#!/bin/bash

# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

echo "Adding mock Google Accounts server certs."

# TODO(cmasone): Generate certs/keys on the fly from a CSR?
CERT_DIR="${GCLIENT_ROOT}/src/platform/login_manager"
CERT_NAME="mock_server"
FAKE_CA_DIR="${ROOT_FS_DIR}/etc/fake_root_ca"
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"

mkdir -p "${FAKE_NSSDB}"
cat "${CERT_DIR}/${CERT_NAME}.key" > "${FAKE_CA_DIR}/${CERT_NAME}.key"
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${FAKE_CA_DIR}/README"
nsscertutil -A -n FakeCA -t "C,C,C" -a -i "${CERT_DIR}/${CERT_NAME}.pem" \
  -d "${FAKE_NSSDB}"
chmod -R 0644 "${FAKE_NSSDB}"

# TODO(cmasone): get rid of this once we're off pam_google for good.
# Sadly, our fake cert HAS to be first in this file.
TMPFILE=$(mktemp)
CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
PERMS=$(stat --printf="%a" "${CERT_FILE}")
cat "${CERT_DIR}/${CERT_NAME}.pem" "${CERT_FILE}" > "${TMPFILE}"
mv -f "${TMPFILE}" "${CERT_FILE}"
chmod "${PERMS}" "${CERT_FILE}"