#!/bin/sh

rm -rf *.der *.pem

#[keyid:Acme].role:friendof([keyid:Roadrunner]) <-?- [keyid:Coyote] (no)
#[keyid:Acme].role:preferred_customer <-?- [keyid:Jackrabbit] (yes)

creddy --generate --cn Acme
creddy --generate --cn Coyote
creddy --generate --cn Roadrunner
creddy --generate --cn Jackrabbit

roadrunner_keyid=`creddy --keyid --cert Roadrunner_ID.pem`
friendof_roadrunner="friendOf([keyid:$roadrunner_keyid])"

#[keyid:Acme].role:preferred_customer <- [keyid:Acme].role:friendOf([keyid:Roadrunner])
creddy --attribute \
       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
       --subject-cert Acme_ID.pem --subject-role  $friendof_roadrunner \
       --out Acme_preferred_customer__Acme_friendof_Roadrunner_attr.der

#[keyid:Acme].role:prefered_customer <- [keyid:Coyote]
creddy --attribute \
       --issuer Acme_ID.pem --key Acme_private.pem --role preferred_customer \
       --subject-cert Coyote_ID.pem \
       --out Acme_preferred_customer__Coyote_attr.der

#[keyid:Acme].role:friendOf([keyid:Roadrunner]) <- [keyid:Jackrabbit]
creddy --attribute \
       --issuer Acme_ID.pem --key Acme_private.pem --role $friendof_roadrunner \
       --subject-cert Jackrabbit_ID.pem \
       --out Acme_friendof_Roadrunner__Jackrabbit_attr.der