Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Ivan Tyagov
caucase
Commits
a36ccf92
Commit
a36ccf92
authored
Dec 13, 2018
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
shell: Use single-quote strings wherever possible.
Reduces backslash-doubling crazyness.
parent
268b3a53
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
134 additions
and
132 deletions
+134
-132
shell/caucase.sh
shell/caucase.sh
+134
-132
No files found.
shell/caucase.sh
View file @
a36ccf92
...
@@ -22,7 +22,7 @@ str2json () {
...
@@ -22,7 +22,7 @@ str2json () {
# Usage: str2json < str
# Usage: str2json < str
# Note: using $() to strip the trailing newline added by jq.
# Note: using $() to strip the trailing newline added by jq.
printf
"%s"
"
$(
jq
--raw-input
--slurp
.
)
"
printf
'%s'
"
$(
jq
--raw-input
--slurp
.
)
"
}
}
pairs2obj
()
{
pairs2obj
()
{
...
@@ -55,8 +55,8 @@ forEachJSONListItem () {
...
@@ -55,8 +55,8 @@ forEachJSONListItem () {
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
list index
local
list index
list
=
"
$(
cat
)
"
list
=
"
$(
cat
)
"
for
index
in
$(
seq
0
$((
$(
printf
"%s
\\
n"
"
$list
"
| jq length
)
-
1
))
)
;
do
for
index
in
$(
seq
0
$((
$(
printf
'%s\n'
"
$list
"
| jq length
)
-
1
))
)
;
do
printf
"%s
\\
n"
"
$list
"
| jq
".[
$index
]"
|
"
$@
"
||
return
$?
printf
'%s\n'
"
$list
"
| jq
".[
$index
]"
|
"
$@
"
||
return
$?
done
done
}
}
...
@@ -69,10 +69,10 @@ wrap () {
...
@@ -69,10 +69,10 @@ wrap () {
# Note: $() looses trailing newlines, so payload should not need to end with
# Note: $() looses trailing newlines, so payload should not need to end with
# any newline.
# any newline.
pairs2obj
\
pairs2obj
\
"digest"
"
$(
printf
"%s"
"
$digest
"
| str2json
)
"
\
'digest'
"
$(
printf
'%s'
"
$digest
"
| str2json
)
"
\
"payload"
"
$(
printf
"%s"
"
$payload
"
| str2json
)
"
\
'payload'
"
$(
printf
'%s'
"
$payload
"
| str2json
)
"
\
"signature"
"
$(
'signature'
"
$(
printf
"%s%s "
"
$payload
"
"
$digest
"
\
printf
'%s%s '
"
$payload
"
"
$digest
"
\
| openssl dgst
\
| openssl dgst
\
-
"
$digest
"
\
-
"
$digest
"
\
-binary
\
-binary
\
...
@@ -99,12 +99,12 @@ unwrap () {
...
@@ -99,12 +99,12 @@ unwrap () {
local
wrapped status json_digest digest signature_file payload pubkey_file
local
wrapped status json_digest digest signature_file payload pubkey_file
wrapped
=
"
$(
cat
)
"
wrapped
=
"
$(
cat
)
"
json_digest
=
"
$(
printf
"%s
\\
n"
"
$wrapped
"
| jq .digest
)
"
json_digest
=
"
$(
printf
'%s\n'
"
$wrapped
"
| jq .digest
)
"
if
[
"
$json_digest
"
=
"null"
]
;
then
if
[
"
$json_digest
"
=
'null'
]
;
then
return
1
return
1
fi
fi
digest
=
"
$(
digest
=
"
$(
printf
"%s
\\
n"
"
$json_digest
"
| jq
--raw-output
ascii_downcase
printf
'%s\n'
"
$json_digest
"
| jq
--raw-output
ascii_downcase
)
"
)
"
case
"
$digest
"
in
case
"
$digest
"
in
sha256|sha384|sha512
)
sha256|sha384|sha512
)
...
@@ -118,12 +118,12 @@ unwrap () {
...
@@ -118,12 +118,12 @@ unwrap () {
;;
;;
esac
esac
signature_file
=
"
$(
mktemp
--suffix
=
unwrap.sig
)
"
signature_file
=
"
$(
mktemp
--suffix
=
unwrap.sig
)
"
printf
"%s
\\
n"
"
$wrapped
"
| jq
--raw-output
.signature |
\
printf
'%s\n'
"
$wrapped
"
| jq
--raw-output
.signature |
\
base64
-d
>
"
$signature_file
"
base64
-d
>
"
$signature_file
"
payload
=
"
$(
printf
"%s
\\
n"
"
$wrapped
"
| jq
--raw-output
.payload
)
"
payload
=
"
$(
printf
'%s\n'
"
$wrapped
"
| jq
--raw-output
.payload
)
"
pubkey_file
=
"
$(
mktemp
--suffix
=
unwrap.pub
)
"
pubkey_file
=
"
$(
mktemp
--suffix
=
unwrap.pub
)
"
if
printf
"%s
\\
n"
"
$payload
"
"
$@
"
| openssl x509
-pubkey
-noout
>
"
$pubkey_file
"
;
then
if
printf
'%s\n'
"
$payload
"
"
$@
"
| openssl x509
-pubkey
-noout
>
"
$pubkey_file
"
;
then
printf
"%s%s "
"
$payload
"
"
$digest
"
\
printf
'%s%s '
"
$payload
"
"
$digest
"
\
| openssl dgst
\
| openssl dgst
\
-
"
$digest
"
\
-
"
$digest
"
\
-verify
"
$pubkey_file
"
\
-verify
"
$pubkey_file
"
\
...
@@ -136,7 +136,7 @@ unwrap () {
...
@@ -136,7 +136,7 @@ unwrap () {
status
=
2
status
=
2
fi
fi
rm
"
$signature_file
"
"
$pubkey_file
"
rm
"
$signature_file
"
"
$pubkey_file
"
test
$status
-eq
0
&&
printf
"%s"
"
$payload
"
test
$status
-eq
0
&&
printf
'%s'
"
$payload
"
return
$status
return
$status
}
}
...
