The CA certificate has an expiration date. Keep in mind that 
once the CA certificate has expired, all the certificates 
signed by that CA become invalid.  A CA should regenerate 
the CA certificate and start re-issuing ca-setup packages 
before the actual CA certificate expires.  This can be done 
by re-running this setup script.  Enter the number of DAYS 
the CA certificate should last before it expires.
EOF

recho "[default: 5 years (1825 days)]: "
read _CA_CERT_DAYS
CA_CERT_DAYS=${_CA_CERT_DAYS:-${CA_CERT_DAYS}}
echo

return
}

############################################################
# env_replace: replace environment variables from a 
#              file (grid-security.conf) with values
#              determined from this script
############################################################
env_replace () {
   _env="$2"
   _prefix="$1"
   eval _value="\${$_env}"
   ${GLOBUS_SH_SED-sed} -e "s|^${_prefix}_${_env}=.*|${_prefix}_${_env}=\"$_value\"|"
}

############################################################
# save_ca_settings: save the settings determined from this
#                   script to files (grid-security.conf &
#                   grid-ca-ssl.cnf)
############################################################
save_ca_settings() {

    GSI_USER_BASE_DN="ou=\${_domain}, ${GSI_CA_BASE_DN}"
    GSI_HOST_BASE_DN=${GSI_CA_BASE_DN}
    
#    echo `cat ${security_conf_file} | env_replace SETUP GSI_CA_BASE_DN`
    ${GLOBUS_SH_CAT-cat} ${grid_security_conf_template}  |\
    env_replace SETUP   GSI_CA_BASE_DN    |\
    env_replace SETUP   GSI_CA_NAME       |\
    env_replace SETUP   GSI_CA_EMAIL_ADDR |\
    env_replace DEFAULT GSI_CA_BASE_DN    |\
    env_replace DEFAULT GSI_CA_NAME       |\
    env_replace DEFAULT GSI_CA_EMAIL_ADDR |\
    env_replace DEFAULT GSI_HOST_BASE_DN  |\
    env_replace DEFAULT GSI_USER_BASE_DN  > ${grid_security_conf_template}
}

############################################################
# check_for_globus_ns: determine if the user specified subject
#                      contians the globus namespace
############################################################
check_for_globus_ns() {
    echo "$1" | ${GLOBUS_SH_AWK-awk} '
BEGIN     { FS = ","; lastorg=0; lastou=0; hasgrid=0; }

{
    split($0, b, ",");
    i=1;
    while(b[i] != "")
    {
        split(b[i],c,"=");
        if(tolower(c[1]) ~ /o/)
        {
	    org[++lastorg]=c[2];	    
        }
        i++;
    }
}

END {
    for(i = lastorg; i > 0; i--)
    {
        if(tolower(org[i]) == "grid")
        {
            hasgrid=i;
        }
        
        if(tolower(org[i]) == "globus" && hasgrid == (i + 1))
        {
            print "YES";
        }
   }
}
'
}

############################################################
# ldap_dn_to_ssl_dn: create the entries in the grid-ca-ssl.cnf
#                    file from values determined from this
#                    script
############################################################
ldap_dn_to_ssl_dn() {
    echo "$1" | ${GLOBUS_SH_AWK-awk} '
BEGIN     { FS = ","; lastorg=0; lastou=0; } 

{ 
    split($0, b, ",");
    i=1;
    while(b[i] != "")
    {
        split(b[i],c,"=");
        if(tolower(c[1]) ~ /ou/)
        { 
            ou[lastou++]=c[2];
        }
        else if(tolower(c[1]) ~ /c/)
        {
            country=c[2];
        }
        else if(tolower(c[1]) ~ /o/)
        {
            org[lastorg++]=c[2];
        }
        i++;
    }
}

END {
    if(country) {
        print  "countryName                     = Country Name (2 letter code)";
        printf("countryName_default             = %s\n",country);
        print  "countryName_min                 = 2";
        print  "countryName_max                 = 2";
    }

    for(i = lastorg; i > 0; i--)
    {
        printf("%d.organizationName               = Level %d Organization\n",lastorg-i,lastorg-i);
        printf("%d.organizationName_default       = %s\n", lastorg-i, org[i-1]);
    }
    for(i = lastou; i > 0; i--)
    {
        printf("%d.organizationalUnitName          = Level %d Organizational Unit\n",lastou-i,lastou-i);
        printf("%d.organizationalUnitName_default = %s\n", lastou-i, ou[i-1]);
    }

    print      "commonName                      = Name (e.g., John M. Smith)";
    print      "commonName_max                  = 64";
}
'
}

############################################################
# create_input_file: generate the input file to be passed as
#                    stdin to the openssl req utility.
############################################################
create_input_file () {
  _common_name="$1"
  _config_file="$2"

