#!/bin/sh

source $(dirname $(dirname $0))/lib/ca-functions

usage() {
    cat <<__EOT__
Usage: $PROGNAME [options] <common name>|<path to certificate>

Options:
  -h, --help            Print this helpful message!
  -f, --config FILE     Use config file instead of $CONFFILE
  -t, --type TYPE       Certificate type: "server" (default), "client" or "user"
  -l, --crl-days DAYS   Make CRL valid for DAYS days instead of CA_CRL_DAYS
  -i, --template FILE   Use alternative index.html template
  -o, --output FILE     Generate CA index.html in FILE

__EOT__
}

short="hf:t:l:i:o:"
long="help,config:,type:,crl-days:,template:,output:"
opts=$( getopt -o "$short" -l "$long" -n "$PROGNAME" -- "$@" )
if [ 0 -ne $? ]; then echo; usage; exit 1; fi
eval set -- "$opts";

while :; do
    case "$1" in
        -h|--help) usage; exit 0;;
        -f|--config) shift; CONFFILE="$1"; shift;;
        -t|--type) shift; USER_CA_CRT_TYPE="$1"; shift;;
        -l|--crl-days) shift; USER_CA_CRL_DAYS="$1"; shift;;
        -i|--template) shift; INDEXTPL="$1"; shift;;
        -o|--output) shift; INDEXOUT="$1"; shift;;
        --) shift; break;;
        *) echo "Unknown value '$1'"; exit 1;;
    esac
done

ca_load_conf

CNF_NAME=$( ca_find_cnf "$1" )
CRT="$CA_HOME/crt/$CNF_NAME.crt"

openssl ca -config $CA_HOME/cnf/$CA_NAME.ca.cnf \
  -revoke $CRT -crl_reason superseded

ca_gen_crl
if [ -n "$INDEXOUT" ]; then
    ca_checksum
    ca_template $INDEXTPL $INDEXOUT
fi