Commit bfbe1061 authored by Vincent Pelletier's avatar Vincent Pelletier

shell/caucase.sh: Split file-or-folder detection from updateCACertificate.

So it can be reused elsewhere.
parent b30927be
...@@ -271,6 +271,28 @@ alias foreachCRL='_forEachPEM _matchCRLBoundary' ...@@ -271,6 +271,28 @@ alias foreachCRL='_forEachPEM _matchCRLBoundary'
# Iterate over CRLs of a PEM file, piping each to <command> # Iterate over CRLs of a PEM file, piping each to <command>
# Usage: <command> [<arg> ...] < pem # Usage: <command> [<arg> ...] < pem
foreachCACertificate () {
# Iterate over CA certificates in given file or directory, piping each to
# <command>.
# Usage: <ca> <command> [<arg> ...]
# shellcheck disable=SC2039
local ca="$1" ca_file ca_is_file
shift
ca_is_file="$(_isFile "$ca")" || return
if [ "$ca_is_file" -eq 0 ]; then
for ca_file in "$ca"/*; do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if [ -f "$ca_file" ] && [ ! -h "$ca_file" ]; then
forEachCertificate "$@" < "$ca_file" || return
fi
done
elif [ -e "$ca" ]; then
forEachCertificate "$@" < "$ca" || return
fi
}
alias pem2fingerprint='openssl x509 -fingerprint -noout' alias pem2fingerprint='openssl x509 -fingerprint -noout'
pemFingerprintIs () { pemFingerprintIs () {
...@@ -300,6 +322,30 @@ printIfExpiresAfter () { ...@@ -300,6 +322,30 @@ printIfExpiresAfter () {
printf '%s\n' "$crt" | expiresBefore "$1" || printf '%s\n' "$crt" printf '%s\n' "$crt" | expiresBefore "$1" || printf '%s\n' "$crt"
} }
_isFile () {
# Prints 1 if given path either points at an existing file, or its basename
# contains a non-empty filename, followed by a "." and a non-empty extension.
# Otherwise, prints 0 and create given path as a directory (if it does not
# already exists).
# Returns 0 on success, anything else on error.
# Usage: <path>
if [ -e "$1" ]; then
if [ -f "$1" ]; then
echo 1
elif [ -d "$1" ]; then
echo 0
else
printf '%s exists and is neither a directory nor a file\n' "$1" 1>&2
return 1
fi
elif printf '%s\n' "$1" | grep -q '\(^\|/\)[^/]\+\.[^/]\+$'; then
echo 1
else
mkdir -p "$1" || return 1
echo 0
fi
}
storeCertBySerial () { storeCertBySerial () {
# Store certificate in a file named after its serial, in given directory # Store certificate in a file named after its serial, in given directory
# and using given printf format string. # and using given printf format string.
...@@ -468,49 +514,15 @@ updateCACertificate () { ...@@ -468,49 +514,15 @@ updateCACertificate () {
local url="$1" \ local url="$1" \
ca="$2" \ ca="$2" \
future_ca \ future_ca \
status \ orig_ca \
orig_ca="" \
ca_is_file \ ca_is_file \
ca_file \ ca_file \
valid_ca valid_ca
if [ -e "$ca" ]; then ca_is_file="$(_isFile "$ca")" || return
if [ -f "$ca" ]; then orig_ca="$(foreachCACertificate "$ca" cat)" || return
ca_is_file=1
orig_ca="$(cat "$ca")"
elif [ -d "$ca" ]; then
ca_is_file=0
else
printf "%s exists and is neither a directory nor a file\n" "$ca"
return 1
fi
else
case "$ca" in
*.*)
ca_is_file=1
;;
*)
mkdir "$ca"
ca_is_file=0
;;
esac
fi
if [ $ca_is_file -eq 0 ]; then
for ca_file in "$ca"/*; do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if [ -f "$ca_file" ] && [ ! -h "$ca_file" ]; then
orig_ca="$( \
printf "%s\n%s" "$orig_ca" "$(cat "$ca_file")" \
)"
fi
done
fi
if [ -z "$orig_ca" ]; then if [ -z "$orig_ca" ]; then
orig_ca="$(_curlInsecure "$url/crt/ca.crt.pem")" orig_ca="$(_curlInsecure "$url/crt/ca.crt.pem")" || return
fi fi
status=$?
test $status -ne 0 && return 1
valid_ca="$( valid_ca="$(
printf '%s\n' "$orig_ca" \ printf '%s\n' "$orig_ca" \
| forEachCertificate printIfExpiresAfter "$(date +%s)" | forEachCertificate printIfExpiresAfter "$(date +%s)"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment