#!/bin/sh
#
# Generate an X.509 certificate and stuff that into a key, then generate a
# PKCS#7 cert from that over some random data and stuff that into a key.
#
# Format:
#
#	x509-stuffer.sh [<tmpfile-prefix>]
#
file=/tmp/x509cert
if [ "$1" != "" ]
then
    file=$1
fi

cd /tmp
sync

while true
do
    openssl req -new -x509 -outform PEM -keyout $file.pem -nodes -subj "/CN=GB/O=Red Hat/OU=Magrathea/CN=Slartibartfast" -out $file.x509 || exit $?

    openssl x509 -in $file.x509 -inform PEM -outform DER >$file.x509.asn1 || exit $?
    keyctl padd asymmetric bar @s <$file.x509.asn1 || exit $?

    n=$RANDOM
    if [ $n -lt 10 ]; then n=10; fi
    dd if=/dev/urandom of=$file.stuff bs=$n count=1

    openssl smime -sign -inkey $file.pem -signer $file.x509 -keyform PEM \
	-in $file.stuff -out $file.pkcs7 -binary -outform DER || exit $?

    keyctl padd asymmetric baz @s <$file.pkcs7
done