#!/bin/sh

while :; do

echo
echo 'Would you like to generate Diffie-Hellman keys [Y|n]? ' | tr -d '\012'
read ANSWER

case "X$ANSWER" in
	X[nN]*)
		echo "You may generate keys later on by running a 'make key'"
		echo "in the installation directory (/opt/skip by default)";
		exit 0;;
esac

echo "In order to generate your Diffie-Hellman key, some information must be"
echo "provided (Note: only the IPv4 address is required)."
echo "Take a look at http://skip.incog.com/certs/certdsa.html for a complete"
echo "documentation about the certificate generation process."
echo

NAME=""
echo "Your name [$NAME]: " | tr -d '\012'
read A
if [ "X$A" != "X" ]; then NAME=$A; fi

COMPANY=""
echo "Your company name [$COMPANY]: " | tr -d '\012'
read A
if [ "X$A" != "X" ]; then COMPANY=$A; fi

ADDR=""
echo "Your address [$ADDR]: " | tr -d '\012'
read A
if [ "X$A" != "X" ]; then ADDR=$A; fi

EMAIL=""
echo "Your email address [$EMAIL]: " | tr -d '\012'
read A
if [ "X$A" != "X" ]; then EMAIL=$A; fi

IPOK="NO"

while [ $IPOK = "NO" ]; do
	IP=`netstat -ni | grep -v lo | grep -v ame | head -1 | awk '{print $4}'`
	echo "IPv4 address the key belongs to [$IP]: " | tr -d '\012'
	read A
	if [ "X$A" != "X" ]; then IP=$A; fi

	NUM=`echo $IP | awk -F. '{print NF}'`
	if [ $NUM -ne 4 ]; then
		echo "Invalid IPv4 address, try again."
	else
		IP1=`echo $IP | awk -F. '{print $1}'`
		IP2=`echo $IP | awk -F. '{print $2}'`
		IP3=`echo $IP | awk -F. '{print $3}'`
		IP4=`echo $IP | awk -F. '{print $4}'`
		IPOK="YES"
	fi
done

PGPUSER=""
if pgp -kv > /dev/null 2>&1 ; then
	PGPUSER=$USER
	echo "Enter the user id of your public key [$PGPUSER]: " | tr -d '\012'
	read A
	if [ "X$A" != "X" ]; then PGPUSER=$A; fi
	pgp -kxa $PGPUSER /tmp/pgp-key
	if [ -s /tmp/pgp-key.asc ]; then
		PGPKEY=`(cat /tmp/pgp-key.asc |  tr '\012' '<' | tr '\015' '>'; echo) | sed -e "s/.*-----BEGIN PGP/-----BEGIN PGP/g" -e "s/+/%2B/g" -e "s/ /+/g" -e "s/:/%3A/g" -e "s/=/%3D/g" -e "s/</%0A/g" -e "s/>/%0D/g" | tr -d '\012\015'`
		rm -f /tmp/pgp-key.asc
	else
		PGPUSER=""
		PGPKEY=""
	fi
fi

if [ "X$PGPUSER" = "X" ]; then
	echo "Since pgp cannot be used to encrypt the secret key,"
	echo "your machine's secret key is sent in the clear over the Internet"
	echo "and anyone may eavesdrop and determine your private key."
	echo "Do you wish to continue [y|N]? " | tr -d '\012'
	read ANSWER
	case "X$ANSWER" in
		X[nN]*) exit 0;;
		X) exit 0;;
	esac
fi

# write query to file
HEADER=/tmp/hdr
QUERY=/tmp/query

echo "POST /ca-bin/issue-dsa HTTP/1.0" > $HEADER
echo "Referer: http://skip.incog.com/certs/certdsa.html" >> $HEADER
echo "Connection: Keep-Alive" >> $HEADER
echo "Host: skip.incog.com" >> $HEADER
echo "Content-type: application/x-www-form-urlencoded" >> $HEADER

echo "name=$NAME&Company=$COMPANY&address=$ADDR&email=$EMAIL&ip1=$IP1&ip2=$IP2&ip3=$IP3&ip4=$IP4&pgpkey=$PGPKEY&pgpuser=$PGPUSER" > $QUERY
echo >> $QUERY

echo "Content-length: `cat $QUERY | wc -c`" >> $HEADER
echo >> $HEADER

# HOST is skip.incog.com
HOST=199.190.177.197
INST=

touch /tmp/answer.asc
chmod 600 /tmp/answer.asc
cat $HEADER $QUERY | ./tcpconnex $HOST 80 > /tmp/answer.asc
if [ "X$PGPUSER" != "X" ]; then
	(cd /tmp; pgp /tmp/answer.asc && tar xf /tmp/answer)
else
	if [ "X`grep begin /tmp/answer.asc`" = "X" ] ; then
		echo "Certificate server could not generate Diffie-Hellman keys."
		echo "See answer from server below for detailed information:"
		cat /tmp/answer.asc | sed -e '1,/ontent/d'
		continue
	fi
	(cd /tmp; uudecode -p /tmp/answer.asc | tar xf -)
fi

if [ ! -f /tmp/my_secret_i ] ; then
	echo "Certificate server could not generate Diffie-Hellman keys."
	continue;
fi

if [ "X$INST" = "X" ]; then
	INST=/opt/skip
	echo "Installation directory [$INST]: " | tr -d '\012'
	read A
	if [ "X$A" != "X" ]; then INST=$A; fi
fi

CMD="mkdir $INST/secret $INST/public $INST/cache 2>/dev/null; ./sun2en /tmp/my_X509_cert /tmp/my_secret_i > /tmp/_cert; cat /tmp/_cert | sed -n -e '1,/^#Public/ p' -e '/^#Secret/,1000000 p' > $INST/secret/01-$IP-1; chmod 600 $INST/secret/01-$IP-1; cat /tmp/_cert | sed -e /Secret/q > $INST/public/01-$IP-1"

rm -f /tmp/_cert;

if [ -w $INST ]; then
	eval $CMD
else
	su root -c "$CMD"
fi

rm -f $HEADER $QUERY /tmp/my_* /tmp/ZeroAssuranceCert /tmp/md5.sums /tmp/answer /tmp/answer.asc

done
