#!/bin/sh

if [ "$1" = "" ]; then
	echo "pass your private key [../ssl.key/foo.key] as the first arg"
	exit
fi

if [ "$2" = "" ]; then
        echo "pass your PEM encoded certificate request [../ssl.csr/foo.csr] as second arg"
        exit
fi

if [ "$3" = "" ]; then
	echo "pass where you want your signed CA certicate [../ssl.crt/foo.crt] as third arg"
	exit
fi

echo /usr/local/ssl/bin/openssl x509 \
	-extfile signCAcsr.cnf \
	-days 5000 \
	-signkey $1 \
	-in $2 -req \
	-out $3

/usr/local/ssl/bin/openssl x509 \
	-extfile signCAcsr.cnf \
	-days 5000 \
	-signkey $1 \
	-in $2 -req \
	-out $3

chmod 0400 $3

echo "verifying modulus..."

modcrt=`/usr/local/ssl/bin/openssl x509 -noout -modulus -in $3 | sed -e 's;.*Modulus=;;'`
modkey=`/usr/local/ssl/bin/openssl rsa  -noout -modulus -in $1 | sed -e 's;.*Modulus=;;'`

if [ ".$modcrt" != ".$modkey" ]; then
	echo "Error: Failed to verify modulus on resulting X.509 certificate"
	exit 1
else
	echo "modulus o.k."
fi

echo /usr/local/ssl/bin/openssl verify $3
/usr/local/ssl/bin/openssl verify $3