#!/bin/sh -x

mkdir -p tmp

rm -f tmp/ca_signing.csr
rm -f tmp/ca_ocsp_signing.csr
rm -f tmp/ca_audit_signing.csr
rm -f tmp/sslserver.csr
rm -f tmp/subsystem.csr

rm -r tmp/external.crt
rm -r tmp/cert_chain.p7b
rm -f tmp/ca_signing.crt

rm -f tmp/example.crt
rm -f tmp/example2.crt
rm -f tmp/example.p7
rm -f tmp/example2.p7
rm -f tmp/example.p7b
rm -f tmp/example2.p7b
rm -f tmp/example3.csr
rm -f tmp/example3.crt

cat > tmp/ca-external-step1.cfg << EOF
#[DEFAULT]
#pki_instance_name=pki-child
#pki_pin=Secret.123

[CA]
pki_admin_email=caadmin@example.com
pki_admin_name=caadmin
pki_admin_nickname=caadmin
pki_admin_password=Secret.123
pki_admin_uid=caadmin

pki_backup_keys=True
pki_backup_password=Secret.123

pki_client_database_password=Secret.123
pki_client_database_purge=False
pki_client_pkcs12_password=Secret.123

pki_ds_base_dn=dc=ca,dc=pki,dc=example,dc=com
pki_ds_database=ca
pki_ds_password=Secret.123

pki_security_domain_name=EXAMPLE

pki_token_password=Secret.123

pki_external=True
pki_external_step_two=False
pki_external_csr_path=$PWD/tmp/ca_signing.csr

#pki_ca_signing_csr_path=$PWD/tmp/ca_signing.csr
pki_ocsp_signing_csr_path=$PWD/tmp/ca_ocsp_signing.csr
pki_audit_signing_csr_path=$PWD/tmp/ca_audit_signing.csr
pki_ssl_server_csr_path=$PWD/tmp/sslserver.csr
pki_subsystem_csr_path=$PWD/tmp/subsystem.csr

#pki_security_domain_name=CHILD
#pki_ca_signing_csr_path=$PWD/tmp/example2.csr
#pki_ca_signing_subject_dn=CN=Child Cert,O=CHILD

#pki_security_domain_name=GRANDCHILD
#pki_ca_signing_csr_path=$PWD/tmp/example3.csr
#pki_ca_signing_subject_dn=CN=Grandchild Cert,O=GRANDCHILD

#pki_req_ext_add=True

pki_ca_signing_nickname=ca_signing
pki_ocsp_signing_nickname=ca_ocsp_signing
pki_audit_signing_nickname=ca_audit_signing
pki_ssl_server_nickname=sslserver
pki_subsystem_nickname=subsystem
EOF

pkispawn -vv -f tmp/ca-external-step1.cfg -s CA