#!/bin/bash

_USER_HOME_DIR="${HOME}"
_NSS_DATABASE_DIR="${_USER_HOME_DIR}/.pki/nssdb_test"
_NSS_PASSWORD="RedHatEnterpiseLinux"
_NSS_PASSWORD_FILE="${_NSS_DATABASE_DIR}/nsspassword"
_CA_CERT_NICK="cacert"
_USER_CERT_NICK="usercert"
_CERTS=100
_ERRORS=0
_LOG_FILE="${_USER_HOME_DIR}/nssdb_test_${NSS_DEFAULT_DB_TYPE}.log"
_NOISE_FILE="random-seed"
_USE_SERIAL_NUMBER="no"

if [ "${USE_SERIAL_NUMBER}" = "yes" ]; then
   echo "Supply serial numbers"; _USE_SERIAL_NUMBER="yes"
else
   echo "No serial numbers"; _USE_SERIAL_NUMBER="no"
fi
_LOG_FILE="${_USER_HOME_DIR}/nssdb_test_${NSS_DEFAULT_DB_TYPE}_serial_numbers=${_USE_SERIAL_NUMBER}.log"

if [ -f ${_NOISE_FILE} ]; then
  # There is anoise file already
  :
else
  # get a lot of random seed in a file, enables testing
  # with certutil without any user interaction.
  echo "Saving random seed..."
  touch ${_NOISE_FILE}
  dd if=/dev/urandom of=${_NOISE_FILE} count=1 bs=65536
fi

[ -d ${_NSS_DATABASE_DIR} ] && rm -rf ${_NSS_DATABASE_DIR}
mkdir -p ${_NSS_DATABASE_DIR} || $(echo "Can't create nss database directory!" && exit 1)
echo "${_NSS_PASSWORD}" > ${_NSS_PASSWORD_FILE}
echo > ${_LOG_FILE}
certutil -N -f ${_NSS_PASSWORD_FILE} -d ${_NSS_DATABASE_DIR}
certutil -S -f ${_NSS_PASSWORD_FILE} -z ${_NOISE_FILE} -k rsa -n ${_CA_CERT_NICK} -s "CN=${_CA_CERT_NICK}" -v 12 -t "C,C,C" -x -d ${_NSS_DATABASE_DIR}
#pk12util -o ${_CA_CERT_FILE} -n ${_CA_CERT_NICK} -k ${_NSS_PASSWORD_FILE} -W "`cat ${_NSS_PASSWORD_FILE}`" -d ${_NSS_DATABASE_DIR}
for I in `seq 1 1 ${_CERTS}`; do
	if [ ${I} -gt 99 ]; then
		_CERT_NAME="${_USER_CERT_NICK}-${I}"
	elif [ ${I} -gt 9 ]; then
		_CERT_NAME="${_USER_CERT_NICK}-0${I}"
	else
		_CERT_NAME="${_USER_CERT_NICK}-00${I}"
	fi
        if [ "${_USE_SERIAL_NUMBER}" = "yes" ]; then
            certutil -S -f ${_NSS_PASSWORD_FILE} -z ${_NOISE_FILE} -k rsa -c ${_CA_CERT_NICK} -n ${_CERT_NAME} -s "CN=${_CERT_NAME}" -v 12 -t "u,u,u" -d ${_NSS_DATABASE_DIR} -m ${I}
        else
	  certutil -S -f ${_NSS_PASSWORD_FILE} -z ${_NOISE_FILE} -k rsa -c ${_CA_CERT_NICK} -n ${_CERT_NAME} -s "CN=${_CERT_NAME}" -v 12 -t "u,u,u" -d ${_NSS_DATABASE_DIR}
        fi
done
certutil -K -f ${_NSS_PASSWORD_FILE} -d ${_NSS_DATABASE_DIR} >> ${_LOG_FILE}
printf "\n########################################################\n" >> ${_LOG_FILE}
certutil -L -f ${_NSS_PASSWORD_FILE} -d ${_NSS_DATABASE_DIR} >> ${_LOG_FILE}
rm -rf ${_NSS_DATABASE_DIR}
printf "Inspect the log file (${_LOG_FILE}) for more info.\n"
printf "\nTest "
_ERRORS=`cat ${_LOG_FILE} | grep "orphan" | wc -l`
[ ${_ERRORS} -eq 0 ] && printf "PASSED\nThere are no orphan in nss database.\n"
[ ${_ERRORS} -eq 1 ] && printf "FAILED\nThere are ${_ERRORS} orphan in nss database!\n"
[ ${_ERRORS} -gt 1 ] && printf "FAILED\nThere are ${_ERRORS} orphans in nss database!\n"
echo "Tested with NSS_DEFAULT_DB_TYPE=\"${NSS_DEFAULT_DB_TYPE}\""
if [ -n ${_USE_SERIAL_NUMBER} -a ${_USE_SERIAL_NUMBER} = "yes" ]; then
  echo " used serial numbers"
else
  echo " didn't use serial numbers"
fi
exit 0