#!/bin/bash
set -x

#create the temporary directory whre NSS db files are located
#mkdir /tmp/testdb


pki_host=`hostname`
ca_instance_name=pki-ca

## CA ports
ca_nonssl_port=9180
ca_agent_port=9443
ca_ee_port=9444
ca_admin_port=9445

pki_silent_security_database_repository=/var/tmp/testdb
pki_silent_security_database_password=testpwd
ca_preop_pin=`cat /var/lib/${ca_instance_name}/conf/CS.cfg \
        | grep preop.pin | grep -v grep | awk -F= '{print $2}'`

pki_security_domain_name=silentdom
pki_silent_admin_user=admin
pki_silent_admin_password=testpwd
pki_silent_admin_email=pki-ca-admin@test.com
ca_agent_name=ca-agent

ca_agent_key_size=2048
ca_agent_key_type=rsa

ca_agent_cert_subject="CN=ca-agent,OU=pnq,O=testpwd"

pki_ldap_host=localhost
pki_ldap_port=389
pki_bind_dn="cn=Directory\ Manager"
pki_bind_password=testpwd
ca_base_dn="dc=${pki_host}-${ca_instance_name}"
ca_db_name="${pki_host}-${ca_instance_name}"
ca_key_size=2048
ca_key_type=rsa

ca_key_algorithm=SHA512withRSA
ca_signing_algorithm=SHA512withRSA
ca_signing_signingalgorithm=SHA512withRSA
ca_ocsp_signing_signingalgorithm=SHA512withRSA
ca_save_p12=false

ca_subsystem_name="Certificate\ Authority-ca"
ca_token_name=internal
ca_token_password=testpwd


ca_sign_cert_subject_name="cn=Certificate\ Authority-ca,o=${pki_security_domain_name}"
ca_subsystem_cert_subject_name="cn=CA\ Subsystem\ Certificate-ca,o=${pki_security_domain_name}"
ca_ocsp_cert_subject_name="cn=OCSP\ Signing\ Certificate-ca,o=${pki_security_domain_name}"
ca_server_cert_subject_name="cn=${pki_host},o=${pki_security_domain_name}"
ca_audit_signing_cert_subject_name="cn=CA\ Audit\ Signing\ Certificate-ca,o=${pki_security_domain_name}"

pki_silent_ca_log=/tmp/pki-silent-ca-log



pkisilent ConfigureCA \
        -cs_hostname "${pki_host}" \
        -cs_port ${ca_admin_port} \
        -client_certdb_dir ${pki_silent_security_database_repository} \
        -client_certdb_pwd ${pki_silent_security_database_password} \
        -preop_pin ${ca_preop_pin} \
        -domain_name "${pki_security_domain_name}" \
        -admin_user ${pki_silent_admin_user} \
        -admin_password ${pki_silent_admin_password} \
        -admin_email "${pki_silent_admin_email}" \
        -agent_name ${ca_agent_name} \
        -agent_key_size ${ca_agent_key_size} \
        -agent_key_type ${ca_agent_key_type} \
        -agent_cert_subject "${ca_agent_cert_subject}" \
        -ldap_host ${pki_ldap_host} \
        -ldap_port ${pki_ldap_port} \
        -bind_dn "${pki_bind_dn}" \
        -bind_password ${pki_bind_password} \
        -base_dn "${ca_base_dn}" \
        -db_name "${ca_db_name}" \
        -key_size ${ca_key_size} \
        -key_type ${ca_key_type} \
        -key_algorithm ${ca_key_algorithm} \
        -signing_algorithm ${ca_signing_algorithm} \
        -signing_signingalgorithm ${ca_signing_signingalgorithm} \
        -ocsp_signing_signingalgorithm ${ca_ocsp_signing_signingalgorithm} \
        -save_p12 ${ca_save_p12} \
        -subsystem_name ${ca_subsystem_name} \
        -token_name ${ca_token_name} \
        -token_pwd ${ca_token_password} \
        -ca_sign_cert_subject_name "${ca_sign_cert_subject_name}" \
        -ca_subsystem_cert_subject_name "${ca_subsystem_cert_subject_name}" \
        -ca_ocsp_cert_subject_name "${ca_ocsp_cert_subject_name}" \
        -ca_server_cert_subject_name "${ca_server_cert_subject_name}" \
        -ca_audit_signing_cert_subject_name \
        "${ca_audit_signing_cert_subject_name}" \
        | tee ${pki_silent_ca_log}