#!/bin/sh 

# 
# Copyright 1999-2006 University of Chicago
# 
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
# 
# http://www.apache.org/licenses/LICENSE-2.0
# 
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# 

openssl="/usr/bin/openssl"

find_ca_dir() {
    cahash=$1
    shift

    for x in "$@"; do
        if test -f "$x/$cahash.0"; then
            echo "${x}"
            return 0
        fi
    done
}

get_security_dir() {
    cadir=$1

    if test ! -z "${GRID_SECURITY_DIR}" ; then
        echo "${GRID_SECURITY_DIR}"
    elif test "$cadir" = "/etc/grid-security/certificates"; then
        echo "/etc/grid-security"
    else
        echo "${sysconfdir}"
    fi
}

get_hashes() {
    cadir=$1
    ls ${cadir}/*.0 2> /dev/null || true
}

ca_list() {
    echo "The available CA configurations installed on this host are:"
    echo
    
    index=1

    for x in "$@"; do
	cert_hashes="$(get_hashes ${x})"
        if test -n "${cert_hashes}"; then
            echo "Directory: ${x}"
            echo

            for cert in ${cert_hashes}; do
                if test -r "${cert}" ; then 
                    TEMP_SUBJECT="$("$openssl" x509 -in ${cert} -noout -subject -nameopt rfc2253,-dn_rev | sed -e 's|^subject= *|/|' -e 's|,|/|g')"
                    TEMP_HASH="${cert##*/}"
                    TEMP_HASH="${TEMP_HASH%.0}"

                    eval "CA${index}=${cert}"
                    eval "CA_SUBJECT${index}=\"/${TEMP_SUBJECT#*/}\""
                    eval "CA_HASH${index}=$TEMP_HASH"
                    eval "echo \"$index) \${CA_HASH${index}} -  \${CA_SUBJECT${index}}\""
                    index=$(($index + 1))
                fi
            done

            echo
        fi 
    done
}

interactive() {
    
    ca_list "$@"

    CA_CHOSEN_INDEX=""

    while [ -z "$CA_CHOSEN_INDEX" ]
    do
        echo
        printf "Enter the index number of the CA to package [q to quit]: "
        read CA_CHOSEN_INDEX

        if [ "${CA_CHOSEN_INDEX}" = "" ] || \
           [ "${CA_CHOSEN_INDEX}" = "q" ]; then
           exit 1;
        fi
        # Check for number
        if test ${CA_CHOSEN_INDEX} -eq ${CA_CHOSEN_INDEX} 2>/dev/null ; then
            if [ 1 -gt ${CA_CHOSEN_INDEX} ] || [ $index -le ${CA_CHOSEN_INDEX} ]; then
                echo "${CA_CHOSEN_INDEX} is not a valid index!"
                CA_CHOSEN_INDEX=""
            fi
        else
            echo "${CA_CHOSEN_INDEX} is not a valid index!"
            CA_CHOSEN_INDEX=""
        fi
    done
    
    eval "CA_SUBJECT=\${CA_SUBJECT${CA_CHOSEN_INDEX}}"
    eval "CA_CERT=\${CA${CA_CHOSEN_INDEX}}"
    CA_CERT_DIR=`echo $CA_CERT | sed -e "s|/[^\/]*$||"`
}

create_source_package_tarball()
{
    _tmpdir="${TMPDIR:-/tmp}"
    _capath="${1}"
    _cadir="${2}"
    _casubject="${3}"
    _simpleca="${4}"
    _cahash="$("$openssl" x509 -hash -noout -in "${_capath}")"

    _certdir="share/certificates"
    _srcdir="globus-simple-ca-${_cahash}"
    _source_package_tarball="globus_simple_ca_${_cahash}.tar.gz"
    _pkgdir=""

    printf "Creating RPM source tarball... "

    while [ -z "$_pkgdir" ]; do
        mkdir -m 0755 "${_pkgdir:=${_tmpdir}/globus_simple_ca.$("$openssl" rand -base64 6 | tr / _)}"
        rc=$?

        if [ $rc != 0 -o ! -d "${_pkgdir}" ]; then
            _pkgdir=""
        fi
    done

    cd "${_pkgdir}"
    mkdir "${_srcdir}"

    if [ "${_simpleca}" -eq 0 ]; then
        cp "${_capath}" "${_srcdir}/${_cahash}.0"
        cp "${_cadir}/${_cahash}.signing_policy" "${_srcdir}/${_cahash}.signing_policy"
        if [ -r "${_cadir}/grid-security.conf.${_cahash}" ]; then
            cp "${_cadir}/grid-security.conf.${_cahash}" "${_srcdir}/"
        fi
        if [ -r "${_cadir}/globus-user-ssl.conf.${_cahash}" ]; then
            cp "${_cadir}/globus-user-ssl.conf.${_cahash}" "${_srcdir}/"
        fi
        if [ -r "${_cadir}/globus-host-ssl.conf.${_cahash}" ]; then
            cp "${_cadir}/globus-host-ssl.conf.${_cahash}" "${_srcdir}/"
        fi
    else
        cp "${_capath}" "${_srcdir}/${_cahash}.0"
        cp "${_cadir}/signing-policy" "${_srcdir}/${_cahash}.signing_policy"
        if [ -r "${_cadir}/grid-security.conf" ]; then
            cp "${_cadir}/grid-security.conf" \
                    "${_srcdir}/grid-security.conf.${_cahash}"
        fi
        if [ -r "${_cadir}/globus-user-ssl.conf" ]; then
            cp "${_cadir}/globus-user-ssl.conf" \
                    "${_srcdir}/globus-user-ssl.conf.${_cahash}"
        fi
        if [ -r "${_cadir}/globus-host-ssl.conf" ]; then
            cp "${_cadir}/globus-host-ssl.conf" \
                    "${_srcdir}/globus-host-ssl.conf.${_cahash}"
        fi
    fi

    # RPM packaging
    cat <<-EOF 1> "${_srcdir}/globus-simple-ca-${_cahash}.spec"
	# This spec file creates a binary RPM that can be used to deploy the CA
	# and its related configuration files. The name of the package is based
	# on the hash of the CA certificate *on the machine which created the
	# CA*. If that was using OpenSSL 0.9.x, it will be different than the
	# hash used by OpenSSL 1.x. When this package is built, the hashes are
	# set to whichever version of OpenSSL is used on the package build
	# machine. Presumably that won't change within a specific OS version.
	# This package does not attempt to make this CA the default CA for
	# tools like grid-cert-request, but will remove the links to this CA if
	# it has been made the default CA by calling grid-default-ca with its
	# hash.
	%define cadir %{_sysconfdir}/grid-security/certificates
	
	Name: globus-simple-ca-${_cahash}
	Version: 1.0
	Release: 1%{?dist}
	Summary: Simple CA Configuration for ${_casubject}
	
	Group: Development/Tools
	License: ASL 2.0
	Source: ${_source_package_tarball}
	BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
	BuildRequires: openssl
	Requires: openssl
	BuildArch: noarch
	
	%description
	This package contains the CA certificate and related policy files
	needed to allow the Grid Community Toolkit to trust the CA with the
	subject name:
	"${_casubject}"
	as well as request certificates from that CA.
	
