#!/bin/bash
#

# set -x

DEFAULT_SECCERTDIR=`pwd`
DEFAULT_SECURITYTESTS_DIR=/Volumes/xenos/dev/tla9/SecurityTests

#This is usually the security_certificates directory in the checked out branch

if [ -z ${SECCERTDIR} ] ; then
        SECCERTDIR=${DEFAULT_SECCERTDIR}
fi

#
#Look for the directory with the sources for SecurityTests
#This will often be different from the directory for the current branch
# if that has been checked out sparsely
#

if [ -z ${SECTESTSDIR} ] ; then
        /bin/echo "SECTESTSDIR not set, bailing" 1>&2
        exit 2
fi

if [ -z ${LOCAL_BUILD_DIR} ] ; then
        /bin/echo "LOCAL_BUILD_DIR not set, bailing" 1>&2
        exit 2
fi

#Make sure we are in a proper security_certificates directory

if [ ! -d "${SECCERTDIR}/roots" ] ; then
        /bin/echo "${SECCERTDIR}/roots not found, bailing" 1>&2
        exit 2
fi

#
# Check for tools
#

if [ ! -f "${LOCAL_BUILD_DIR}/vfyCertChain" ]; then
	/bin/echo "Cant find ${LOCAL_BUILD_DIR}/vfyCertChain"
        /bin/echo "Making cspxutils and clxutils" 1>&2
        (cd "${SECTESTSDIR}/cspxutils"; make all)
fi

# Test that the anchors are OK

(cd roots; "${SECTESTSDIR}"/clxutils/anchorTest/anchorSourceTest .)

# Build a new SystemRootCertificates.keychain and
# SystemTrustSettings.plist in place on your branch

/bin/echo "Building a new SystemRootCertificates.keychain and SystemTrustSettings.plist"
(cd "${SECCERTDIR}"; ./buildRootKeychain)

if [ ! -d "/System/Library/Keychains/saved" ] ; then
	sudo mkdir /System/Library/Keychains/saved
	sudo cp /System/Library/Keychains/System* /System/Library/Keychains/saved/
fi

sudo cp $SECCERTDIR/BuiltKeychains/SystemRootCertificates.keychain $SECCERTDIR/BuiltKeychains/SystemTrustSettings.plist $SECCERTDIR/BuiltKeychains/EVRoots.plist /System/Library/Keychains/

"${LOCAL_BUILD_DIR}"/anchorTest t

/bin/echo "--- Don't forget to run buildEVRoots ---"
/bin/echo "------- Done ------"