# Parse the ssleay configuration file, to determine the
# correct default 

${GLOBUS_SH_AWK-awk}  < $_config_file '
 
  /^\[ req_distinguished_name \]/ {
     start_parsing=1;
     next;
  }

  /^\[ .*/ {
     start_parsing=0;
     next;
  }

  /^[a-zA-Z0-9\.]*_default[ \t]*=/ && start_parsing==1 {
     split($0, a, "=");
     # default value is in a[2], but we should strip of leading ws
     for(i=1;substr(a[2],i,1) == " " || substr(a[2],i,1) == "\t"; i++);
     print substr(a[2], i);
     next;
}
'

   echo ${_common_name}
}

############################################################
# generate_ca_certificate: the meat & potatoes - calls the 
#                          openssl req utility that creates
#                          the CA certificate
############################################################
generate_ca_certificate() {

. ${grid_security_conf_template}

ca_ssl_conf_template=${tmp_ca_setup_dir}/grid-ca-ssl.conf.tmpl

tmp_ca_conf=${GLOBUS_SH_TMP-/tmp/}/tmp_ssl.conf.1.$$

${GLOBUS_SH_SED-sed} -e "1,/BEGIN CONFIG/p" -e d \
		     < $ca_ssl_conf_template > $tmp_ca_conf

${GLOBUS_SH_SED-sed} -e "s|^dir\([^=]*\)=.*$|dir\1= ${GRID_CA_DIR}|" \
		     < $tmp_ca_conf > $grid_ca_conf

${GLOBUS_SH_RM-rm} -f ${tmp_ca_conf}

ldap_dn_to_ssl_dn "${GSI_CA_BASE_DN}" >> $grid_ca_conf
${GLOBUS_SH_SED-sed} -e "/END CONFIG/,\$p" -e d < $ca_ssl_conf_template >> $grid_ca_conf

CA_REQ_INPUT=${GLOBUS_SH_TMP-/tmp}/tmp_openssl_input.conf.1.$$
create_input_file "${GSI_CA_NAME}" "${grid_ca_conf}" > ${CA_REQ_INPUT}

# create CA certificate request
${openssl_cmd} req ${openssl_options} -config "${grid_ca_conf}" -x509 -days ${CA_CERT_DAYS} \
                   -newkey rsa:1024 -keyout ${CA_KEY_FILE} \
                   -out ${CA_CERT_FILE} < ${CA_REQ_INPUT} 
RET=$?

${GLOBUS_SH_RM-rm} -f ${CA_REQ_INPUT}

if test ${RET} -eq 0; then
    ${GLOBUS_SH_CLEAR-clear}
else
    echo "Error number ${RET} was returned by " 1>&2
    echo "   ${openssl_cmd}"
    exit ${RET}
fi

}


###########################################################
# emit_directions: Provide instructions to the end user
###########################################################
emit_directions () {

${GLOBUS_SH_MORE-cat} <<EOF

A self-signed certificate has been generated 
for the Certificate Authority with the subject: 

${CA_CERT_SUBJECT}

If this is invalid, rerun this script 

$0

and enter the appropriate fields.

-------------------------------------------------------------------

The private key of the CA is stored in ${CA_KEY_FILE}
The public CA certificate is stored in ${CA_CERT_FILE}

The distribution package built for this CA is stored in

${GRID_CA_DIR}/${CA_UTILS_PACKAGE}

This file must be distributed to any host wishing to request
certificates from this CA.

CA setup complete.

The following commands will now be run to setup the security
configuration files for this CA:

\$GPT_LOCATION/sbin/gpt-build -install-only \\
${GRID_CA_DIR}/${CA_UTILS_PACKAGE}

\$GPT_LOCATION/sbin/gpt-postinstall

-------------------------------------------------------------------


EOF

}

############################################################
# install_security_config: run globus-build on the security
#                          configuration package associated
#                          with the CA
#
############################################################
install_security_config() {

    cd ${current_dir}

    if [ -f ${GPT_LOCATION}/sbin/gpt-build ]; then
	buildcmd=${GPT_LOCATION}/sbin/gpt-build
    elif [ -f ${GPT_LOCATION}/sbin/globus-build ]; then
	buildcmd=${GPT_LOCATION}/sbin/globus-build
    elif [ -f ${GLOBUS_LOCATION}/sbin/gpt-build ]; then
	buildcmd=${GLOBUS_LOCATION}/sbin/gpt-build
    elif [ -f ${GLOBUS_LOCATION}/sbin/globus-build ]; then
	buildcmd=${GLOBUS_LOCATION}/sbin/globus-build
    fi

