#!/bin/sh

# From desktop, run with:
# xterm -e tl-get-cert

tool=pkcs15-tool

my_exit()
{
    if [ "${XTERM_SHELL}" ]; then
        echo "Press ENTER to exit."
        read
    fi
    exit $1
}

thisuser=$1

if [ -z "${thisuser}" ]; then
    echo -n "Enter username [${USER}]: "
    read thisuser
fi

if [ -z "${thisuser}" ]; then
    thisuser=${USER}
fi

homedir=`getent passwd ${thisuser} | cut -d: -f 6`
uid=`getent passwd ${thisuser} | cut -d: -f 3`

if [ -z "${homedir}" ]; then
    echo "The user ${thisuser} does not exist."
   my_exit 1
fi

if [ ! -d "${homedir}" ]; then
    echo "Creating directory ${homedir}"
    mkdir "${homedir}"
    chown ${thisuser} "${homedir}"
    chmod 700 "${homedir}"
fi

sshdir="${homedir}/.ssh"

if [ ! -d "${sshdir}" ]; then
    echo "Creating directory ${sshdir}"
    mkdir "${sshdir}"
    chown ${thisuser} "${sshdir}"
    chmod 700 "${sshdir}"
fi

echo "Listing card certificates..."
ids=`"${tool}" -k | awk '/^[ \t]*ID[ \t]*:/{ print $3}'`
if [ -z "${ids}" ]; then
    echo "Error: Cannot find any certificate IDs on this card"
    my_exit 2
fi

authkeys="${sshdir}/authorized_keys"
aliasfile="/etc/passwdaliases"
lastid=""
for id in ${ids}; do
    echo "Fecthing SSH key for id {id} to ${authkeys}..."
    "${tool}" --read-ssh-key ${id} >> "${authkeys}"
    lastid=${id}
done
chown ${thisuser} "${authkeys}"
chmod 600 "${authkeys}"

echo "Generating certificate DN..."
dn=`"${tool}" -r ${lastid} | openssl x509 -inform PEM -outform DER | /opt/thinlinc/libexec/tl-cert-dn`
echo "User DN: ${dn}"
if [ -w /etc/passwdaliases ]; then
    echo "Adding DN to ${aliasfile}..."
    echo "${dn}:${uid}" >> /etc/passwdaliases
else
    echo "================================================================"
    echo "Warning: You are not allowed to modify etc/passwdaliases."
    echo "This user cannot use automatic connect upon smart card insertion"
    echo "================================================================"
fi
echo "${dn}" > ${homedir}/.thinlinc/user-dn

my_exit 0