#! /bin/sh
#
#  SPX Enrollment script - given a local name to create the keyfile under
#                             and a local ca public key file name
#
#    This script creates user keys and a TA certificate for the user
#               - user_pubkey
#               - user_privkey
#               - user_certif_ca
#    in the local directory
#
SPX_KEY_DIR=/filesv/usr/local/spx/keys
SPX_ADMINISTRATOR="kannan@sejour"
DOMAIN_PREFIX="/C=US/O=Digital/OU=LKG/OU=Sphinx"

case $# in
0|1) echo 'Usage: sphinx_enroll local_princ_name local_ca_name' 1>&2; exit 2
esac

if test -s "$2_pubkey"
then
echo -n ""
elif test -s "$SPX_KEY_DIR/$2_pubkey"
then
echo -n ""
else
  echo "Cannot find public key for '$2'"
  exit 2
fi

echo ""
echo "This routine will generate your RSA key files and TA certificate file"
echo "          ./$1_pubkey"
echo "          ./$1_privkey"
echo "          ./$1_certif_$2"
echo ""
echo -n "createkey : default creates 512 bit RSA keys ... correct \
 [y] ? "
read response
case $response in
n*)  echo -n "key size ? " ; read keysize ;;
*)  keysize=512 ; break;
esac
#
#
echo ""
echo -n "Are you enrolling a user principal [y] ? "
read princtype
echo ""
case $princtype in
n*) echo "createkey -n $1 -k $keysize $1" ;  createkey -n \
 "$1" -k $keysize $1 ;;
*) echo "Enter the name of the principal who is being enrolled.  For users" ; \
   echo "enter your fullname (e.g., John Smith)." ; \
   echo -n "Principal's name  :  " ; read princ_name ; \
   case $princ_name in \
     ?*) echo "createkey -n $princ_name -k $keysize $1" ;  createkey -n \
     "$princ_name" -k $keysize $1 ;; \
     *) echo "createkey -k $keysize $1" ; createkey -k $keysize $1 ; break ; \
   esac ; break;
esac

echo ""
echo -n "createcertif : default TA certif expires in 365 days ... correct [y]? "
read response
case $response in
n*)  echo -n "num of days ? " ; read expiredays ;;
*)  expiredays=365 ; break;
esac
echo "createcertif -t -e $expiredays -d \"$DOMAIN_PREFIX\" $1 $2"
echo ""
if test -s "$2_pubkey"
then
  createcertif -t -e $expiredays -d "$DOMAIN_PREFIX" $1 $2
else
  createcertif -t -e $expiredays -d "$DOMAIN_PREFIX" $1 $SPX_KEY_DIR/$2
fi
echo ""
echo "TA certif file and RSA key files have been created ... "
echo "          copying files to $SPX_KEY_DIR"
echo "          mailing pubkey file to sphinx administrator"
#
#
#
cp $1_pubkey $SPX_KEY_DIR
cp $1_privkey $SPX_KEY_DIR
cp $1_certif_$2 $SPX_KEY_DIR
#
/usr/ucb/mail -s "$1_pubkey (CA is $2)" $SPX_ADMINISTRATOR < $1_pubkey
#
echo ""
echo "Administrator will contact you when you have been registered in the CDC."
echo ""
echo "  Note: 'displaycertif $1 $2' will show your TA certificate"
echo ""
if test $princtype
then
echo ""
else
echo "For user principals, please define your environment variable"
echo "SPHINX_LOCAL_NAME to be your legal name in your ~/.login file"
echo ""
echo "  e.g.    setenv SPHINX_LOCAL_NAME \"$princ_name\""
echo ""
echo ""
echo "You should also create a ~/.sphinx file with your X.500 global name"
echo "and a ~/.logout with the command spxdestroy"
echo ""
echo "Your X.500 name is \"$DOMAIN_PREFIX/OU=Users/CN=$princ_name\""
echo ""
echo "Would you like your $HOME/.sphinx and $HOME/.logout"
echo -n "files modified automatically [n]? "
read response
case $response in
y*)  echo "\"$DOMAIN_PREFIX/OU=Users/CN=$princ_name\"" >> $HOME/.sphinx ; echo "spxdestroy" >> $HOME/.logout ; echo "done." ;;
*)  break;
esac
fi
