#!/usr/bin/perl

## Program:
# 	generate_user_req.pl
## Purpose:
#  This script generates user certificate requests, based on installed Globus.
## Options:
#	-u "<user name>" 
#	-d <directory> (to store request, default: current directory)
#	-f (to trust the force and overwrite existing files!) 
#  Normally: only host cert req. created, for older GT(2.2) use -o for ldap and gram
#

#
## History:
# V1.02 241006 IN - -force --> -f, output layout changes
# V1.01 231006 Iliya Nickelt AIP - Deb., extensive help output, improved fail safety.
#  Version 1.0 October 2006 Harry Enke Astrogrid-D / AIP

use Getopt::Std;
getopts('u:d:hf', \%opts);
my $pwd=$ENV{'PWD'};
my $hdr=$ENV{'HOME'};
my $GLO=$ENV{'GLOBUS_LOCATION'};
my $gridsec="/etc/grid-security";

if ($opts{h})
	{
	print "generate_user_req.pl -- The AstroGrid-D certificate request script, using the globus toolkit.\n";
	print "Options:\n    -f (overwrites existing keys!); -u \"<user name>\"; -d <directory for files>; -h (help)\n";	
	print "Example:\n    \'generate_user_req.pl -u \"Karl Schwarzschild\" -f\'\n";
	print "Remember to put quotes around your name.\n";
	print "For a list of OUs and RAs see http://www.gac-grid.de/project-overview/VirtualOrganisations/Authorities.html";
	die "\n";
	}
die "*** ERROR: Globus not found - please set \$GLOBUS_LOCATION correctly or use \"openssl_generate_user_req.pl\"\n" unless(-d $GLO);
die "*** ERROR: User name missing - please use this syntax: \'generate_user_req.pl -u \"Karl Schwarzschild\"\' (with quotes).\n" unless($opts{u});
$pwd=(-d $opts{d})?$opts{d}:$pwd;

#first: generate requests in ~/.globus
$CN=$opts{u};
$CNus=$opts{u};
$CNus=~s/\ /\_/g;

# TO DO: Include automatic full user name detection here, as performed by the grid_cert_request script.
my $reqf="$pwd/$CNus\_usercert_request.pem";
my $sw=($opts{f})?" -f":"";	
my $globus_request=system("$GLO/bin/grid-cert-request $sw -cn \"$CN\" \>\ \"$pwd/$CNus\_grid-cert-request_output\" ");

if ($globus_request) {die "*** Error: Globus \'grid-cert-request\' failed. Forgot to use \"-f\"?\n(See $pwd/$CNus\_grid-cert-request_output for more information.)\n" ;}

#second: collect request to $dir with prefix usr
system("cp $hdr/.globus/usercert_request.pem $reqf");
print "\n\n*************************************************************************************\n";
print "Please check if your NAME (CN) and ORGANISATION (OU) are correct in your name string:\n\n";
system("grep \/O=GermanGrid $reqf");
print "*************************************************************************************\n";
print "\nIf there are any errors, call the script again with the \"-f\" option and supply your correct username.\n";
print "For more information, try \"generate_user_req.pl -h\" or contact your local Registrate Authority\n";
print "\nIf everything is correct, please email the request file\n     \"$reqf\"\nas an attachment to your local Registration Authority.\n";
# print "\nIf everything is correct, please email the request file\n     \"$reqf\"\nas an attachment to your local Registration Authority: ($loc_ra).\n";
print "In that mail you must also include your office phone number and the number of your passport or identity card.\n";
print "In a few days you will recieve an email from the Root Certificate Authority with your signed certificate.\n\n";
1;