#!/bin/bash
#
# Extract the ca certificate, user certificate, user keys from the p12 package
#
#
# -clcerts    (only output client certificates (not CA certificates))
# -cacerts    (only output CA certificates (not client certificates))
# -nocerts    (no certificates at all will be output)
# -nokeys     (no private keys will be output)
# 
# 
if [[ -n $1 ]]; then
  echo
else
  echo
  echo "This script will copy the certificates and keys to the strongswan configuration paths"
  echo 
  echo "Usage: p12ext  <file>  [password]"
  echo
  echo "Example: p12ext  file.p12"
  echo
  exit 1
fi

# create a unique path for the server certificate
UNIQ_DIR_LC=`date +%Y-%m-%d.%H_%M_%S`
UNIQ_DIR_LC="p12ext_${UNIQ_DIR_LC}"
mkdir $UNIQ_DIR_LC

# keys
openssl pkcs12 -nodes -nocerts -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/user.keys.pem

# certificate
openssl pkcs12 -nodes -clcerts -nokeys -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/user.crt.pem

# CA
openssl pkcs12 -nodes -cacerts -nokeys -password "pass:password"  -in $1  -out $UNIQ_DIR_LC/ca-chain.crt.pem