Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Vincent Pelletier
caucase
Commits
bfbe1061
Commit
bfbe1061
authored
Feb 12, 2021
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
shell/caucase.sh: Split file-or-folder detection from updateCACertificate.
So it can be reused elsewhere.
parent
b30927be
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
50 additions
and
38 deletions
+50
-38
shell/caucase.sh
shell/caucase.sh
+50
-38
No files found.
shell/caucase.sh
View file @
bfbe1061
...
@@ -271,6 +271,28 @@ alias foreachCRL='_forEachPEM _matchCRLBoundary'
...
@@ -271,6 +271,28 @@ alias foreachCRL='_forEachPEM _matchCRLBoundary'
# Iterate over CRLs of a PEM file, piping each to <command>
# Iterate over CRLs of a PEM file, piping each to <command>
# Usage: <command> [<arg> ...] < pem
# Usage: <command> [<arg> ...] < pem
foreachCACertificate
()
{
# Iterate over CA certificates in given file or directory, piping each to
# <command>.
# Usage: <ca> <command> [<arg> ...]
# shellcheck disable=SC2039
local
ca
=
"
$1
"
ca_file ca_is_file
shift
ca_is_file
=
"
$(
_isFile
"
$ca
"
)
"
||
return
if
[
"
$ca_is_file
"
-eq
0
]
;
then
for
ca_file
in
"
$ca
"
/
*
;
do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if
[
-f
"
$ca_file
"
]
&&
[
!
-h
"
$ca_file
"
]
;
then
forEachCertificate
"
$@
"
<
"
$ca_file
"
||
return
fi
done
elif
[
-e
"
$ca
"
]
;
then
forEachCertificate
"
$@
"
<
"
$ca
"
||
return
fi
}
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
pemFingerprintIs
()
{
pemFingerprintIs
()
{
...
@@ -300,6 +322,30 @@ printIfExpiresAfter () {
...
@@ -300,6 +322,30 @@ printIfExpiresAfter () {
printf
'%s\n'
"
$crt
"
| expiresBefore
"
$1
"
||
printf
'%s\n'
"
$crt
"
printf
'%s\n'
"
$crt
"
| expiresBefore
"
$1
"
||
printf
'%s\n'
"
$crt
"
}
}
_isFile
()
{
# Prints 1 if given path either points at an existing file, or its basename
# contains a non-empty filename, followed by a "." and a non-empty extension.
# Otherwise, prints 0 and create given path as a directory (if it does not
# already exists).
# Returns 0 on success, anything else on error.
# Usage: <path>
if
[
-e
"
$1
"
]
;
then
if
[
-f
"
$1
"
]
;
then
echo
1
elif
[
-d
"
$1
"
]
;
then
echo
0
else
printf
'%s exists and is neither a directory nor a file\n'
"
$1
"
1>&2
return
1
fi
elif
printf
'%s\n'
"
$1
"
|
grep
-q
'\(^\|/\)[^/]\+\.[^/]\+$'
;
then
echo
1
else
mkdir
-p
"
$1
"
||
return
1
echo
0
fi
}
storeCertBySerial
()
{
storeCertBySerial
()
{
# Store certificate in a file named after its serial, in given directory
# Store certificate in a file named after its serial, in given directory
# and using given printf format string.
# and using given printf format string.
...
@@ -468,49 +514,15 @@ updateCACertificate () {
...
@@ -468,49 +514,15 @@ updateCACertificate () {
local
url
=
"
$1
"
\
local
url
=
"
$1
"
\
ca
=
"
$2
"
\
ca
=
"
$2
"
\
future_ca
\
future_ca
\
status
\
orig_ca
\
orig_ca
=
""
\
ca_is_file
\
ca_is_file
\
ca_file
\
ca_file
\
valid_ca
valid_ca
if
[
-e
"
$ca
"
]
;
then
ca_is_file
=
"
$(
_isFile
"
$ca
"
)
"
||
return
if
[
-f
"
$ca
"
]
;
then
orig_ca
=
"
$(
foreachCACertificate
"
$ca
"
cat
)
"
||
return
ca_is_file
=
1
orig_ca
=
"
$(
cat
"
$ca
"
)
"
elif
[
-d
"
$ca
"
]
;
then
ca_is_file
=
0
else
printf
"%s exists and is neither a directory nor a file
\n
"
"
$ca
"
return
1
fi
else
case
"
$ca
"
in
*
.
*
)
ca_is_file
=
1
;;
*
)
mkdir
"
$ca
"
ca_is_file
=
0
;;
esac
fi
if
[
$ca_is_file
-eq
0
]
;
then
for
ca_file
in
"
$ca
"
/
*
;
do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if
[
-f
"
$ca_file
"
]
&&
[
!
-h
"
$ca_file
"
]
;
then
orig_ca
=
"
$(
\
printf
"%s
\n
%s"
"
$orig_ca
"
"
$(
cat
"
$ca_file
"
)
"
\
)
"
fi
done
fi
if
[
-z
"
$orig_ca
"
]
;
then
if
[
-z
"
$orig_ca
"
]
;
then
orig_ca
=
"
$(
_curlInsecure
"
$url
/crt/ca.crt.pem"
)
"
orig_ca
=
"
$(
_curlInsecure
"
$url
/crt/ca.crt.pem"
)
"
||
return
fi
fi
status
=
$?
test
$status
-ne
0
&&
return
1
valid_ca
=
"
$(
valid_ca
=
"
$(
printf
'%s\n'
"
$orig_ca
"
\
printf
'%s\n'
"
$orig_ca
"
\
| forEachCertificate printIfExpiresAfter
"
$(
date
+%s
)
"
| forEachCertificate printIfExpiresAfter
"
$(
date
+%s
)
"
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment