#!/bin/bash
p12file=${1?Need .p12 file}
outputdir=${2:-.}

certfile=${outputdir}/usercert.pem
keyfile=${outputdir}/userkey.pem
kojicert=${outputdir}/client.crt
# sshkeyfile=${outputdir}/id_rsa
# sshpubfile=${outputdir}/id_rsa.pub

(
	set -e
        umask 077
	mkdir -p "${outputdir}"

	openssl pkcs12 -in "$p12file" -clcerts -nokeys -out "$certfile"
	chmod 0644 "$certfile"
	echo Created user certificate in "$certfile"

	openssl pkcs12 -in "$p12file" -nocerts -out "$keyfile"
	chmod 0400 "$keyfile"
	echo Created private key in "$keyfile"

	## cute but pointless
	# cp $keyfile $sshkeyfile
	# chmod 0400 $sshkeyfile
	# echo Created ssh private key in $sshkeyfile

	# ssh-keygen -y -f $sshkeyfile > $sshpubfile
	# chmod 0644 $sshpubfile
	# echo Created ssh public key in $sshpubfile

	cat "$certfile" "$keyfile" > "$kojicert"
	chmod 0400 "$kojicert"
	echo Created key for koji in "$kojicert"
)

# vim:noet:sts=8:sw=8:ts=8