    ${buildcmd} -force ${GRID_CA_DIR}/${CA_UTILS_PACKAGE}
    
    if [ ! $? -eq 0 ]; then
	echo "ERROR:  could not run build command: ${buildcmd} -force ${GRID_CA_DIR}/${CA_UTILS_PACKAGE}"
	exit 1;
    fi

    finish_simple_ca_setup

    SIMPLE_CA_SETUP_TMP_WORKING_DIR=$PWD
    cd ${GLOBUS_LOCATION}/setup/globus/
    ./setup-ssl-utils.${CA_CERT_HASH}
    cd $SIMPLE_CA_SETUP_TMP_WORKING_DIR
}

################################################################
# finish_simple_ca_setup: close out the meta-data gpt packaging
#                         of the simple_ca_setup package.
#                         This prevents the setup-simple-ca
#                         script from getting run repeatedly.
################################################################
finish_simple_ca_setup() {

    ${GLOBUS_SH_PERL-perl} -I${GPT_LOCATION}/lib/perl -I${GLOBUS_LOCATION}/lib/perl -e " \
\
use Getopt::Long; \
use English; \
\
require Grid::GPT::Setup; \
my \$metadata = new Grid::GPT::Setup(package_name => \"globus_simple_ca_setup\"); \
\$metadata->finish();"

}

############################################################
# generate_setup_gsi: modify the setup-gsi.pl template to
#                     have the appropriate values for this
#                     CA
############################################################
generate_setup_file() {

    file_pre=$1
    ${GLOBUS_SH_SED-sed} -e "s|__CACERT_HASH__|${CA_CERT_HASH}|g" \
			 "${tmp_ca_setup_dir}/${file_pre}.tmpl" \
      > "${tmp_ca_setup_dir}/${file_pre}"
}

############################################################
# copy_unchanged_file: copies files to the tarball directory
#                       which do not need modification
############################################################
copy_unchanged_file() {

    ${GLOBUS_SH_CP-cp} "${tmp_ca_setup_dir}/$1" "${tmp_simple_ca_dir}/$1"
}

############################################################
# generate_utils_package: create the CA config package
#                         that gets distributed to the
#                         users of this CA.
############################################################
generate_utils_package() {

CA_CERT_HASH=`${openssl_cmd} x509 -hash -noout -in ${CA_CERT_FILE}`

# creating <HASH>.0
${GLOBUS_SH_CAT-cat} ${CA_CERT_FILE} > ${tmp_ca_setup_dir}/${CA_CERT_HASH}.0

# creating <HASH>.signing_policy file
CA_CERT_SUBJECT="`${openssl_cmd} x509 -text -noout -in ${CA_CERT_FILE} |\
		    ${GLOBUS_SH_GREP-grep} 'Subject:' | ${GLOBUS_SH_AWK-awk} -F: '{print $2}' |\
		    ${GLOBUS_SH_CUT-cut} -c2-`"
CA_CERT_SUBJECT=`echo "/${CA_CERT_SUBJECT}" | ${GLOBUS_SH_SED-sed} -e 's|, |/|g'`

CA_COND_SUBJECT=`echo ${CA_CERT_SUBJECT} | ${GLOBUS_SH_SED-sed} -e "s/CN=.*/\*/"`

${GLOBUS_SH_SED-sed} -e "s|CA_SUBJECT_NAME|${CA_CERT_SUBJECT}|" \
		     -e "s|CA_HASH|${CA_CERT_HASH}|" \
		     -e "s|CA_SIGNING_POLICY|${CA_COND_SUBJECT}|" \
		     ${ca_signing_policy_conf_template} > ${tmp_ca_setup_dir}/${CA_CERT_HASH}.signing_policy

# creating grid-security.conf.HASH
${GLOBUS_SH_CP-cp} ${grid_security_conf_template} ${tmp_ca_setup_dir}/grid-security.conf.${CA_CERT_HASH}

# creating files that need HASH of ca cert
generate_setup_file "setup-gsi.pl"
generate_setup_file "setup-gsi"
generate_setup_file "grid-security-config.in"
generate_setup_file "grid-cert-request-config.in"
generate_setup_file "Makefile.am"
generate_setup_file "Makefile.in"
generate_setup_file "setup-ssl-utils.pl"
generate_setup_file "/pkgdata/pkg_data_src.gpt.in"
generate_setup_file "/pkgdata/pkg_data_src.gpt"
generate_setup_file "setup-ssl-utils"
generate_setup_file "setup-ssl-utils.__CACERT_HASH__"
${GLOBUS_SH_CP-cp} "${tmp_ca_setup_dir}/globus-ssl.conf.tmpl" "${tmp_ca_setup_dir}/globus-ssl.conf"
${GLOBUS_SH_CP-cp} "${tmp_ca_setup_dir}/setup-ssl-utils.__CACERT_HASH__" "${tmp_ca_setup_dir}/setup-ssl-utils.${CA_CERT_HASH}"
echo ""
recho "creating CA config package..."

