#! /bin/csh -f
#
# Build SystemCACertificates.keychain from all the certs in cwd/certs. 
# Creates this file in ./BuiltKeychains/.
#
set CWD=`pwd`
set CA_CERT_DIR=$CWD/certs
set KC_DIR=$CWD/BuiltKeychains

if((! -e "$CA_CERT_DIR") || (! -e "$KC_DIR")) then
   echo "You do not seem to be in a current security_certificates directory. Aborting."
   exit(1)
endif

set CA_CERT_KC=SystemCACertificates.keychain
set CA_CERT_KC_PATH="$KC_DIR/$CA_CERT_KC"
set SECURITY=/usr/bin/security

# save keychain list so we don't add SystemRootCertificates to it
#set SAVED_KC_LIST=`$SECURITY list`

echo Creating empty $CA_CERT_KC...
rm -f "$CA_CERT_KC_PATH" || exit(1)
$SECURITY create-keychain -p $CA_CERT_KC "$CA_CERT_KC_PATH" || exit(1)

echo Adding intermediate certs to $CA_CERT_KC... "($CA_CERT_KC_PATH)"
echo Intermediates from "$CA_CERT_DIR"
 
cd "$CA_CERT_DIR" || exit(1)

foreach root (*)
        echo Intermediate $root...
	$SECURITY -q add-certificates -k "$CA_CERT_KC_PATH" "$root" || exit(1)
end

chmod 0644 "$CA_CERT_KC_PATH" || exit(1)

#$SECURITY list -s $SAVED_KC_LIST

echo "=== System CA Certificate Processing complete. ==="