#!/bin/sh

echo "This script will install the dreness.com self-signed certificate"
echo "authority certificate. You may be prompted for your password."
echo ""
echo "Beginning in 3 seconds..."
sleep 3

echo "Changing directory to local keychains folder..."
cd ~/Library/Keychains

echo "creating dreness_cacert.pem..."
# create the dreness_cacert.pem file which contains the root
# certificate used to sign the ssl cert for meta.dreness.com
cat << EOF > dreness_cacert.pem
-----BEGIN CERTIFICATE-----
MIIDbjCCAtegAwIBAgIBADANBgkqhkiG9w0BAQQFADCBhzELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZEYWxsYXMxEDAOBgNVBAoTB2RyZW5lc3Mx
ETAPBgNVBAsTCEVhcnRoR292MRkwFwYDVQQDExBtZXRhLmRyZW5lc3MuY29tMRow
GAYJKoZIhvcNAQkBFgtkcmVAbWFjLmNvbTAeFw0wNDAzMDYwMTA4NDhaFw0wNzAz
MDYwMTA4NDhaMIGHMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzANBgNVBAcT
BkRhbGxhczEQMA4GA1UEChMHZHJlbmVzczERMA8GA1UECxMIRWFydGhHb3YxGTAX
BgNVBAMTEG1ldGEuZHJlbmVzcy5jb20xGjAYBgkqhkiG9w0BCQEWC2RyZUBtYWMu
Y29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC/MoPLRLWSav5Q4XDElrsh
bvTLMsz/8KTKYfePOxBz21bee0chGX/2M5WILKgzDATNAbMi1RVePO/yGOmCfqis
TcRBzNHT0DojYttbU0dqh3ZVlq97OCdguluE0YulS/Py3/SiaHTm3ZgnXeWNOteF
yi13TxBBZo1ZnndNY6o31wIDAQABo4HnMIHkMB0GA1UdDgQWBBTrsu0EdXVAklkD
kD9Ulfk7qiXP1TCBtAYDVR0jBIGsMIGpgBTrsu0EdXVAklkDkD9Ulfk7qiXP1aGB
jaSBijCBhzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZEYWxs
YXMxEDAOBgNVBAoTB2RyZW5lc3MxETAPBgNVBAsTCEVhcnRoR292MRkwFwYDVQQD
ExBtZXRhLmRyZW5lc3MuY29tMRowGAYJKoZIhvcNAQkBFgtkcmVAbWFjLmNvbYIB
ADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBAUAA4GBAA6fxzCRmeptWZ9J8dwQ
uQGEJsHxiQb/6e/2cV3A/9t5QOaEic4WTCCJuavUMFxXwv87tQXbv5vbFTELYTN3
7wOYXD/iRAuuATEOdMyAfXSJBYlwgwiIF3nZzK9bAPpGfukfqDwCde7+i8xjeR2M
CdvyaESqjzbMczptJ40EZObp
-----END CERTIFICATE-----
EOF

echo "creating cert file for imap-ssl"
cat << EOF > imap-ssl_cacert.pem
-----BEGIN CERTIFICATE-----
MIICpzCCAhCgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjTELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZEYWxsYXMxFjAUBgNVBAoTDWRyZW5lc3Mg
cG9wM2QxETAPBgNVBAsTCEVhcnRoR292MRkwFwYDVQQDExBtZXRhLmRyZW5lc3Mu
Y29tMRowGAYJKoZIhvcNAQkBFgtkcmVAbWFjLmNvbTAeFw0wNDAzMTIwMDI0MDJa
Fw0wNTAzMTIwMDI0MDJaMIGNMQswCQYDVQQGEwJVUzELMAkGA1UECBMCVFgxDzAN
BgNVBAcTBkRhbGxhczEWMBQGA1UEChMNZHJlbmVzcyBwb3AzZDERMA8GA1UECxMI
RWFydGhHb3YxGTAXBgNVBAMTEG1ldGEuZHJlbmVzcy5jb20xGjAYBgkqhkiG9w0B
CQEWC2RyZUBtYWMuY29tMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDQRHNj
wvuakT+L8j+Ih+K9scYr/355FmhPcJXHfdqyWloRF0piehxmzLGNpRVlc+GuVbNR
NX+HrkEhUBp/SdmKax9Gz4yHN1PdOxJUEJpVz0VitfqjGnPgrjh6Il0yKox1NcVa
DsEkwRIrTvBRUiOLYHaGQp8zzwzGBvzD3f/MJwIDAQABoxUwEzARBglghkgBhvhC
AQEEBAMCBkAwDQYJKoZIhvcNAQEEBQADgYEAjLSbSJIG2RiLhEcqiEPKqmLHJqAZ
kE8uzwmQpWdpBg4aumzysja+qwcWPxlMxpl70lfikjd/crUGmlxrcsMV6uWUB7sU
fzI0GLVtoW06cZeZFddce+N/2kzDEBdtkam/uHqCf8CBS33bbtrM9l8FzOLgZL9X
uyysWwc//WUw12w=
-----END CERTIFICATE-----
EOF

echo "creating cert file for pop3d-ssl"
cat << EOF > pop3d-ssl_cacert.pem
-----BEGIN CERTIFICATE-----
MIICpTCCAg6gAwIBAgIBADANBgkqhkiG9w0BAQQFADCBjDELMAkGA1UEBhMCVVMx
CzAJBgNVBAgTAlRYMQ8wDQYDVQQHEwZEYWxsYXMxFTATBgNVBAoTDGRyZW5lc3Mg
aW1hcDERMA8GA1UECxMIRWFydGhHb3YxGTAXBgNVBAMTEG1ldGEuZHJlbmVzcy5j
b20xGjAYBgkqhkiG9w0BCQEWC2RyZUBtYWMuY29tMB4XDTA0MDMxMjAwMjM1N1oX
DTA1MDMxMjAwMjM1N1owgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIEwJUWDEPMA0G
A1UEBxMGRGFsbGFzMRUwEwYDVQQKEwxkcmVuZXNzIGltYXAxETAPBgNVBAsTCEVh
cnRoR292MRkwFwYDVQQDExBtZXRhLmRyZW5lc3MuY29tMRowGAYJKoZIhvcNAQkB
FgtkcmVAbWFjLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArDOHQUQO
2GVHFxgIoHJDGVRxy+8TUiy7LrSbazLFZPllPvpmRG32k7QS/exdVcXkS/P7kgyT
LJJ5sG5Zk1CSVDDD+gn9LZY/ps6FHttzmp/c5xID3odKu1c47qnDbFyLqXkrfBPX
f+gIWHGzPe7tnWJ7lAl5d5jMzmTdT1Qcg5MCAwEAAaMVMBMwEQYJYIZIAYb4QgEB
BAQDAgZAMA0GCSqGSIb3DQEBBAUAA4GBAI4E78j7g27hWOivknFfNSdYsGI28ERV
YP5ebXPpmDfueR0NTMHTcRN7xwUbKHEoaGl3yq7f2amj2PB9Ig0wIHsEUqq1uLaA
4Xf4FUmk4O7ztO14jUaEBqG5a7V9b7P2Kb1ZBgB9F3RWW4rLP5RrGsw8ssykmfAD
dtdAO+JM+ZkM
-----END CERTIFICATE-----
EOF

echo "getting a local copy of X509Anchorrs..."
# Get a local copy of the X509Anchors keychain. This contains
# the system's list of trusted certificate authorities
cp /System/Library/Keychains/X509Anchors .

echo "using certtool to import the certs into X509Anchors..."
# import the meta.dreness.com certificate authority into the
# local copy of X509Anchors
echo "importing dreness_cacert.pem..."
certtool i dreness_cacert.pem k=X509Anchors v
echo "importing imap-ssl_cacert.pem..."
certtool i imap-ssl_cacert.pem k=X509Anchors v
echo "importing pop3d-ssl_cacert.pem"
certtool i pop3d-ssl_cacert.pem k=X509Anchors v

append=`date "+%m-%d-%y--%H:%M:%S"`
echo "making a backup of the old X509Anchors just in case (may require your password)"
echo "the backup will be stored at:"
echo "/System/Library/Keychains/X509Anchors.backup-$append"
sleep 1
sudo cp /System/Library/Keychains/X509Anchors \
/System/Library/Keychains/X509Anchors.backup-$append

echo "moving updated X509Anchors back to /System/Library/Keychains..."
# Copy the modified version of X509Anchors back to where it belongs
sudo cp X509Anchors /System/Library/Keychains/X509Anchors

echo ""
echo "all done, quit / relaunch mail or safari and give it a go"
echo ""