@@ -145,10 +145,10 @@ nullUnwrap () {
...
@@ -145,10 +145,10 @@ nullUnwrap () {
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
wrapped
local
wrapped
wrapped
=
"
$(
cat
)
"
wrapped
=
"
$(
cat
)
"
if
[
"
$(
printf
"%s
\\
n"
"
$wrapped
"
| jq
'.digest'
)
"
!=
"null"
]
;
then
if
[
"
$(
printf
'%s\n'
"
$wrapped
"
| jq
'.digest'
)
"
!=
'null'
]
;
then
return
1
return
1
fi
fi
printf
"%s
\\
n"
"
$wrapped
"
| jq .payload
printf
'%s\n'
"
$wrapped
"
| jq .payload
}
}
writeCertKey
()
{
writeCertKey
()
{
...
@@ -162,8 +162,8 @@ writeCertKey () {
...
@@ -162,8 +162,8 @@ writeCertKey () {
:
>
"
$crt_path
"
:
>
"
$crt_path
"
:
>
"
$key_path
"
:
>
"
$key_path
"
test
$need_chmod
-eq
0
&&
chmod
go
=
"
$key_path
"
test
$need_chmod
-eq
0
&&
chmod
go
=
"
$key_path
"
printf
"%s
\\
n"
"
$key_data
"
>>
"
$key_path
"
printf
'%s\n'
"
$key_data
"
>>
"
$key_path
"
printf
"%s
\\
n"
"
$crt_data
"
>>
"
$crt_path
"
printf
'%s\n'
"
$crt_data
"
>>
"
$crt_path
"
}
}
alias
CURL
=
'curl --silent'
alias
CURL
=
'curl --silent'
...
@@ -176,40 +176,40 @@ PUTNoOut () {
...
@@ -176,40 +176,40 @@ PUTNoOut () {
local
result
local
result
if
result
=
"
$(
if
result
=
"
$(
PUT
\
PUT
\
--write-out
"
\\
n%{http_code}
\\
n"
\
--write-out
'\n%{http_code}\n'
\
"
$@
"
"
$@
"
)
"
;
then
)
"
;
then
:
:
else
else
return
3
return
3
fi
fi
case
"
$(
printf
"%s
\\
n"
"
$result
"
|
tail
-n
1
)
"
in
case
"
$(
printf
'%s\n'
"
$result
"
|
tail
-n
1
)
"
in
2??
)
2??
)
return
0
return
0
;;
;;
401
)
401
)
printf
"Unauthorized
\\
n"
>
&2
printf
'Unauthorized\n'
>
&2
return
2
return
2
;;
;;
409
)
409
)
printf
"Found
\\
n"
>
&2
printf
'Found\n'
>
&2
return
4
return
4
;;
;;
*
)
*
)
printf
"%s
\\
n"
"
$result
"
|
head
-n
-1
>
&2
printf
'%s\n'
"
$result
"
|
head
-n
-1
>
&2
return
1
return
1
;;
;;
esac
esac
}
}
_matchCertificateBoundary
()
{
_matchCertificateBoundary
()
{
test
"
$1
"
=
"-----END CERTIFICATE-----"
test
"
$1
"
=
'-----END CERTIFICATE-----'
return
$?
return
$?
}
}
_matchPrivateKeyBoundary
()
{
_matchPrivateKeyBoundary
()
{
case
"
$1
"
in
case
"
$1
"
in
"-----END PRIVATE KEY-----"
|
"-----END RSA PRIVATE KEY-----"
)
'-----END PRIVATE KEY-----'
|
'-----END RSA PRIVATE KEY-----'
)
return
0
return
0
;;
;;
esac
esac
...
@@ -223,34 +223,34 @@ _forEachPEM () {
...
@@ -223,34 +223,34 @@ _forEachPEM () {
# <command> receives each matching PEM element as input.
# <command> receives each matching PEM element as input.
# If <command> exit status is non-zero, enumeration stops.
# If <command> exit status is non-zero, enumeration stops.
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
tester
=
"
$1
"
current
=
""
local
tester
=
"
$1
"
current
=
''
shift
shift
while
IFS
=
read
-r
line
;
do
while
IFS
=
read
-r
line
;
do
if
[
-z
"
$current
"
]
;
then
if
[
-z
"
$current
"
]
;
then
current
=
"
$line
"
current
=
"
$line
"
else
else
current
=
"
$(
printf
"%s
\\
n%s"
"
$current
"
"
$line
"
)
"
current
=
"
$(
printf
'%s\n%s'
"
$current
"
"
$line
"
)
"
fi
fi
case
"
$line
"
in
case
"
$line
"
in
"-----END "
*
"-----"
)
'-----END '
*
'-----'
)
if
"
$tester
"
"
$line
"
;
then
if
"
$tester
"
"
$line
"
;
then
printf
"%s
\\
n"
"
$current
"
|
"
$@
"
||
return
$?
printf
'%s\n'
"
$current
"
|
"
$@
"
||
return
$?
fi
fi
current
=
""
current
=
''
;;
;;
esac
esac
done
done
}
}
alias
forEachCertificate
=
"_forEachPEM _matchCertificateBoundary"
alias
forEachCertificate
=
'_forEachPEM _matchCertificateBoundary'
# Iterate over certificate of a PEM file, piping each to <command>
# Iterate over certificate of a PEM file, piping each to <command>
# Usage: _forEachPEM <command> [<arg> ...] < pem
# Usage: _forEachPEM <command> [<arg> ...] < pem
alias
forEachPrivateKey
=
"_forEachPEM _matchPrivateKeyBoundary"
alias
forEachPrivateKey
=
'_forEachPEM _matchPrivateKeyBoundary'
# Iterate over private key of a PEM file, piping each to <command>
# Iterate over private key of a PEM file, piping each to <command>
# Usage: _forEachPEM <command> [<arg> ...] < pem
# Usage: _forEachPEM <command> [<arg> ...] < pem
alias
pem2fingerprint
=
"openssl x509 -fingerprint -noout"
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
pemFingerprintIs
()
{
pemFingerprintIs
()
{
# Usage: pemFingerprintIs <fingerprint> < certificate
# Usage: pemFingerprintIs <fingerprint> < certificate
...