	%prep
	%setup -q -n globus-simple-ca-${_cahash}
	
	%build
	%define cahash \`openssl x509 -noout -hash -in "${_cahash}.0"\`
	mkdir -m 0755 -p \$RPM_BUILD_ROOT/%{cadir}
	cp "${_cahash}.0" "\$RPM_BUILD_ROOT/%{cadir}/%{cahash}.0"
	cp "${_cahash}.signing_policy" "\$RPM_BUILD_ROOT/%{cadir}/%{cahash}.signing_policy"
	if [ -r "grid-security.conf.${_cahash}" ]; then
	    cp "grid-security.conf.${_cahash}" \
	        "\$RPM_BUILD_ROOT/%{cadir}/grid-security.conf.%{cahash}"
	fi
	if [ -r "globus-host-ssl.conf.${_cahash}" ]; then
	    cp "globus-host-ssl.conf.${_cahash}" "\$RPM_BUILD_ROOT/%{cadir}/globus-host-ssl.conf.%{cahash}"
	fi
	if [ -r "globus-user-ssl.conf.${_cahash}" ]; then
	    cp "globus-user-ssl.conf.${_cahash}" "\$RPM_BUILD_ROOT/%{cadir}/globus-user-ssl.conf.%{cahash}"
	fi
	# Save the hash that was used to generate the binary package to a file so that
	# we can determine whether we need to remove symlinks during uninstall time.
	echo "%{cahash}" > "\$RPM_BUILD_ROOT/%{cadir}/${_cahash}.installed_hash"
	
	%clean
	rm -rf \$RPM_BUILD_ROOT
	
	%preun
	installed_hash="\$(cat %{cadir}/${_cahash}.installed_hash)"
	# Compare file serial numbers to see if the default CA is linked to this one. If so
	# remove the links.
	if [ -h "%{cadir}/grid-security.conf" ]; then
	    if [ "\$(ls -H1i "%{cadir}/grid-security.conf" | cut -d' ' -f1)" = \
	         "\$(ls -H1i "%{cadir}/grid-security.conf.\$installed_hash" | cut -d' ' -f1)" ]; then
	        rm %{cadir}/grid-security.conf
	    fi
	fi
	if [ -h "%{cadir}/globus-host-ssl.conf" ]; then
	    if [ "\$(ls -H1i "%{cadir}/globus-host-ssl.conf" | cut -d' ' -f1)" = \
	         "\$(ls -H1i "%{cadir}/globus-host-ssl.conf.\$installed_hash" | cut -d' ' -f1)" ]; then
	        rm %{cadir}/globus-host-ssl.conf
	    fi
	fi
	if [ -h "%{cadir}/globus-user-ssl.conf" ]; then
	    if [ "\$(ls -H1i "%{cadir}/globus-user-ssl.conf" | cut -d' ' -f1)" = \
	         "\$(ls -H1i "%{cadir}/globus-user-ssl.conf.\$installed_hash" | cut -d' ' -f1)" ]; then
	        rm %{cadir}/globus-user-ssl.conf
	    fi
	fi
	%files
	%defattr(-,root,root,-)
	%{_sysconfdir}/grid-security/certificates
	EOF

    # Debian packaging
    mkdir ${_srcdir}/debian
    cat 1> ${_srcdir}/debian/control <<-EOF
	Source: ${_srcdir}
	Section: net
	Priority: extra
	Maintainer: ${LOGNAME}@${HOST}

	Package: ${_srcdir}
	Architecture: all
	Depends: \${shlibs:Depends}, \${misc:Depends}
	Description: CA Package for ${_casubject}
	  This package contains the CA certificate and related policy files
	  needed to allow the Grid Community Toolkit to trust the CA with the
	  subject name:
	  "${_casubject}"
	  as well as request certificates from that CA.
	EOF

    cat 1> ${_srcdir}/debian/rules <<EOF
#!/usr/bin/make -f

include /usr/share/cdbs/1/rules/debhelper.mk

cahash=${_cahash}
name=globus-simple-ca-\$(cahash)

certdir = etc/grid-security/certificates
certdirfiles = \\
	\$(cahash).0 \\
	\$(cahash).signing_policy \\
	globus-host-ssl.conf.\$(cahash) \\
	globus-user-ssl.conf.\$(cahash) \\
	grid-security.conf.\$(cahash)



install/\$(name)::
	dh_testdir 
	dh_testroot 
	dh_clean -k

	[ -d \$(CURDIR)/debian/tmp/\$(certdir) ] || \\
	    mkdir -p \$(CURDIR)/debian/tmp/\$(certdir)
	rm -f debian/\$(name).install || true
	touch debian/\$(name).install
	for file in \$(certdirfiles); do \\
	    if [ -f "\$\$file" ]; then \\
	        cp "\$\$file" "\$(CURDIR)/debian/tmp/\$(certdir)" ; \\
	        echo "debian/tmp/\$(certdir)/\$\$file" \$(certdir) >> debian/\$(name).install; \\
	    fi ; \\
	done

clean::
	dh_clean debian/*.install

EOF
    chmod a+x ${_srcdir}/debian/rules

    cat 1> ${_srcdir}/debian/changelog <<-EOF
	${_srcdir} (0.0) UNRELEASED; urgency=low
	  * Initial release.
	
	 -- ${LOGNAME} <${LOGNAME}@${HOST}>  $(date +"%a, %d %b %Y %H:%m:%S %z")
	EOF

    echo 5 1> ${_srcdir}/debian/compat

    echo /etc/grid-security/certificates 1> ${_srcdir}/debian/dirs


    tar cf - ${_srcdir} | gzip > "${OLDPWD}/${_source_package_tarball}"

    cd "${OLDPWD}"
    rm -rf "${_pkgdir}"
    echo "done"
    printf "\t${_source_package_tarball}\n"
}

create_rpm_binary_package()
{
    _tarball="${1}"
    _cahash="${2}"
    _pkgdir=""

    if test ! -f /etc/redhat-release && test ! -f /etc/SuSE-release; then
        echo "Skipping RPM binary"
        return 0
    fi
    printf "Creating RPM binary..."
    while [ -z "$_pkgdir" ]; do
        mkdir -m 0755 "${_pkgdir:=${_tmpdir}/globus_simple_ca.$("$openssl" rand -base64 6 | tr / _)}"
        rc=$?

        if [ $rc != 0 -o ! -d "${_pkgdir}" ]; then
            _pkgdir=""
        fi
    done

    OLDHOME="$HOME"
    HOME=${_pkgdir}
    cd $HOME

    mkdir rpmbuild tmp

    for x in BUILD  BUILDROOT SOURCES RPMS  SPECS  SRPMS; do
        mkdir -p "rpmbuild/$x"
    done
    cat <<-EOF > .rpmmacros
	%_topdir $HOME/rpmbuild
	%_tmppath $HOME/tmp
	EOF

    rpmbuild -tb "$_tarball"
    HOME="$OLDHOME"
    cd -
    unset OLDHOME
    find ${_pkgdir} -name '*.rpm' -exec cp "{}" "." ";"
    rm -rf "$_pkgdir"
}

create_debian_binary_package()
{
    _tarball="${1}"
    _cahash="${2}"
    _pkgdir=""

    if ! test -f /etc/debian_version; then
        echo "Skipping debian binary"
        return 0
    fi

    printf "Creating debian binary..."
    while [ -z "$_pkgdir" ]; do
        mkdir -m 0755 "${_pkgdir:=${_tmpdir}/globus_simple_ca.$("$openssl" rand -base64 6 | tr / _)}"
        rc=$?

        if [ $rc != 0 -o ! -d "${_pkgdir}" ]; then
            _pkgdir=""
        fi
    done

    olddir="$(pwd)"
    cd ${_pkgdir}
    gzip -dc ${_tarball} | tar xf -
    cd globus-simple-ca-${_cahash}
    fakeroot dpkg-buildpackage -uc -us
    cd ${_pkgdir}
    find . -name '*.deb' -exec cp "{}" "$olddir" ";"
    cd $olddir

    rm -rf "$_pkgdir"
}
create_binary_gpt_package()
{
    _tmpdir="${TMPDIR:-/tmp}"
    _capath="${1}"
    _cadir="${2}"
    _casubject="${3}"
    _simpleca="${4}"
    _cahash="$("$openssl" x509 -hash -noout -in "${_capath}")"
    _certdir="share/certificates"
    _binary_gpt_package="globus_simple_ca_${_cahash}-1.0-noflavor_data.tar.gz"
    if [ "${backward_compatible}" = 1 ]; then
        _gptdir="etc/gpt/packages/globus_simple_ca_${_cahash}"
    else
        _gptdir="share/globus/packages/globus_simple_ca_${_cahash}"
    fi
    _filelist="${_gptdir}/noflavor_data.filelist"
    _metadata="${_gptdir}/pkg_data_noflavor_data.gpt"
    _pkgdir=""

    printf "Creating binary GPT package... "

    while [ "$_pkgdir" = "" ]; do
        mkdir -m 0755 "${_pkgdir:=${_tmpdir}/globus_simple_ca.$("$openssl" rand -hex 16)}"
        rc=$?

        if [ $rc != 0 ]; then
            _pkgdir=""
        fi
    done

    cd "${_pkgdir}"

    mkdir -p "${_certdir}"
    mkdir -p "${_gptdir}"

    exec 3>&1
    exec 1> "${_filelist}"

    cp "${_capath}" "${_certdir}/${_cahash}.0"
    echo "${_certdir}/${_cahash}.0"

    if [ "${_simpleca}" -eq 0 ]; then
        cp "${_cadir}/${_cahash}.signing_policy" "${_certdir}/"
        echo "${_certdir}/${_cahash}.signing_policy"
        if [ -r "${_cadir}/grid-security.conf.${_cahash}" ]; then
            cp "${_cadir}/grid-security.conf.${_cahash}" "${_certdir}/"
            echo "${_certdir}/grid-security.conf.${_cahash}"
        fi

        if [ -r "${_cadir}/globus-user-ssl.conf.${_cahash}" ]; then
            cp "${_cadir}/globus-user-ssl.conf.${_cahash}" "${_certdir}/"
            echo "${_certdir}/globus-user-ssl.conf.${_cahash}"
        fi
        if [ -r "${_cadir}/globus-host-ssl.conf.${_cahash}" ]; then
            cp "${_cadir}/globus-host-ssl.conf.${_cahash}" "${_certdir}/"
            echo "${_certdir}/globus-host-ssl.conf.${_cahash}"
        fi
    else
        cp "${_cadir}/signing-policy" "${_certdir}/${_cahash}.signing_policy"
        echo "${_certdir}/${_cahash}.signing_policy"

        if [ -r "${_cadir}/grid-security.conf" ]; then
            cp "${_cadir}/grid-security.conf" \
                    "${_certdir}/grid-security.conf.${_cahash}"
            echo "${_certdir}/grid-security.conf.${_cahash}"
        fi

        if [ -r "${_cadir}/globus-user-ssl.conf" ]; then
            cp "${_cadir}/globus-user-ssl.conf" \
                    "${_certdir}/globus-user-ssl.conf.${_cahash}"
            echo "${_certdir}/globus-user-ssl.conf.${_cahash}"
        fi
        if [ -r "${_cadir}/globus-host-ssl.conf" ]; then
            cp "${_cadir}/globus-host-ssl.conf" \
                    "${_certdir}/globus-host-ssl.conf.${_cahash}"
            echo "${_certdir}/globus-host-ssl.conf.${_cahash}"
        fi
    fi

    echo "${_filelist}"
    echo "${_metadata}"

    cat <<-EOF 1> "${_metadata}"
<?xml version="1.0"?>
<!DOCTYPE gpt_package_metadata SYSTEM "globus_package.dtd">
<gpt_package_metadata Format_Version="0.02" Name="globus_simple_ca_${_cahash}" >
<Aging_Version Age="0" Major="0" Minor="6" />
<Description >Simple CA Package for ${_casubject}</Description>
<Functional_Group >Security</Functional_Group>
<Version_Stability Release="Experimental" />
<PackagingTool ToolName="GPT" ToolVersion="3.3" />
<data_pkg >
<Flavor ColocateLibraries="no" >noflavor</Flavor>
</data_pkg>
</gpt_package_metadata>
EOF
    
    exec 1>&3
    exec 3>&-

    tar cf - $(cat "${_filelist}") | gzip > "${OLDPWD}/${_binary_gpt_package}"

    cd "${OLDPWD}"
    rm -rf "${_pkgdir}"
    echo "done"
    printf "\t${_binary_gpt_package}\n"
}

