#########################################
#   / _|        | |  / ____|   /\
#  | |_ __ _ ___| |_| |       /  \
#  |  _/ _` / __| __| |      / /\ \
#  | || (_| \__ \ |_| |____ / ____ \
#  |_| \__,_|___/\__|\_____/_/    \_\
#########################################
#Fast and easy SSL certification authority builder.
#developed by Phillip Bailey (  phillip@cryptolife.org )

#version 0.9

#Before starting please read README.txt

#check if the application openssl exist
which openssl > /dev/null
if [ $? -ne 0 ]; then
echo "The program 'openssl' is currently not installed.  You can install it by typing:
sudo apt-get install openssl"
exit
fi

#check if the application dialogs exist
which dialog > /dev/null
if [ $? -ne 0 ]; then
echo "The program 'dialog' is currently not installed.  You can install it by typing:
sudo apt-get install dialog"

else

export CA_NAME="ca"
export SSL="$PWD/openssl.cnf"
#load the variables 
. ./vars

dialog --backtitle "(fastCA) " \
       --title "Easy and fast Certification Autority builder" \
       --menu "Make your choice" 20 80 12 \
        1 "Create the CA structure" \
        2 "Create a root certificate" \
        3 "Create a key and signing request" \
        4 "Sign the request" \
        5 "export the certificates" \
        6 "!!delete the CA!! (this will delete everything previously created) " \
        7 "Credits" \
        8 "Exit" 2> .tempfile
        output=`cat .tempfile`
        rm -f .tempfile
        clear

if [ "$output" = "1" ]; then
mkdir $CA_NAME
mkdir  $CA_NAME/certs
mkdir  $CA_NAME/private
echo '100001' >$CA_NAME/serial
touch $CA_NAME/certindex.txt
chmod 700 $CA_NAME
mkdir $PWD/export2client
mkdir $PWD/export2server
$PWD/FastCa.sh
fi

if [ "$output" = "2" ]; then
openssl req -new -x509 -extensions v3_ca -keyout $CA_NAME/private/cakey.pem -out $CA_NAME/cacert.pem -days 1095 -config $SSL
$PWD/FastCa.sh
fi

if [ "$output" = "3" ]; then
openssl req -new -nodes -out $CA_NAME/name-req.pem -keyout $CA_NAME/private/$CA_NAME.key -config $SSL
$PWD/FastCa.sh
fi

if [ "$output" = "4" ]; then
openssl ca -out  $CA_NAME/$CA_NAME-cert.crt -config $SSL -infiles $CA_NAME/name-req.pem
$PWD/FastCa.sh
fi

if [ "$output" = "5" ]; then
cp $PWD/$CA_NAME/cacert.pem $PWD/export2client
cp $PWD/$CA_NAME/private/ca.key $PWD/export2server
cp $PWD/$CA_NAME/ca-cert.crt  $PWD/export2server
dialog --title "Success !!!!!!!!!!!!" --msgbox "Your CA has been created.\n\n
\n\n Now you can export the certificates located in\n\n
 export2client  export2server\n\n
 Example for apache2:\n\n
 SSLEngine On\n
 SSLCertificateFile /etc/apache2/ssl/ca-cert.crt\n
 SSLCertificateKeyFile /etc/apache2/ssl/ca.key\n\n
 Example for postfix:
 /etc/postfix/main.cf\n
 smtpd_tls_cert_file=/etc/postfix/ssl/ca-cert.crt\n
 smtpd_tls_key_file=/etc/postfix/ssl/ca.key\n\n
 Example for dovecot:\n
 /etc/dovecot/dovecot.con\n
 ssl_key_file = /etc/dovecot/ssl/agbnielsen.key.pem\n
 ssl_cert_file  = /etc/dovecot/ssl/agbnielsen-cert.pem\n
      " 20 100
$PWD/FastCa.sh

fi
if [ "$output" = "6" ]; then
rm -rf $PWD/$CA_NAME/
rm -rf $PWD/export2client/
rm -rf  $PWD/export2server/
$PWD/FastCa.sh
fi

if [ "$output" = "7" ]; then

dialog --title "Credits" --msgbox "

fastCA
Fast and easy SSL certification authority builder.

Developed by phillip bailey

phillip@cryptolife.org
blog: www.cryptolife.org

Copyright (C) <2008>  <phillip bailey>

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
any later version.

" 20 100
$PWD/FastCa.sh
fi


fi