@@ -264,7 +264,7 @@ expiresBefore () {
...
@@ -264,7 +264,7 @@ expiresBefore () {
# <date> must be a unix timestamp (date +%s)
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
enddate
local
enddate
enddate
=
"
$(
openssl x509
-enddate
-noout
|
sed
"s/^[^=]*=//"
)
"
enddate
=
"
$(
openssl x509
-enddate
-noout
|
sed
's/^[^=]*=//'
)
"
test
$?
-ne
0
&&
return
1
test
$?
-ne
0
&&
return
1
test
"
$(
date
--date
=
"
$enddate
"
+%s
)
"
-lt
"
$1
"
test
"
$(
date
--date
=
"
$enddate
"
+%s
)
"
-lt
"
$1
"
return
$?
return
$?
...
@@ -277,7 +277,7 @@ printIfExpiresAfter () {
...
@@ -277,7 +277,7 @@ printIfExpiresAfter () {
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
crt
local
crt
crt
=
"
$(
cat
)
"
crt
=
"
$(
cat
)
"
printf
"%s
\\
n"
"
$crt
"
| expiresBefore
"
$1
"
||
printf
"%s
\\
n"
"
$crt
"
printf
'%s\n'
"
$crt
"
| expiresBefore
"
$1
"
||
printf
'%s\n'
"
$crt
"
}
}
appendValidCA
()
{
appendValidCA
()
{
...
@@ -290,15 +290,15 @@ appendValidCA () {
...
@@ -290,15 +290,15 @@ appendValidCA () {
if
payload
=
$(
unwrap jq
--raw-output
.old_pem
)
;
then
if
payload
=
$(
unwrap jq
--raw-output
.old_pem
)
;
then
:
:
else
else
printf
"Bad signature, something is very wrong"
>
&2
printf
'Bad signature, something is very wrong'
>
&2
return
1
return
1
fi
fi
cert
=
"
$(
printf
"%s
\\
n"
"
$payload
"
| jq
--raw-output
.old_pem
)
"
cert
=
"
$(
printf
'%s\n'
"
$payload
"
| jq
--raw-output
.old_pem
)
"
forEachCertificate
\
forEachCertificate
\
pemFingerprintIs
\
pemFingerprintIs
\
"
$(
printf
"%s
\\
n"
"
$cert
"
| pem2fingerprint
)
"
<
"
$ca
"
"
$(
printf
'%s\n'
"
$cert
"
| pem2fingerprint
)
"
<
"
$ca
"
if
[
$?
-eq
1
]
;
then
if
[
$?
-eq
1
]
;
then
printf
"%s
\\
n"
"
$cert
"
>>
"
$ca
"
printf
'%s\n'
"
$cert
"
>>
"
$ca
"
fi
fi
}
}
...
@@ -307,16 +307,16 @@ checkCertificateMatchesKey () {
...
@@ -307,16 +307,16 @@ checkCertificateMatchesKey () {
# Returns 0 if certificate's public key matches private key's public key,
# Returns 0 if certificate's public key matches private key's public key,
# 1 otherwise.
# 1 otherwise.
test
"
$(
test
"
$(
printf
"%s
\\
n"
"
$1
"
| openssl x509
-modulus
-noout
|
sed
"s/^Modulus=//"
printf
'%s\n'
"
$1
"
| openssl x509
-modulus
-noout
|
sed
's/^Modulus=//'
)
"
=
"
$(
)
"
=
"
$(
echo
"
$2
"
| openssl rsa
-modulus
-noout
|
sed
"s/^Modulus=//"
echo
"
$2
"
| openssl rsa
-modulus
-noout
|
sed
's/^Modulus=//'
)
"
)
"
return
$?
return
$?
}
}
checkDeps
()
{
checkDeps
()
{
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
missingdeps
=
""
dep
local
missingdeps
=
''
dep
# Expected builtins & keywords:
# Expected builtins & keywords:
# alias local if then else elif fi for in do done case esac return [ test
# alias local if then else elif fi for in do done case esac return [ test
# shift set
# shift set
...
@@ -328,7 +328,7 @@ checkDeps () {
...
@@ -328,7 +328,7 @@ checkDeps () {
return
1
return
1
fi
fi
if
[
!
-r
/dev/null
]
||
[
!
-w
/dev/null
]
;
then
if
[
!
-r
/dev/null
]
||
[
!
-w
/dev/null
]
;
then
echo
"Cannot read from & write to /dev/null"
>
&2
echo
'Cannot read from & write to /dev/null'
>
&2
return
1
return
1
fi
fi
}
}
...
@@ -367,34 +367,34 @@ EOF
...
