#!/bin/bash

usercert=${1:-~/.globus/usercert.pem}
userkey=${2:-~/.globus/userkey.pem}
output=${3:-/dev/shm/$(id -un)-certkey.pem}
output_dir=$(dirname "$output" 2>/dev/null)

prog=$(basename "$0")
fail () {
    ret=$1
    shift
    echo "${prog}: $*" >&2
    exit "$ret"
}

command -v openssl &> /dev/null || fail 127 "openssl not found"

[[ -r $usercert ]] || fail 1 "user cert $usercert not found or not readable"
[[ -r $userkey ]] || fail 1 "user key $userkey not found or not readable"
[[ -d $output_dir ]] || fail 1 "output directory $output_dir not found or not a directory"
[[ -e $output ]] && fail 1 "output file $output already exists; delete it first"

umask 077
tmpkey=$(mktemp -t certkey-XXXXXX)
tmpkey2=$(mktemp -t certkey-XXXXXX)
trap 'rm -f ${tmpkey} ${tmpkey2}' ERR EXIT

openssl rsa -in $userkey -out "$tmpkey" || fail 3 "couldn't decrypt key"
(cat $usercert; echo; cat $tmpkey) > "$tmpkey2" || fail 4 "couldn't write new certkey"
{
    sed -i.bak -e 's/\015$//g' "$tmpkey2" &&
        rm -f "${tmpkey2}.bak"
} || fail 5 "couldn't fix line endings on new certkey"
mv -f "$tmpkey2" "$output" || fail 6 "couldn't move new certkey to destination $output"

echo "Created $output"
echo "Delete it once you're done with it!"