create_rpm_tarball=1
create_gpt_package=0
create_rpm_binary=0
create_debian_binary=0

readCommandLine () {
    # Expects $* from the shell invocation

    while [ "X$1" != "X" ]
    do
        case $1 in
            -\?|-h|-help|-usage|--help|--usage)
                long_usage
                exit 0
                ;;
            -ca|--ca)
                ca_to_use="$2"
                shift 2
                ;;
            -cadir|--cadir)
                cadir="$2"
                shift 2
                ;;
            -g)
                create_gpt_package=1
                shift;
                ;;
            -r)
                create_rpm_binary=1
                shift;
                ;;
            -d)
                create_debian_binary=1
                shift;
                ;;
            -b)
                backward_compatible=1
                create_gpt_package=1
                shift;
                ;;
             -version|--version)
                if [ "X${PROGRAM_NAME}" != "X" -a \
                      "X${PROGRAM_VERSION}" != "X" ]; then
                    echo "${PROGRAM_NAME}: ${PROGRAM_VERSION}"
                elif [ "X${PACKAGE}" != "X" -a \
                       "X${VERSION}" != "X" ]; then
                    echo "${PACKAGE}: ${VERSION}"
                else
                    echo "No version information available."
                fi
                exit 0
                ;;
             -versions|--versions)
                __AT='@'
                if [ -n "${PACKAGE}" -a -n "${VERSION}" -a \
                     -n "${DIRT_TIMESTAMP}" -a -n "${DIRT_BRANCH_ID}" -a \
                     "X${DIRT_TIMESTAMP}" != "X${__AT}DIRT_TIMESTAMP${__AT}" -a \
                     "X${DIRT_BRANCH_ID}" != "X${__AT}DIRT_BRANCH_ID${__AT}" ];
                then
                    echo "${PACKAGE}: ${VERSION} (${DIRT_TIMESTAMP}-${DIRT_BRANCH_ID})"
                else
                    echo "No DiRT information available."
                fi
                exit 0;
                ;;
            *)
                echo "ERROR: option $1 : unrecognized option"
                short_usage
                exit 1
                ;;
         esac
    done

}

error() {

    eval "missing_file=\$$1"

    echo
    echo "The file: ${missing_file} does not exist"
    echo "The CA: ${CA_SUBJECT}"
    echo "has not been setup correctly."
    echo
    exit 1
}

printhelp() {
    option="${1}"
    helpstr="${2}"
    optwidth="${optwidth:-$((${COLUMNS:-80} / 3))}"
    if [ "$optwidth" -gt 30 ]; then
        optwidth=30
    fi
    helpwidth="${helpwidth:-$((${COLUMNS:-80} - $optwidth - 6))}"
    helpstrformatted="$(echo "${helpstr}" | tr -sd '\n\t' ' ' | \
            fold -sw ${helpwidth})"

    OLDIFS="$IFS"
    IFS="
"
    first=1

    for x in $helpstrformatted; do
        printf "    %-${optwidth}s %-${helpwidth}s\n" "${first:+$option}" "$x"
        first=""
    done
    IFS="$OLDIFS"
}

long_usage () {
    echo "${short_usage}"
    printhelp "-help, -h, -?, -usage" "Display this help message"
    printhelp "-version" "Print $PROGRAM_NAME version number"
    printhelp "-versions" "Print detailed package version for $PACKAGE"
    printhelp "-ca HASH" "Create packages for the CA with HASH as its subject
            hash [prompt for value]"
    printhelp "-g" "Create a GPT binary package [unset]"
    printhelp "-b" "Create a GPT binary package compatible with GPT 3.2 to be
            used with GT 2.0.x - 5.0.x [unset]"
    printhelp "-r" "Create an RPM binary package [unset]"
    printhelp "-d" "Create an debian binary package [unset]"
}