@@ -367,34 +367,34 @@ EOF
)
"
)
"
if
newcrtdata
=
"
$(
if
newcrtdata
=
"
$(
pairs2obj
\
pairs2obj
\
"crt_pem"
"
$(
str2json
)
"
\
'crt_pem'
"
$(
str2json
)
"
\
"renew_csr_pem"
"
$(
'renew_csr_pem'
"
$(
echo
"
$newkeydata
"
\
echo
"
$newkeydata
"
\
| openssl req
\
| openssl req
\
-new
\
-new
\
-key
-
\
-key
-
\
-subj
"/CN=dummy"
\
-subj
'/CN=dummy'
\
-config
"
$emptyreqcnf
"
\
-config
"
$emptyreqcnf
"
\
| str2json
| str2json
)
"
\
)
"
\
| wrap
"
$oldkey
"
"sha256"
\
| wrap
"
$oldkey
"
'sha256'
\
| PUT
--insecure
\
| PUT
--insecure
\
--header
"Content-Type: application/json"
\
--header
'Content-Type: application/json'
\
"
$url
/crt/renew/"
"
$url
/crt/renew/"
)
"
;
then
)
"
;
then
if
[
\
if
[
\
"x
$(
printf
"%s
\\
n"
"
$newcrtdata
"
|
head
-n
1
)
"
\
"x
$(
printf
'%s\n'
"
$newcrtdata
"
|
head
-n
1
)
"
\
=
\
=
\
"x-----BEGIN CERTIFICATE-----"
\
'x-----BEGIN CERTIFICATE-----'
\
]
;
then
]
;
then
if
checkCertificateMatchesKey
"
$newcrtdata
"
"
$newkeydata
"
;
then
if
checkCertificateMatchesKey
"
$newcrtdata
"
"
$newkeydata
"
;
then
writeCertKey
"
$newcrt
"
"
$newcrtdata
"
"
$newkey
"
"
$newkeydata
"
writeCertKey
"
$newcrt
"
"
$newcrtdata
"
"
$newkey
"
"
$newkeydata
"
rm
"
$emptyreqcnf
"
rm
"
$emptyreqcnf
"
return
0
return
0
fi
fi
printf
"Certificate does not match private key
\\
n"
>
&2
printf
'Certificate does not match private key\n'
>
&2
else
else
printf
"%s"
"
$newcrtdata
"
>
&2
printf
'%s'
"
$newcrtdata
"
>
&2
fi
fi
fi
fi
rm
"
$emptyreqcnf
"
rm
"
$emptyreqcnf
"
...
@@ -403,10 +403,10 @@ EOF
...
@@ -403,10 +403,10 @@ EOF
revokeCertificate
()
{
revokeCertificate
()
{
# Usage: <url> <key_path> < crt
# Usage: <url> <key_path> < crt
pairs2obj
"revoke_crt_pem"
"
$(
str2json
)
"
\
pairs2obj
'revoke_crt_pem'
"
$(
str2json
)
"
\
| wrap
"
$2
"
"sha256"
\
| wrap
"
$2
"
'sha256'
\
| PUTNoOut
\
| PUTNoOut
\
--header
"Content-Type: application/json"
\
--header
'Content-Type: application/json'
\
--insecure
\
--insecure
\
"
$1
/crt/revoke/"
"
$1
/crt/revoke/"
return
$?
return
$?
...
@@ -414,11 +414,11 @@ revokeCertificate () {
...
@@ -414,11 +414,11 @@ revokeCertificate () {
revokeCRTWithoutKey
()
{
revokeCRTWithoutKey
()
{
# Usage: <url> <ca> <user crt> < crt
# Usage: <url> <ca> <user crt> < crt
pairs2obj
"revoke_crt_pem"
"
$(
str2json
)
"
\
pairs2obj
'revoke_crt_pem'
"
$(
str2json
)
"
\
| nullWrap
\
| nullWrap
\
| PUTNoOut
\
| PUTNoOut
\
--cert
"
$3
"
\
--cert
"
$3
"
\
--header
"Content-Type: application/json"
\
--header
'Content-Type: application/json'
\
--cacert
"
$2
"
\
--cacert
"
$2
"
\
"
$1
/crt/revoke/"
"
$1
/crt/revoke/"
return
$?
return
$?
...
@@ -426,11 +426,11 @@ revokeCRTWithoutKey () {
...
@@ -426,11 +426,11 @@ revokeCRTWithoutKey () {
revokeSerial
()
{
revokeSerial
()
{
# Usage: <url> <ca> <user crt> <serial>
# Usage: <url> <ca> <user crt> <serial>
pairs2obj
"revoke_serial"
"
$4
"
\
pairs2obj
'revoke_serial'
"
$4
"
\
| nullWrap
\
| nullWrap
\
| PUTNoOut
\
| PUTNoOut
\
--cert
"
$3
"
\
--cert
"
$3
"
\
--header
"Content-Type: application/json"
\
--header
'Content-Type: application/json'
\
--cacert
"
$2
"
\
--cacert
"
$2
"
\
"
$1
/crt/revoke/"
"
$1
/crt/revoke/"
return
$?
return
$?
...
@@ -450,24 +450,24 @@ updateCACertificate () {
...
@@ -450,24 +450,24 @@ updateCACertificate () {
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
1
test
$status
-ne
0
&&
return
1
valid_ca
=
"
$(
valid_ca
=
"
$(
printf
"%s
\\
n"
"
$orig_ca
"
\
printf
'%s\n'
"
$orig_ca
"
\
| forEachCertificate printIfExpiresAfter
"
$(
date
+%s
)
"
| forEachCertificate printIfExpiresAfter
"
$(
date
+%s
)
"
)
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
1
test
$status
-ne
0
&&
return
1
printf
"%s
\\
n"
"
$valid_ca
"
>
"
$ca
"
printf
'%s\n'
"
$valid_ca
"
>
"
$ca
"
if
[
!
-r
"
$cas_ca
"
]
;
then
if
[
!
-r
"
$cas_ca
"
]
;
then
# Should never be reached, as this function should be run once with
# Should never be reached, as this function should be run once with
# cas_ca == ca (to update CAS' CA), in which case cas_ca exists by this
# cas_ca == ca (to update CAS' CA), in which case cas_ca exists by this
# point. CAU's CA should only be updated after, and by that point CAS' CA
# point. CAU's CA should only be updated after, and by that point CAS' CA
# already exists.
# already exists.
printf
"%s does not exist
\\
n"
"
$cas_ca
"
printf
'%s does not exist\n'
"
$cas_ca
"
return
1
return
1
fi
fi
future_ca
=
"
$(
CURL
--cacert
"
$cas_ca
"
"
$url
/crt/ca.crt.json"
)
"
future_ca
=
"
$(
CURL
--cacert
"
$cas_ca
"
"
$url
/crt/ca.crt.json"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
1
test
$status
-ne
0
&&
return
1
printf
"%s
\\
n"
"
$future_ca
"
| forEachJSONListItem appendValidCA
"
$ca
"
printf
'%s\n'
"
$future_ca
"
| forEachJSONListItem appendValidCA
"
$ca
"
}
}
getCertificateRevocationList
()
{
getCertificateRevocationList
()
{
...
@@ -490,13 +490,13 @@ getPendingCertificateRequestList () {
...
