#!/bin/bash
# Sign the certificate signing request.
#
# Arguments:
#   hostname
#   CSR filename
#   type: "server" or "client"
#   batch: "batch" to not ask questions, or anything else or blank to ask
#
# © 2012, Multapplied Networks, Inc.
set -e
. /usr/share/bondingadmin/default/ca-vars

cd $BONDINGADMIN_DIR

HOST="$1"
CSR_FILE="$2"
TYPE="$3"
IS_BATCH="$4"

LOCKFILE="/tmp/.sign-bonding-cert.exclusivelock"

if [ "$TYPE" == "server" ]; then
    CERT_FILE="$CERTS_DIR/$HOST.cert.pem"
    EXTENSIONS="server"
else
    CERT_FILE="$CERTS_DIR/$HOST.cert.pem"
    EXTENSIONS="usr_cert"
fi

if [ "$IS_BATCH" == "batch" ]; then
    BATCH="-batch"
else
    BATCH=""
fi

WAIT_TIME=10  # in seconds
(
    flock -x -w $WAIT_TIME 200 || exit 1
    echo "Writing certificate to $CERT_FILE..."
    $OPENSSL ca -config $CONFIG $BATCH -extensions $EXTENSIONS -out $CERT_FILE -infiles $CSR_FILE
) 200>$LOCKFILE