############################################################
# main code section
############################################################

prefix="${GLOBUS_LOCATION-/usr}"
exec_prefix="${prefix}"
sbindir="${exec_prefix}/sbin"
bindir="${exec_prefix}/bin"
includedir="/usr/include/globus"
datarootdir="${prefix}/share"
datadir="${datarootdir}"
libexecdir="/usr/share/globus"
sysconfdir="/etc"
sharedstatedir="${prefix}/com"
localstatedir="/var"

PROGRAM_NAME="${0##*/}"

PROGRAM_VERSION="5.1"

VERSION="5.1"

PACKAGE="globus_simple_ca"

DIRT_TIMESTAMP="1566483868"
DIRT_BRANCH_ID="0"

short_usage="$PROGRAM_NAME [-help] [ options ...]"

readCommandLine "$@"

# reset positional parameters
shift "$#"

# look for trusted certs directories
if test -n "${X509_CERT_DIR}" ; then
    set -- "${X509_CERT_DIR}"
    if test -n "${GRID_SECURITY_DIR}"; then
        set -- "$@" "${GRID_SECURITY_DIR}"
    fi
fi

if test -d "/etc/grid-security/certificates/." ; then
    set -- "$@" "/etc/grid-security/certificates" 
fi
if test -d "${sysconfdir}/grid-security/certificates/." ; then
    set -- "$@" "${sysconfdir}/grid-security/certificates" 
fi
if test -d "${datadir}/certificates/."; then
    set -- "$@" "${datadir}/certificates"
fi

if [ -n "$cadir" ]; then
    CA_CERT_DIR="$cadir"
    CA_CERT="$CA_CERT_DIR/cacert.pem"
    CA_SUBJECT="$("$openssl" x509 -in "${CA_CERT}" -noout -subject -nameopt rfc2253,-dn_rev | sed -e 's|^subject= *|/|' -e 's|,|/|g')"
    simpleca=1
else
    found_ca=0
    simpleca=0

    for x in "$@"; do
        if test -n "`get_hashes ${x}`"; then
            found_ca=1
            break
        fi
    done

    if test $found_ca -eq 0; then
        echo 
        echo "There does not appear to be a valid CA"
        echo "located in any of the following directories:"
        echo ""
        for x in "$@"; do
            echo "    ${x}"
        done
        echo ""
        echo "To specify a different location where the grid security"
        echo "configuration files were installed, set the X509_CERT_DIR"
        echo "set the GRID_SECURITY_DIR environment variables."
        echo ""
        exit 1
    fi

    if [ -z "$ca_to_use" ]; then
        interactive "$@"
    else
        CA_CERT_DIR=`find_ca_dir $ca_to_use "$@"`
        CA_CERT="$CA_CERT_DIR/$ca_to_use.0"
        if test ! -r "${CA_CERT}" ; then
            echo
            echo "Cannot find a CA with hash ${ca_to_use}."
            echo "Use grid-default-ca -list to see a list of CA hashes "
            echo "available on this machine."
            echo 
            exit 1
        fi
        CA_SUBJECT="$("$openssl" x509 -in ${CA_CERT} -noout -subject -nameopt rfc2253,-dn_rev | sed -e 's|^subject= *|/|' -e 's|,|/|g')"
    fi
fi

if [ "$create_rpm_tarball" -eq 1 ]; then
    create_source_package_tarball "$CA_CERT" "$CA_CERT_DIR" "$CA_SUBJECT" "${simpleca}"
    ca_cert_hash="$("$openssl" x509 -hash -noout -in "${CA_CERT}")"
    source_package_tarball="globus_simple_ca_${ca_cert_hash}.tar.gz"
    if [ "$create_rpm_binary" -eq 1 ]; then
        create_rpm_binary_package "$(pwd)/${source_package_tarball}" "${ca_cert_hash}"
    fi
    if [ "$create_debian_binary" -eq 1 ]; then
        create_debian_binary_package "$(pwd)/${source_package_tarball}" "${ca_cert_hash}"
    fi
fi
if [ "$create_gpt_package" -eq 1 ]; then
    create_binary_gpt_package "$CA_CERT" "$CA_CERT_DIR" "$CA_SUBJECT" "${simpleca}"
fi

exit 0