@@ -490,13 +490,13 @@ getPendingCertificateRequestList () {
createCertificateSigningRequest
()
{
createCertificateSigningRequest
()
{
# Usage: <url> < csr > csr id
# Usage: <url> < csr > csr id
PUT
--insecure
--header
"Content-Type: application/pkcs10"
"
$1
/csr"
\
PUT
--insecure
--header
'Content-Type: application/pkcs10'
"
$1
/csr"
\
--dump-header
- |
while
IFS
=
read
-r
line
;
do
--dump-header
- |
while
IFS
=
read
-r
line
;
do
# Note: $line contains trailing \r, which will not get stripped by $().
# Note: $line contains trailing \r, which will not get stripped by $().
# So strip it with sed instead.
# So strip it with sed instead.
case
"
$line
"
in
case
"
$line
"
in
"Location: "
*
)
'Location: '
*
)
printf
"%s
\\
n"
"
$line
"
|
sed
"s/^Location:
\\
(
\\
S*
\\
).*/
\\
1/"
printf
'%s\n'
"
$line
"
|
sed
's/^Location: \(\S*\).*/\1/'
;;
;;
esac
esac
done
done
...
@@ -516,7 +516,7 @@ getCertificate () {
...
@@ -516,7 +516,7 @@ getCertificate () {
CURL
--fail
--insecure
"
$1
/crt/
$2
"
CURL
--fail
--insecure
"
$1
/crt/
$2
"
status
=
$?
status
=
$?
if
[
$status
-ne
0
]
;
then
if
[
$status
-ne
0
]
;
then
printf
"Certificate %s not found (not signed yet or rejected)
\\
n"
"
$2
"
>
&2
printf
'Certificate %s not found (not signed yet or rejected)\n'
"
$2
"
>
&2
return
1
return
1
fi
fi
}
}
...
@@ -528,7 +528,7 @@ createCertificate () {
...
@@ -528,7 +528,7 @@ createCertificate () {
PUTNoOut
--cert
"
$3
"
--cacert
"
$2
"
"
$1
/crt/
$4
"
< /dev/null
PUTNoOut
--cert
"
$3
"
--cacert
"
$2
"
"
$1
/crt/
$4
"
< /dev/null
result
=
$?
result
=
$?
if
[
$result
-ne
0
]
;
then
if
[
$result
-ne
0
]
;
then
printf
"%s: No such pending signing request
\\
n"
"
$4
"
>
&2
printf
'%s: No such pending signing request\n'
"
$4
"
>
&2
fi
fi
return
$result
return
$result
}
}
...
@@ -536,7 +536,7 @@ createCertificate () {
...
@@ -536,7 +536,7 @@ createCertificate () {
createCertificateWith
()
{
createCertificateWith
()
{
# Usage: <url> <ca> <user crt> <csr id> < csr
# Usage: <url> <ca> <user crt> <csr id> < csr
PUTNoOut
--cert
"
$3
"
--cacert
"
$2
"
\
PUTNoOut
--cert
"
$3
"
--cacert
"
$2
"
\
--header
"Content-Type: application/pkcs10"
"
$1
/crt/
$4
"
--header
'Content-Type: application/pkcs10'
"
$1
/crt/
$4
"
return
$?
return
$?
}
}
...
@@ -628,17 +628,19 @@ These options require --user-key .
...
@@ -628,17 +628,19 @@ These options require --user-key .
Special actions
Special actions
--help
--help
Display this help and exit.
Display this help and exit.
--version
Display command version and exit.
EOF
EOF
}
}
_argUsage
()
{
_argUsage
()
{
printf
"%s: %s
\\
n"
"
$arg
"
"
$1
"
>
&2
printf
'%s: %s\n'
"
$arg
"
"
$1
"
>
&2
_usage
>
&2
_usage
>
&2
}
}
_needArg
()
{
_needArg
()
{
if
[
"
$argc
"
-lt
"
$1
"
]
;
then
if
[
"
$argc
"
-lt
"
$1
"
]
;
then
printf
"%s
\\
n"
"
$arg
needs
$1
arguments"
>
&2
printf
'%s\n'
"
$arg
needs
$1
arguments"
>
&2
_usage
>
&2
_usage
>
&2
return
1
return
1
fi
fi
...
@@ -646,7 +648,7 @@ EOF
...
@@ -646,7 +648,7 @@ EOF
_needURLAndArg
()
{
_needURLAndArg
()
{
if
[
-z
"
$ca_anon_url
"
]
;
then
if
[
-z
"
$ca_anon_url
"
]
;
then
printf
"%s
\\
n"
"--ca-url must be provided before
$arg
"
>
&2
printf
'%s\n'
"--ca-url must be provided before
$arg
"
>
&2
return
1
return
1
fi
fi
_needArg
"
$1
"
||
return
1
_needArg
"
$1
"
||
return
1
...
@@ -654,7 +656,7 @@ EOF
...
@@ -654,7 +656,7 @@ EOF
_needAuthURLAndArg
()
{
_needAuthURLAndArg
()
{
if
[
-z
"
$user_key
"
]
;
then
if
[
-z
"
$user_key
"
]
;
then
printf
"%s
\\
n"
"--user-key must be provided before
$arg
"
>
&2
printf
'%s\n'
"--user-key must be provided before
$arg
"
>
&2
return
1
return
1
fi
fi
_needURLAndArg
"
$1
"
||
return
1
_needURLAndArg
"
$1
"
||
return
1
...
@@ -670,7 +672,7 @@ EOF
...
@@ -670,7 +672,7 @@ EOF
_printOneKey
()
{
_printOneKey
()
{
# Called from _main, sets global "key_found".
# Called from _main, sets global "key_found".
if
[
$key_found
-ne
0
]
;
then
if
[
$key_found
-ne
0
]
;
then
_argUsage
"Multiple private keys"
_argUsage
'Multiple private keys'
return
1
return
1
fi
fi
key_found
=
1
key_found
=
1
...
@@ -680,7 +682,7 @@ EOF
...
