#!/bin/bash

# Add an existing server certificate to a
# database of trusted servers for the client.
#
# Copyright (C) 2008, 2009 Red Hat Inc.
#
# This file is part of systemtap, and is free software.  You can
# redistribute it and/or modify it under the terms of the GNU General
# Public License (GPL); either version 2, or (at your option) any
# later version.

certfile=$1
certdb=$2

# Obtain the filename of the certificate
if  test "X$certfile" = "X"; then
    echo "Certificate file must be specified" >&2
    exit 1
fi
if ! test -f $certfile; then
    echo "Cannot find certificate file $certfile" >&2
    exit 1
fi

# Obtain the certificate database directory name.
if  test "X$certdb" = "X"; then
    echo "Certificate database directory must be specified" >&2
    exit 1
fi
if ! test -d $certdb; then
    if ! mkdir -p -m 755 $certdb; then
	echo "Unable to find or create the client certificate database directory: $certdb" >&2
	exit 1
    fi
fi

# Add the certificate
if ! certutil -A -n stap-server -d $certdb -i $certfile -t "P,P,P" > /dev/null; then
    echo "Unable to add $certfile to the client certificate database $certdb" >&2
    exit 1
fi

# Ensure that the database is readable by others
if ! chmod +r $certdb/*.db; then
    echo "Warning: unable to make the client certificate database $certdb readable by others" >&2
fi

echo "Certificate $certfile added to database $certdb"

exit 0