#!/bin/sh
#
# $Id: mkimapdcert.in,v 1.4 2001/08/26 15:49:50 mrsam Exp $
#
# Copyright 2000 Double Precision, Inc.  See COPYING for
# distribution information.
#
# This is a short script to quickly generate a self-signed X.509 key for
# IMAP over SSL.  Normally this script would get called by an automatic
# package installation routine.

test -x /usr/bin/openssl || exit 0

prefix="/usr"

if test -f /etc/ssl/bincimap/bincimap.pem
then
	echo "/etc/ssl/bincimap/bincimap.pem already exists."
	exit 1
fi

cp /dev/null /etc/ssl/bincimap/bincimap.pem
chmod 600 /etc/ssl/bincimap/bincimap.pem
chown root /etc/ssl/bincimap/bincimap.pem

cleanup() {
	rm -f /etc/ssl/bincimap/bincimap.pem
	rm -f /etc/ssl/bincimap/bincimap.rand
	exit 1
}

cd /etc/ssl/bincimap
dd if=/dev/urandom of=/etc/ssl/bincimap/bincimap.rand count=1 2>/dev/null
/usr/bin/openssl req -new -x509 -days 365 -nodes \
	-config /etc/ssl/bincimap/bincimap.cnf -out /etc/ssl/bincimap/bincimap.pem -keyout /etc/ssl/bincimap/bincimap.pem || cleanup
/usr/bin/openssl gendh -rand /etc/ssl/bincimap/bincimap.rand 512 >>/etc/ssl/bincimap/bincimap.pem || cleanup
/usr/bin/openssl x509 -subject -dates -fingerprint -noout -in /etc/ssl/bincimap/bincimap.pem || cleanup
rm -f /etc/ssl/bincimap/bincimap.rand