@@ -680,7 +682,7 @@ EOF
_printOneCert
()
{
_printOneCert
()
{
# Called indirectly from _main, sets global "crt_found".
# Called indirectly from _main, sets global "crt_found".
if
[
"
$crt_found
"
-ne
0
]
;
then
if
[
"
$crt_found
"
-ne
0
]
;
then
_argUsage
"Multiple certificates"
_argUsage
'Multiple certificates'
return
1
return
1
fi
fi
crt_found
=
1
crt_found
=
1
...
@@ -693,11 +695,11 @@ EOF
...
@@ -693,11 +695,11 @@ EOF
local
crt
local
crt
crt
=
"
$(
cat
)
"
crt
=
"
$(
cat
)
"
if
[
$crt_found
-ne
0
]
;
then
if
[
$crt_found
-ne
0
]
;
then
_argUsage
"Multiple certificates"
_argUsage
'Multiple certificates'
return
1
return
1
fi
fi
crt_found
=
1
crt_found
=
1
checkCertificateMatchesKey
"
$crt
"
"
$1
"
&&
printf
"%s
\\
n"
"
$crt
"
checkCertificateMatchesKey
"
$crt
"
"
$1
"
&&
printf
'%s\n'
"
$crt
"
}
}
_matchOneKeyAndPrintOneMatchingCert
()
{
_matchOneKeyAndPrintOneMatchingCert
()
{
...
@@ -714,37 +716,37 @@ EOF
...
@@ -714,37 +716,37 @@ EOF
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
if
[
-z
"
$crt
"
]
;
then
if
[
-z
"
$crt
"
]
;
then
_argUsage
"No certificate matches private key"
_argUsage
'No certificate matches private key'
return
1
return
1
fi
fi
printf
"%s
\\
n"
"
$crt
"
printf
'%s\n'
"
$crt
"
}
}
_printPendingCSR
()
{
_printPendingCSR
()
{
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
json
local
json
json
=
"
$(
cat
)
"
json
=
"
$(
cat
)
"
printf
"%20s | %s
\\
n"
\
printf
'%20s | %s\n'
\
"
$(
printf
"%s
\\
n"
"
$json
"
| jq
--raw-output
.id
)
"
\
"
$(
printf
'%s\n'
"
$json
"
| jq
--raw-output
.id
)
"
\
"
$(
printf
"%s
\\
n"
"
$json
"
| jq
--raw-output
.csr
\
"
$(
printf
'%s\n'
"
$json
"
| jq
--raw-output
.csr
\
| openssl req
-subject
-noout
|
sed
"s/^subject=//"
)
"
| openssl req
-subject
-noout
|
sed
's/^subject=//'
)
"
}
}
_main
()
{
_main
()
{
checkDeps
||
return
1
checkDeps
||
return
1
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
ca_anon_url
=
""
\
local
ca_anon_url
=
''
\
ca_auth_url
\
ca_auth_url
\
mode
=
"service"
\
mode
=
'service'
\
mode_path
=
"cas"
\
mode_path
=
'cas'
\
cas_ca
=
"cas.crt.pem"
\
cas_ca
=
'cas.crt.pem'
\
cau_ca
=
"cau.crt.pem"
\
cau_ca
=
'cau.crt.pem'
\
cas_crl
=
"cas.crl.pem"
\
cas_crl
=
'cas.crl.pem'
\
cau_crl
=
"cau.crl.pem"
\
cau_crl
=
'cau.crl.pem'
\
key_len
=
2048
\
key_len
=
2048
\
update_user
=
0
\
update_user
=
0
\
user_key
=
""
\
user_key
=
''
\
threshold
=
31
\
threshold
=
31
\
status arg argc
\
status arg argc
\
ca_netloc ca_address ca_port ca_path
\
ca_netloc ca_address ca_port ca_path
\
...
@@ -783,10 +785,10 @@ EOF
...
@@ -783,10 +785,10 @@ EOF
;;
;;
http://
*
)
http://
*
)
ca_netloc
=
"
$(
ca_netloc
=
"
$(
printf
"%s
\\
n"
"
$ca_anon_url
"
|
sed
"s!^http://
\\
([^/?#]*
\\
).*!
\\
1!"
printf
'%s\n'
"
$ca_anon_url
"
|
sed
's!^http://\([^/?#]*\).*!\1!'
)
"
)
"
ca_path
=
"
$(
ca_path
=
"
$(
printf
"%s
\\
n"
"
$ca_anon_url
"
|
sed
"s!^http://[^/?#]*!!"
printf
'%s\n'
"
$ca_anon_url
"
|
sed
's!^http://[^/?#]*!!'
)
"
)
"
ca_port
=
80
ca_port
=
80
# Note: too bad there is no portable case fall-through...
# Note: too bad there is no portable case fall-through...
...
@@ -794,43 +796,43 @@ EOF
...
@@ -794,43 +796,43 @@ EOF
*
\]
:
*
)
*
\]
:
*
)
# Bracket-enclosed address, which may contain colons
# Bracket-enclosed address, which may contain colons
ca_address
=
"
$(
ca_address
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!^
\\
(.*
\\
]
\\
).*!
\\
1!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!^\(.*\]\).*!\1!'
)
"
)
"
ca_port
=
"
$(
ca_port
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!.*
\\
]:!!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!.*\]:!!'
)
"
)
"
;;
;;
*
\]
*
)
*
\]
*
)
# Bracket-enclosed address, which may contain colons
# Bracket-enclosed address, which may contain colons
ca_address
=
"
$(
ca_address
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!^
\\
(.*
\\
]
\\
).*!
\\
1!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!^\(.*\]\).*!\1!'
)
"
)
"
;;
;;
*
:
*
)
*
:
*
)
# No bracket-encosed address, rely on colon
# No bracket-enc
l
osed address, rely on colon
ca_address
=
"
$(
ca_address
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!^
\\
([^:]*
\\
).*!
\\
1!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!^\([^:]*\).*!\1!'
)
"
)
"
ca_port
=
"
$(
ca_port
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!^[^:]*:!!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!^[^:]*:!!'
