#!/bin/bash

# Copyright (c) 2010 The Chromium OS Authors. All rights reserved.
# Use of this source code is governed by a BSD-style license that can be
# found in the LICENSE file.

echo "Adding mock Google Accounts server certs."

case "${ARCH}" in
  arm*)
    QEMU="/tmp/qemu-arm"
    cp "/usr/bin/qemu-arm" "${ROOT_FS_DIR}/${QEMU}"
    ;;
 *86)
    QEMU=""
    ;;
  *)
    error "Invalid ARCH: ${ARCH}"
    exit 1
esac

CERT_NAME="mock_server"
FAKE_CA_DIR="/etc/fake_root_ca"
FAKE_NSSDB="${FAKE_CA_DIR}/nssdb"
TMP_KEY=$(mktemp -p /tmp "${CERT_NAME}.key.XXXXX")
TMP_CERT=$(mktemp -p /tmp "${CERT_NAME}.pem.XXXXX")

mv -f "${TMP_KEY}" "${ROOT_FS_DIR}/${TMP_KEY}"
mv -f "${TMP_CERT}" "${ROOT_FS_DIR}/${TMP_CERT}"

# We need access to /dev/random and /dev/self/fd (which is /proc/self/fd)
# within the chrooted image
sudo mount --bind /dev "${ROOT_FS_DIR}"/dev
sudo mount --bind /proc "${ROOT_FS_DIR}"/proc

# Generate testing root cert on the fly.
sudo chroot "${ROOT_FS_DIR}" ${QEMU} /usr/bin/openssl req -x509 -days 21 \
  -subj "/CN=www.google.com" \
  -newkey rsa:1024 -nodes -keyout "${TMP_KEY}" -out "${TMP_CERT}"

mkdir -m 0755 -p "${ROOT_FS_DIR}/${FAKE_NSSDB}"

# Both bash and nsscertutil must be run under qemu-arm
sudo chroot "${ROOT_FS_DIR}" ${QEMU} /bin/bash -c "${QEMU} \
  /usr/local/bin/nsscertutil -d sql:${FAKE_NSSDB} -N -f <(echo '')"
cp "${ROOT_FS_DIR}/${TMP_KEY}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.key"
cp "${ROOT_FS_DIR}/${TMP_CERT}" "${ROOT_FS_DIR}/${FAKE_CA_DIR}/${CERT_NAME}.pem"
echo "DO NOT MOVE THIS DATA OFF OF THE ROOTFS!" > "${ROOT_FS_DIR}/${FAKE_CA_DIR}/README"
sudo chroot "${ROOT_FS_DIR}" ${QEMU} \
  /usr/local/bin/nsscertutil -d sql:"${FAKE_NSSDB}" -A \
  -n FakeCert -t "C,," -a -i "${FAKE_CA_DIR}/${CERT_NAME}.pem"
chmod 0644 "${ROOT_FS_DIR}/${FAKE_NSSDB}"/*

CERT_FILE="${ROOT_FS_DIR}/etc/login_trust_root.pem"
mv -f "${ROOT_FS_DIR}/${TMP_CERT}" "${CERT_FILE}"
chmod 0644 "${CERT_FILE}"

if [ -n "${QEMU}" ] ; then
    rm "${ROOT_FS_DIR}/${QEMU}"
fi
rm -f "${ROOT_FS_DIR}/${TMP_KEY}"
rm -f "${ROOT_FS_DIR}/${TMP_CERT}"

sudo umount "${ROOT_FS_DIR}"/dev
sudo umount "${ROOT_FS_DIR}"/proc