cd ${tmp_ca_setup_dir}

#${GLOBUS_SH_CHMOD-chmod} 0700 bootstrap
${GLOBUS_SH_CHMOD-chmod} 0700 configure

CA_UTILS_PACKAGE_DIR=globus_simple_ca_${CA_CERT_HASH}_setup-0.17
CA_UTILS_PACKAGE=$CA_UTILS_PACKAGE_DIR.tar.gz

#./bootstrap
./configure
make distdir
${GLOBUS_SH_CHMOD-chmod} -R a+r ${CA_UTILS_PACKAGE_DIR}
${GLOBUS_SH_TAR-tar} cvf $CA_UTILS_PACKAGE_DIR.tar $CA_UTILS_PACKAGE_DIR
if test $? -ne 0; then 
	echo ""
	echo "SETUP FAILED: Could not create tarball of setup package."
	echo ""
	exit 1;
fi

${GLOBUS_SH_GZIP-gzip} -f9 $CA_UTILS_PACKAGE_DIR.tar
if test $? -ne 0; then
	echo ""
	echo "SETUP FAILED: Could not create gzip of setup package."
	echo ""
	exit 1;
fi

if test ! -f ${tmp_ca_setup_dir}/${CA_UTILS_PACKAGE}; then
    echo ""
    echo "Building the CA package failed."
    echo ""
    exit 1;
fi

# versions of this generated package should not be changed without changing the package metadata as well.
${GLOBUS_SH_CP-cp} ${tmp_ca_setup_dir}/${CA_UTILS_PACKAGE} ${GRID_CA_DIR}/${CA_UTILS_PACKAGE}

${GLOBUS_SH_RM-rm} -rf ${tmp_ca_setup_dir}

echo "done."
echo

}

############################################################
# do_trap:  catches any abortive signals and does cleanup
############################################################
do_trap() {

    echo ""
    echo "Normal program execution interrupted.  You will"
    echo "need to rerun the script:"
    echo ""
    echo "\${GLOBUS_LOCATION}/setup/globus/setup-simple-ca"
    echo ""
    echo "to setup the simple CA."
    echo ""

    ${GLOBUS_SH_RM-rm} -rf ${tmp_ca_setup_dir}

    cd ${current_dir}
    
    exit 1
}


############################################################
# main code section
############################################################
if test -z "${GLOBUS_LOCATION}"; then
    echo ""
    echo "ERROR: Please set GLOBUS_LOCATION to the Globus installation directory before"
    echo "running this script"
    echo ""
    exit 1
fi

. ${GLOBUS_LOCATION}/libexec/globus-script-initializer
globus_source ${libexecdir}/globus-sh-tools-vars.sh

PROGRAM_NAME=`echo $0 | ${GLOBUS_SH_SED-sed} 's|.*/||g'`

short_usage="$PROGRAM_NAME [-help] [ options ...] [ openssl options ...]"

long_usage () {
    ${GLOBUS_SH_CAT-cat} >&2 <<EOF

${short_usage}

  Options:
    -help               : shows this help message
    -?
    -h
    -usage

    -openssl-help       : Show help text for openssl
 
    -dir <loc>          : Will put the Simple CA in <loc>

    [<openssl options>] : Give openssl options to pass to the
                          openssl command
EOF
}

. $libexecdir/globus-args-parser-header

readCommandLine () {
  # Expects $* from the shell invocation

  while test ! "X$1" =  "X"
  do
    case $1 in
      -\?|-h|-help|-usage)
         long_usage
         exit 0
         ;;
     -dir)
         tmp_ca_dir="$2"
         if test -z "${tmp_ca_dir}"; then
            echo "ERROR: the -dir option expects a directory."
            exit 1;
         fi
         if test "`echo ${tmp_ca_dir} | cut -c1`" = "/"; then
            GRID_CA_DIR=${tmp_ca_dir}
         else
            GRID_CA_DIR=$PWD/$tmp_ca_dir
         fi
         
         shift ; shift
         ;;
     -openssl-help)
         shift;
         openssl req -help;
         exit;
         ;;

     *)
         openssl_options="$openssl_options $1"
         shift;
         ;;
    esac
  done
}

readCommandLine $@;

# setup variables used by the script

if test -z "${GRID_CA_DIR}"; then
    GRID_CA_DIR=${HOME}/.globus/simpleCA/
    default_loc="yes"
fi

CA_DIR_PERMS=0700
CA_ORG_NAME=""

CA_KEY_FILE=${GRID_CA_DIR}/private/cakey.pem
CA_CERT_FILE=${GRID_CA_DIR}/cacert.pem
CA_CERT_DAYS=1825 # 5 years

openssl_cmd=${GLOBUS_LOCATION}/bin/openssl

# functions that configure the CA
make_template_ca_setup
create_ca_directory
get_ca_info
save_ca_settings
generate_ca_certificate
generate_utils_package
emit_directions
install_security_config


exit