)
"
)
"
;;
;;
*
)
*
)
# No bracket-encosed address, rely on colon
# No bracket-encosed address, rely on colon
ca_address
=
"
$(
ca_address
=
"
$(
printf
"%s
\\
n"
"
$ca_netloc
"
|
sed
"s!^
\\
([^:]*
\\
).*!
\\
1!"
printf
'%s\n'
"
$ca_netloc
"
|
sed
's!^\([^:]*\).*!\1!'
)
"
)
"
;;
;;
esac
esac
if
[
"
$ca_port
"
-eq
80
]
;
then
if
[
"
$ca_port
"
-eq
80
]
;
then
ca_port
=
""
ca_port
=
''
else
else
ca_port
=
":
$((
ca_port
+
1
))
"
ca_port
=
":
$((
ca_port
+
1
))
"
fi
fi
ca_auth_url
=
"https://
${
ca_address
}${
ca_port
}${
ca_path
}
"
ca_auth_url
=
"https://
${
ca_address
}${
ca_port
}${
ca_path
}
"
;;
;;
*
)
*
)
_argUsage
"Unrecognised URL scheme"
_argUsage
'Unrecognised URL scheme'
return
1
return
1
;;
;;
esac
esac
...
@@ -869,7 +871,7 @@ EOF
...
@@ -869,7 +871,7 @@ EOF
if
[
"
$threshold
"
-eq
"
$threshold
"
]
2> /dev/null
;
then
if
[
"
$threshold
"
-eq
"
$threshold
"
]
2> /dev/null
;
then
:
:
else
else
_argUsage
"Argument must be an integer"
_argUsage
'Argument must be an integer'
return
1
return
1
fi
fi
;;
;;
...
@@ -890,13 +892,13 @@ EOF
...
@@ -890,13 +892,13 @@ EOF
shift
shift
case
"
$mode
"
in
case
"
$mode
"
in
service
)
service
)
mode_path
=
"cas"
mode_path
=
'cas'
;;
;;
user
)
user
)
mode_path
=
"cau"
mode_path
=
'cau'
;;
;;
*
)
*
)
_argUsage
"Invalid mode"
_argUsage
'Invalid mode'
return
1
return
1
;;
;;
esac
esac
...
@@ -913,7 +915,7 @@ EOF
...
@@ -913,7 +915,7 @@ EOF
)
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
printf
"%s %s
\\
n"
"
$csr_id
"
"
$1
"
printf
'%s %s\n'
"
$csr_id
"
"
$1
"
shift
shift
;;
;;
--get-crt
)
--get-crt
)
...
@@ -922,7 +924,7 @@ EOF
...
@@ -922,7 +924,7 @@ EOF
crt_path
=
"
$2
"
crt_path
=
"
$2
"
shift
2
shift
2
crt_dir
=
"
$(
dirname
"
$crt_path
"
)
"
crt_dir
=
"
$(
dirname
"
$crt_path
"
)
"
if
[
"x
$crt_path
"
=
"x-"
]
;
then
# stdin & stdout
if
[
"x
$crt_path
"
=
'x-'
]
;
then
# stdin & stdout
:
:
elif
[
-w
"
$crt_path
"
]
&&
[
-r
"
$crt_path
"
]
;
then
# existing file
elif
[
-w
"
$crt_path
"
]
&&
[
-r
"
$crt_path
"
]
;
then
# existing file
:
:
...
@@ -936,8 +938,8 @@ EOF
...
@@ -936,8 +938,8 @@ EOF
crt
=
"
$(
getCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
"
$csr_id
"
)
"
crt
=
"
$(
getCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
"
$csr_id
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
if
[
"
$crt_path
"
=
"-"
]
;
then
if
[
"
$crt_path
"
=
'-'
]
;
then
printf
"%s
\\
n"
"
$crt
"
printf
'%s\n'
"
$crt
"
else
else
if
[
-e
"
$crt_path
"
]
;
then
if
[
-e
"
$crt_path
"
]
;
then
key_found
=
0
key_found
=
0
...
@@ -945,14 +947,14 @@ EOF
...
@@ -945,14 +947,14 @@ EOF
<
"
$crt_path
"
<
"
$crt_path
"
status
=
$?
status
=
$?
if
[
$status
-eq
1
]
;
then
if
[
$status
-eq
1
]
;
then
_argUsage
"Certificate does not match private key"
_argUsage
'Certificate does not match private key'
return
1
return
1
elif
[
$status
-eq
2
]
;
then
elif
[
$status
-eq
2
]
;
then
_argUsage
"Multiple private keys"
_argUsage
'Multiple private keys'
return
1
return
1
fi
fi
fi
fi
printf
"%s
\\
n"
"
$crt
"
>>
"
$crt_path
"
printf
'%s\n'
"
$crt
"
>>
"
$crt_path
"
fi
fi
;;
;;
--revoke-crt
)
--revoke-crt
)
...
@@ -963,7 +965,7 @@ EOF
...
@@ -963,7 +965,7 @@ EOF
crt
=
"
$(
_matchOneKeyAndPrintOneMatchingCert
"
$crt_path
"
"
$key_path
"
)
"
crt
=
"
$(
_matchOneKeyAndPrintOneMatchingCert
"
$crt_path
"
"
$key_path
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
printf
"%s
\\
n"
"
$crt
"
\
printf
'%s\n'
"
$crt
"
\
| revokeCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
"
$key_path
"
| revokeCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
"
$key_path
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
...
@@ -976,9 +978,9 @@ EOF
...
@@ -976,9 +978,9 @@ EOF
crt
=
"
$(
_matchOneKeyAndPrintOneMatchingCert
"
$crt_path
"
"
$key_path
"
)
"
crt
=
"
$(
_matchOneKeyAndPrintOneMatchingCert
"
$crt_path
"
"
$key_path
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
if
printf
"%s
\\
n"
"
$crt
"
\
if
printf
'%s\n'
"
$crt
"
\
| expiresBefore
"
$(
date
--date
=
"
$threshold
days"
+%s
)
"
;
then
| expiresBefore
"
$(
date
--date
=
"
$threshold
days"
+%s
)
"
;
then
printf
"%s
\\
n"
"
$crt
"
\
printf
'%s\n'
"
$crt
"
\
| renewCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
\
| renewCertificate
"
${
ca_anon_url
}
/
${
mode_path
}
"
\
"
$key_path
"
\
"
$key_path
"
\
"
$key_len
"
\
"
$key_len
"
\
...
