#!/bin/sh

# From desktop, run with:
# xterm -e tl-get-cert

tool=pkcs15-tool

my_exit()
{
    if [ "${XTERM_SHELL}" ]; then
        echo "Tryck på ENTER för att avsluta."
        read
    fi
    exit $1
}

thisuser=$1

if [ -z "${thisuser}" ]; then
    echo -n "Ange användarnamn: "
    read thisuser
fi

homedir=`getent passwd ${thisuser} | cut -d: -f 6`
uid=`getent passwd ${thisuser} | cut -d: -f 3`

if [ -z "${homedir}" ]; then
    echo "Användaren ${thisuser} existerar inte."
   my_exit 1
fi

if [ ! -d "${homedir}" ]; then
    echo "Skapar katalogen ${homedir}"
    mkdir "${homedir}"
    chown ${thisuser} "${homedir}"
    chmod 700 "${homedir}"
fi

sshdir="${homedir}/.ssh"

if [ ! -d "${sshdir}" ]; then
    echo "Skapar katalogen ${sshdir}"
    mkdir "${sshdir}"
    chown ${thisuser} "${sshdir}"
    chmod 700 "${sshdir}"
fi

echo "Listar certifikat på kortet..."
ids=`"${tool}" -k | awk '/^[ \t]*ID[ \t]*:/{ print $3}'`
if [ -z "${ids}" ]; then
    echo "Fel: hittar inga IDn på kortet"
    my_exit 2
fi

authkeys="${sshdir}/authorized_keys"
aliasfile="/etc/passwdaliases"
lastid=""
for id in ${ids}; do
    echo "Hämtar SSH-nyckel för id ${id} till ${authkeys}..."
    "${tool}" --read-ssh-key ${id} >> "${authkeys}"
    lastid=${id}
done

echo "Genererar certifikat-DN..."
dn=`"${tool}" -r ${lastid} | openssl x509 -inform PEM -outform DER | /opt/thinlinc/libexec/tl-cert-dn`
echo "Användarens DN: ${dn}"
echo "Lägger till DN i ${aliasfile}..."
echo "${dn}:${uid}" >> /etc/passwdaliases

chown ${thisuser} "${authkeys}"
chmod 600 "${authkeys}"
my_exit 0