#!/bin/bash

echo "This will create a grid-usable pem certificate and key"
echo "from a pkcs12 key as exported from a browser (ie., a key backup)."
echo "You will have to input the backup passphrase of the pkcs12 file."
echo

PASSPHRASE=`mktemp  -t`

read -rs -p "Enter the passphrase for $1: " PASS
echo; echo

echo "$PASS" > $PASSPHRASE

trap "rm -f $PASSPHRASE ; exit" SIGHUP SIGINT SIGTERM
umask 066

openssl pkcs12 -in $1 -passin file:$PASSPHRASE -nokeys -clcerts -out usercert.pem 
if [ "$?" != 0 ] ; then echo "Exiting."; rm -f usercert.pem; exit; fi

echo "You will be prompted for the passphrase (twice)."
echo "This will be used to protect your globus certificates."
echo "Use a secure passphrase and remember it."
echo "You will need it every time you want to initiate a grid proxy."
echo

openssl pkcs12 -in $1 -passin file:$PASSPHRASE -nocerts -out userkey.pem
chmod o+r usercert.pem
echo
echo "The resulting files usercert.pem and userkey.pem are rw user only."
echo "usercert.pem is also readable by others."
echo "You should put them in ~/.arc/ to use them with voms and grid."
echo "For example like this, if you are sure you have no previous identity:"
echo
echo " mkdir -p ~/.arc; mv -fv user{cert,key}.pem ~/.globus"
echo 


rm -f $PASSPHRASE