@@ -986,7 +988,7 @@ EOF
...
@@ -986,7 +988,7 @@ EOF
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
else
else
printf
"%s did not reach renew threshold, not renewing
\\
n"
\
printf
'%s did not reach renew threshold, not renewing\n'
\
"
$crt_path
"
>
&2
"
$crt_path
"
>
&2
fi
fi
;;
;;
...
@@ -1000,10 +1002,10 @@ EOF
...
@@ -1000,10 +1002,10 @@ EOF
)
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
if
[
"
$csr_path
"
=
"-"
]
;
then
if
[
"
$csr_path
"
=
'-'
]
;
then
printf
"%s
\\
n"
"
$csr
"
printf
'%s\n'
"
$csr
"
else
else
printf
"%s
\\
n"
"
$csr
"
>
"
$csr_path
"
printf
'%s\n'
"
$csr
"
>
"
$csr_path
"
fi
fi
;;
;;
--update-user
)
--update-user
)
...
@@ -1013,18 +1015,18 @@ EOF
...
@@ -1013,18 +1015,18 @@ EOF
# Authenticated actions
# Authenticated actions
--list-csr
)
--list-csr
)
_needAuthURLAndArg 0
||
return
1
_needAuthURLAndArg 0
||
return
1
printf
"%s
\\
n"
"-- pending
$mode
CSRs --"
printf
'%s\n'
"-- pending
$mode
CSRs --"
printf
\
printf
\
"%20s | subject preview (fetch csr and check full content !)
\\
n"
\
'%20s | subject preview (fetch csr and check full content !)\n'
\
"csr_id"
'csr_id'
csr_list_json
=
"
$(
csr_list_json
=
"
$(
getPendingCertificateRequestList
"
${
ca_auth_url
}
/
${
mode_path
}
"
\
getPendingCertificateRequestList
"
${
ca_auth_url
}
/
${
mode_path
}
"
\
"
$cas_ca
"
"
$user_key
"
"
$cas_ca
"
"
$user_key
"
)
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
printf
"%s"
"
$csr_list_json
"
| forEachJSONListItem _printPendingCSR
printf
'%s'
"
$csr_list_json
"
| forEachJSONListItem _printPendingCSR
printf
"%s
\\
n"
"-- end of pending
$mode
CSRs --"
printf
'%s\n'
"-- end of pending
$mode
CSRs --"
;;
;;
--sign-csr
)
--sign-csr
)
_needAuthURLAndArg 1
||
return
1
_needAuthURLAndArg 1
||
return
1
...
@@ -1062,7 +1064,7 @@ EOF
...
@@ -1062,7 +1064,7 @@ EOF
crt
=
"
$(
forEachCertificate _printOneCert <
"
$crt_path
"
)
"
crt
=
"
$(
forEachCertificate _printOneCert <
"
$crt_path
"
)
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
printf
"%s
\\
n"
"
$crt
"
| revokeCRTWithoutKey
\
printf
'%s\n'
"
$crt
"
| revokeCRTWithoutKey
\
"
${
ca_auth_url
}
/
${
mode_path
}
"
"
$cas_ca
"
"
$user_key
"
"
${
ca_auth_url
}
/
${
mode_path
}
"
"
$cas_ca
"
"
$user_key
"
status
=
$?
status
=
$?
test
$status
-ne
0
&&
return
$status
test
$status
-ne
0
&&
return
$status
...
@@ -1078,7 +1080,7 @@ EOF
...
@@ -1078,7 +1080,7 @@ EOF
;;
;;
*
)
*
)
_argUsage
"Unknown argument"
_argUsage
'Unknown argument'
return
1
return
1
;;
;;
esac
esac
...
@@ -1087,10 +1089,10 @@ EOF
...
@@ -1087,10 +1089,10 @@ EOF
if
crl
=
"
$(
if
crl
=
"
$(
getCertificateRevocationList
"
${
ca_anon_url
}
/cas"
"
$cas_ca
"
getCertificateRevocationList
"
${
ca_anon_url
}
/cas"
"
$cas_ca
"
)
"
;
then
)
"
;
then
printf
"%s
\\
n"
"
$crl
"
>
"
$cas_crl
"
printf
'%s\n'
"
$crl
"
>
"
$cas_crl
"
else
else
printf
\
printf
\
"Received CAS CRL was not signed by CAS CA certificate, skipping
\\
n"
'Received CAS CRL was not signed by CAS CA certificate, skipping\n'
fi
fi
if
[
$update_user
-eq
1
]
;
then
if
[
$update_user
-eq
1
]
;
then
updateCACertificate
"
${
ca_anon_url
}
/cau"
"
$cas_ca
"
"
$cau_ca
"
updateCACertificate
"
${
ca_anon_url
}
/cau"
"
$cas_ca
"
"
$cau_ca
"
...
@@ -1099,10 +1101,10 @@ EOF
...
@@ -1099,10 +1101,10 @@ EOF
if
crl
=
"
$(
if
crl
=
"
$(
getCertificateRevocationList
"
${
ca_anon_url
}
/cau"
"
$cau_ca
"
getCertificateRevocationList
"
${
ca_anon_url
}
/cau"
"
$cau_ca
"
)
"
;
then
)
"
;
then
printf
"%s
\\
n"
"
$crl
"
>
"
$cau_crl
"
printf
'%s\n'
"
$crl
"
>
"
$cau_crl
"
else
else
printf
\
printf
\
"Received CAU CRL was not signed by CAU CA certificate, skipping
\\
n"
'Received CAU CRL was not signed by CAU CA certificate, skipping\n'
fi
fi
fi
fi
fi
fi
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment