Skip to content

C
caucase
Commit a36ccf92 authored by Vincent Pelletier's avatar Vincent Pelletier
Browse files
Options

shell: Use single-quote strings wherever possible. 

Reduces backslash-doubling crazyness.
parent 268b3a53
Show whitespace changes
Inline Side-by-side
Showing with 134 additions and 132 deletions
shell/caucase.sh
View file @ a36ccf92
......@@ -22,7 +22,7 @@ str2json () {
# Usage: str2json < str
# Note: using $() to strip the trailing newline added by jq.
printf "%s" "$(jq --raw-input --slurp .)"
printf '%s' "$(jq --raw-input --slurp .)"
}
pairs2obj () {
......@@ -55,8 +55,8 @@ forEachJSONListItem () {
# shellcheck disable=SC2039
local list index
list="$(cat)"
for index in $(seq 0 $(($(printf "%s\\n" "$list" | jq length) - 1))); do
printf "%s\\n" "$list" | jq ".[$index]" | "$@" || return $?
for index in $(seq 0 $(($(printf '%s\n' "$list" | jq length) - 1))); do
printf '%s\n' "$list" | jq ".[$index]" | "$@" || return $?
done
}
......@@ -69,10 +69,10 @@ wrap () {
# Note: $() looses trailing newlines, so payload should not need to end with
# any newline.
pairs2obj \
"digest" "$(printf "%s" "$digest" | str2json)" \
"payload" "$(printf "%s" "$payload" | str2json)" \
"signature" "$(
printf "%s%s " "$payload" "$digest" \
'digest' "$(printf '%s' "$digest" | str2json)" \
'payload' "$(printf '%s' "$payload" | str2json)" \
'signature' "$(
printf '%s%s ' "$payload" "$digest" \
| openssl dgst \
-"$digest" \
-binary \
......@@ -99,12 +99,12 @@ unwrap () {
local wrapped status json_digest digest signature_file payload pubkey_file
wrapped="$(cat)"
json_digest="$(printf "%s\\n" "$wrapped" | jq .digest)"
if [ "$json_digest" = "null" ]; then
json_digest="$(printf '%s\n' "$wrapped" | jq .digest)"
if [ "$json_digest" = 'null' ]; then
return 1
fi
digest="$(
printf "%s\\n" "$json_digest" | jq --raw-output ascii_downcase
printf '%s\n' "$json_digest" | jq --raw-output ascii_downcase
)"
case "$digest" in
sha256|sha384|sha512)
......@@ -118,12 +118,12 @@ unwrap () {
;;
esac
signature_file="$(mktemp --suffix=unwrap.sig)"
printf "%s\\n" "$wrapped" | jq --raw-output .signature | \
printf '%s\n' "$wrapped" | jq --raw-output .signature | \
base64 -d > "$signature_file"
payload="$(printf "%s\\n" "$wrapped" | jq --raw-output .payload)"
payload="$(printf '%s\n' "$wrapped" | jq --raw-output .payload)"
pubkey_file="$(mktemp --suffix=unwrap.pub)"
if printf "%s\\n" "$payload" "$@" | openssl x509 -pubkey -noout > "$pubkey_file"; then
printf "%s%s " "$payload" "$digest" \
if printf '%s\n' "$payload" "$@" | openssl x509 -pubkey -noout > "$pubkey_file"; then
printf '%s%s ' "$payload" "$digest" \
| openssl dgst \
-"$digest" \
-verify "$pubkey_file" \
......@@ -136,7 +136,7 @@ unwrap () {
status=2
fi
rm "$signature_file" "$pubkey_file"
test $status -eq 0 && printf "%s" "$payload"
test $status -eq 0 && printf '%s' "$payload"
return $status
}
......@@ -145,10 +145,10 @@ nullUnwrap () {
# shellcheck disable=SC2039
local wrapped
wrapped="$(cat)"
if [ "$(printf "%s\\n" "$wrapped" | jq '.digest')" != "null" ]; then
if [ "$(printf '%s\n' "$wrapped" | jq '.digest')" != 'null' ]; then
return 1
fi
printf "%s\\n" "$wrapped" | jq .payload
printf '%s\n' "$wrapped" | jq .payload
}
writeCertKey () {
......@@ -162,8 +162,8 @@ writeCertKey () {
: > "$crt_path"
: > "$key_path"
test $need_chmod -eq 0 && chmod go= "$key_path"
printf "%s\\n" "$key_data" >> "$key_path"
printf "%s\\n" "$crt_data" >> "$crt_path"
printf '%s\n' "$key_data" >> "$key_path"
printf '%s\n' "$crt_data" >> "$crt_path"
}
alias CURL='curl --silent'
......@@ -176,40 +176,40 @@ PUTNoOut () {
local result
if result="$(
PUT \
--write-out "\\n%{http_code}\\n" \
--write-out '\n%{http_code}\n' \
"$@"
)"; then
:
else
return 3
fi
case "$(printf "%s\\n" "$result" | tail -n 1)" in
case "$(printf '%s\n' "$result" | tail -n 1)" in
2?? )
return 0
;;
401 )
printf "Unauthorized\\n" >&2
printf 'Unauthorized\n' >&2
return 2
;;
409 )
printf "Found\\n" >&2
printf 'Found\n' >&2
return 4
;;
* )
printf "%s\\n" "$result" | head -n -1 >&2
printf '%s\n' "$result" | head -n -1 >&2
return 1
;;
esac
}
_matchCertificateBoundary () {
test "$1" = "-----END CERTIFICATE-----"
test "$1" = '-----END CERTIFICATE-----'
return $?
}
_matchPrivateKeyBoundary () {
case "$1" in
"-----END PRIVATE KEY-----" | "-----END RSA PRIVATE KEY-----")
'-----END PRIVATE KEY-----' | '-----END RSA PRIVATE KEY-----')
return 0
;;
esac
......@@ -223,34 +223,34 @@ _forEachPEM () {
# <command> receives each matching PEM element as input.
# If <command> exit status is non-zero, enumeration stops.
# shellcheck disable=SC2039
local tester="$1" current=""
local tester="$1" current=''
shift
while IFS= read -r line; do
if [ -z "$current" ]; then
current="$line"
else
current="$(printf "%s\\n%s" "$current" "$line")"
current="$(printf '%s\n%s' "$current" "$line")"
fi
case "$line" in
"-----END "*"-----")
'-----END '*'-----')
if "$tester" "$line"; then
printf "%s\\n" "$current" | "$@" || return $?
printf '%s\n' "$current" | "$@" || return $?
fi
current=""
current=''
;;
esac
done
}
alias forEachCertificate="_forEachPEM _matchCertificateBoundary"
alias forEachCertificate='_forEachPEM _matchCertificateBoundary'
# Iterate over certificate of a PEM file, piping each to <command>
# Usage: _forEachPEM <command> [<arg> ...] < pem
alias forEachPrivateKey="_forEachPEM _matchPrivateKeyBoundary"
alias forEachPrivateKey='_forEachPEM _matchPrivateKeyBoundary'
# Iterate over private key of a PEM file, piping each to <command>
# Usage: _forEachPEM <command> [<arg> ...] < pem
alias pem2fingerprint="openssl x509 -fingerprint -noout"
alias pem2fingerprint='openssl x509 -fingerprint -noout'
pemFingerprintIs () {
# Usage: pemFingerprintIs <fingerprint> < certificate
......@@ -264,7 +264,7 @@ expiresBefore () {
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
local enddate
enddate="$(openssl x509 -enddate -noout | sed "s/^[^=]*=//")"
enddate="$(openssl x509 -enddate -noout | sed 's/^[^=]*=//')"
test $? -ne 0 && return 1
test "$(date --date="$enddate" +%s)" -lt "$1"
return $?
......@@ -277,7 +277,7 @@ printIfExpiresAfter () {
# shellcheck disable=SC2039
local crt
crt="$(cat)"
printf "%s\\n" "$crt" | expiresBefore "$1" || printf "%s\\n" "$crt"
printf '%s\n' "$crt" | expiresBefore "$1" || printf '%s\n' "$crt"
}
appendValidCA () {
......@@ -290,15 +290,15 @@ appendValidCA () {
if payload=$(unwrap jq --raw-output .old_pem); then
:
else
printf "Bad signature, something is very wrong" >&2
printf 'Bad signature, something is very wrong' >&2
return 1
fi
cert="$(printf "%s\\n" "$payload" | jq --raw-output .old_pem)"
cert="$(printf '%s\n' "$payload" | jq --raw-output .old_pem)"
forEachCertificate \
pemFingerprintIs \
"$(printf "%s\\n" "$cert" | pem2fingerprint)" < "$ca"
"$(printf '%s\n' "$cert" | pem2fingerprint)" < "$ca"
if [ $? -eq 1 ]; then
printf "%s\\n" "$cert" >> "$ca"
printf '%s\n' "$cert" >> "$ca"
fi
}
......@@ -307,16 +307,16 @@ checkCertificateMatchesKey () {
# Returns 0 if certificate's public key matches private key's public key,
# 1 otherwise.
test "$(
printf "%s\\n" "$1" | openssl x509 -modulus -noout | sed "s/^Modulus=//"
printf '%s\n' "$1" | openssl x509 -modulus -noout | sed 's/^Modulus=//'
)" = "$(
echo "$2" | openssl rsa -modulus -noout | sed "s/^Modulus=//"
echo "$2" | openssl rsa -modulus -noout | sed 's/^Modulus=//'
)"
return $?
}
checkDeps () {
# shellcheck disable=SC2039
local missingdeps="" dep
local missingdeps='' dep
# Expected builtins & keywords:
# alias local if then else elif fi for in do done case esac return [ test
# shift set
......@@ -328,7 +328,7 @@ checkDeps () {
return 1
fi
if [ ! -r /dev/null ] || [ ! -w /dev/null ]; then
echo "Cannot read from & write to /dev/null" >&2
echo 'Cannot read from & write to /dev/null' >&2
return 1
fi
}
......@@ -367,34 +367,34 @@ EOF
)"
if newcrtdata="$(
pairs2obj \
"crt_pem" "$(str2json)" \
"renew_csr_pem" "$(
'crt_pem' "$(str2json)" \
'renew_csr_pem' "$(
echo "$newkeydata" \
| openssl req \
-new \
-key - \
-subj "/CN=dummy" \
-subj '/CN=dummy' \
-config "$emptyreqcnf" \
| str2json
)" \
| wrap "$oldkey" "sha256" \
| wrap "$oldkey" 'sha256' \
| PUT --insecure \
--header "Content-Type: application/json" \
--header 'Content-Type: application/json' \
"$url/crt/renew/"
)"; then
if [ \
"x$(printf "%s\\n" "$newcrtdata" | head -n 1)" \
"x$(printf '%s\n' "$newcrtdata" | head -n 1)" \
= \
"x-----BEGIN CERTIFICATE-----" \
'x-----BEGIN CERTIFICATE-----' \
]; then
if checkCertificateMatchesKey "$newcrtdata" "$newkeydata"; then
writeCertKey "$newcrt" "$newcrtdata" "$newkey" "$newkeydata"
rm "$emptyreqcnf"
return 0
fi
printf "Certificate does not match private key\\n" >&2
printf 'Certificate does not match private key\n' >&2
else
printf "%s" "$newcrtdata" >&2
printf '%s' "$newcrtdata" >&2
fi
fi
rm "$emptyreqcnf"
......@@ -403,10 +403,10 @@ EOF
revokeCertificate () {
# Usage: <url> <key_path> < crt
pairs2obj "revoke_crt_pem" "$(str2json)" \
| wrap "$2" "sha256" \
pairs2obj 'revoke_crt_pem' "$(str2json)" \
| wrap "$2" 'sha256' \
| PUTNoOut \
--header "Content-Type: application/json" \
--header 'Content-Type: application/json' \
--insecure \
"$1/crt/revoke/"
return $?
......@@ -414,11 +414,11 @@ revokeCertificate () {
revokeCRTWithoutKey () {
# Usage: <url> <ca> <user crt> < crt
pairs2obj "revoke_crt_pem" "$(str2json)" \
pairs2obj 'revoke_crt_pem' "$(str2json)" \
| nullWrap \
| PUTNoOut \
--cert "$3" \
--header "Content-Type: application/json" \
--header 'Content-Type: application/json' \
--cacert "$2" \
"$1/crt/revoke/"
return $?
......@@ -426,11 +426,11 @@ revokeCRTWithoutKey () {
revokeSerial () {
# Usage: <url> <ca> <user crt> <serial>
pairs2obj "revoke_serial" "$4" \
pairs2obj 'revoke_serial' "$4" \
| nullWrap \
| PUTNoOut \
--cert "$3" \
--header "Content-Type: application/json" \
--header 'Content-Type: application/json' \
--cacert "$2" \
"$1/crt/revoke/"
return $?
......@@ -450,24 +450,24 @@ updateCACertificate () {
status=$?
test $status -ne 0 && return 1
valid_ca="$(
printf "%s\\n" "$orig_ca" \
printf '%s\n' "$orig_ca" \
| forEachCertificate printIfExpiresAfter "$(date +%s)"
)"
status=$?
test $status -ne 0 && return 1
printf "%s\\n" "$valid_ca" > "$ca"
printf '%s\n' "$valid_ca" > "$ca"
if [ ! -r "$cas_ca" ]; then
# Should never be reached, as this function should be run once with
# cas_ca == ca (to update CAS' CA), in which case cas_ca exists by this
# point. CAU's CA should only be updated after, and by that point CAS' CA
# already exists.
printf "%s does not exist\\n" "$cas_ca"
printf '%s does not exist\n' "$cas_ca"
return 1
fi
future_ca="$(CURL --cacert "$cas_ca" "$url/crt/ca.crt.json")"
status=$?
test $status -ne 0 && return 1
printf "%s\\n" "$future_ca" | forEachJSONListItem appendValidCA "$ca"
printf '%s\n' "$future_ca" | forEachJSONListItem appendValidCA "$ca"
}
getCertificateRevocationList () {
......@@ -490,13 +490,13 @@ getPendingCertificateRequestList () {
createCertificateSigningRequest () {
# Usage: <url> < csr > csr id
PUT --insecure --header "Content-Type: application/pkcs10" "$1/csr" \
PUT --insecure --header 'Content-Type: application/pkcs10' "$1/csr" \
--dump-header - | while IFS= read -r line; do
# Note: $line contains trailing \r, which will not get stripped by $().
# So strip it with sed instead.
case "$line" in
"Location: "*)
printf "%s\\n" "$line" | sed "s/^Location: \\(\\S*\\).*/\\1/"
'Location: '*)
printf '%s\n' "$line" | sed 's/^Location: \(\S*\).*/\1/'
;;
esac
done
......@@ -516,7 +516,7 @@ getCertificate () {
CURL --fail --insecure "$1/crt/$2"
status=$?
if [ $status -ne 0 ]; then
printf "Certificate %s not found (not signed yet or rejected)\\n" "$2" >&2
printf 'Certificate %s not found (not signed yet or rejected)\n' "$2" >&2
return 1
fi
}
......@@ -528,7 +528,7 @@ createCertificate () {
PUTNoOut --cert "$3" --cacert "$2" "$1/crt/$4" < /dev/null
result=$?
if [ $result -ne 0 ]; then
printf "%s: No such pending signing request\\n" "$4" >&2
printf '%s: No such pending signing request\n' "$4" >&2
fi
return $result
}
......@@ -536,7 +536,7 @@ createCertificate () {
createCertificateWith () {
# Usage: <url> <ca> <user crt> <csr id> < csr
PUTNoOut --cert "$3" --cacert "$2" \
--header "Content-Type: application/pkcs10" "$1/crt/$4"
--header 'Content-Type: application/pkcs10' "$1/crt/$4"
return $?
}
......@@ -628,17 +628,19 @@ These options require --user-key .
Special actions
--help
Display this help and exit.
--version
Display command version and exit.
EOF
}
_argUsage () {
printf "%s: %s\\n" "$arg" "$1" >&2
printf '%s: %s\n' "$arg" "$1" >&2
_usage >&2
}
_needArg () {
if [ "$argc" -lt "$1" ]; then
printf "%s\\n" "$arg needs $1 arguments" >&2
printf '%s\n' "$arg needs $1 arguments" >&2
_usage >&2
return 1
fi
......@@ -646,7 +648,7 @@ EOF
_needURLAndArg () {
if [ -z "$ca_anon_url" ]; then
printf "%s\\n" "--ca-url must be provided before $arg" >&2
printf '%s\n' "--ca-url must be provided before $arg" >&2
return 1
fi
_needArg "$1" || return 1
......@@ -654,7 +656,7 @@ EOF
_needAuthURLAndArg () {
if [ -z "$user_key" ]; then
printf "%s\\n" "--user-key must be provided before $arg" >&2
printf '%s\n' "--user-key must be provided before $arg" >&2
return 1
fi
_needURLAndArg "$1" || return 1
......@@ -670,7 +672,7 @@ EOF
_printOneKey () {
# Called from _main, sets global "key_found".
if [ $key_found -ne 0 ]; then
_argUsage "Multiple private keys"
_argUsage 'Multiple private keys'
return 1
fi
key_found=1
......@@ -680,7 +682,7 @@ EOF
_printOneCert () {
# Called indirectly from _main, sets global "crt_found".
if [ "$crt_found" -ne 0 ]; then
_argUsage "Multiple certificates"
_argUsage 'Multiple certificates'
return 1
fi
crt_found=1
......@@ -693,11 +695,11 @@ EOF
local crt
crt="$(cat)"
if [ $crt_found -ne 0 ]; then
_argUsage "Multiple certificates"
_argUsage 'Multiple certificates'
return 1
fi
crt_found=1
checkCertificateMatchesKey "$crt" "$1" && printf "%s\\n" "$crt"
checkCertificateMatchesKey "$crt" "$1" && printf '%s\n' "$crt"
}
_matchOneKeyAndPrintOneMatchingCert () {
......@@ -714,37 +716,37 @@ EOF
status=$?
test $status -ne 0 && return $status
if [ -z "$crt" ]; then
_argUsage "No certificate matches private key"
_argUsage 'No certificate matches private key'
return 1
fi
printf "%s\\n" "$crt"
printf '%s\n' "$crt"
}
_printPendingCSR () {
# shellcheck disable=SC2039
local json
json="$(cat)"
printf "%20s | %s\\n" \
"$(printf "%s\\n" "$json" | jq --raw-output .id)" \
"$(printf "%s\\n" "$json" | jq --raw-output .csr \
| openssl req -subject -noout | sed "s/^subject=//")"
printf '%20s | %s\n' \
"$(printf '%s\n' "$json" | jq --raw-output .id)" \
"$(printf '%s\n' "$json" | jq --raw-output .csr \
| openssl req -subject -noout | sed 's/^subject=//')"
}
_main() {
checkDeps || return 1
# shellcheck disable=SC2039
local ca_anon_url="" \
local ca_anon_url='' \
ca_auth_url \
mode="service" \
mode_path="cas" \
cas_ca="cas.crt.pem" \
cau_ca="cau.crt.pem" \
cas_crl="cas.crl.pem" \
cau_crl="cau.crl.pem" \
mode='service' \
mode_path='cas' \
cas_ca='cas.crt.pem' \
cau_ca='cau.crt.pem' \
cas_crl='cas.crl.pem' \
cau_crl='cau.crl.pem' \
key_len=2048 \
update_user=0 \
user_key="" \
user_key='' \
threshold=31 \
status arg argc \
ca_netloc ca_address ca_port ca_path \
......@@ -783,10 +785,10 @@ EOF
;;
http://*)
ca_netloc="$(
printf "%s\\n" "$ca_anon_url" | sed "s!^http://\\([^/?#]*\\).*!\\1!"
printf '%s\n' "$ca_anon_url" | sed 's!^http://\([^/?#]*\).*!\1!'
)"
ca_path="$(
printf "%s\\n" "$ca_anon_url" | sed "s!^http://[^/?#]*!!"
printf '%s\n' "$ca_anon_url" | sed 's!^http://[^/?#]*!!'
)"
ca_port=80
# Note: too bad there is no portable case fall-through...
......@@ -794,43 +796,43 @@ EOF
*\]:*)
# Bracket-enclosed address, which may contain colons
ca_address="$(
printf "%s\\n" "$ca_netloc" | sed "s!^\\(.*\\]\\).*!\\1!"
printf '%s\n' "$ca_netloc" | sed 's!^\(.*\]\).*!\1!'
)"
ca_port="$(
printf "%s\\n" "$ca_netloc" | sed "s!.*\\]:!!"
printf '%s\n' "$ca_netloc" | sed 's!.*\]:!!'
)"
;;
*\]*)
# Bracket-enclosed address, which may contain colons
ca_address="$(
printf "%s\\n" "$ca_netloc" | sed "s!^\\(.*\\]\\).*!\\1!"
printf '%s\n' "$ca_netloc" | sed 's!^\(.*\]\).*!\1!'
)"
;;
*:*)
# No bracket-encosed address, rely on colon
# No bracket-enclosed address, rely on colon
ca_address="$(
printf "%s\\n" "$ca_netloc" | sed "s!^\\([^:]*\\).*!\\1!"
printf '%s\n' "$ca_netloc" | sed 's!^\([^:]*\).*!\1!'
)"
ca_port="$(
printf "%s\\n" "$ca_netloc" | sed "s!^[^:]*:!!"
printf '%s\n' "$ca_netloc" | sed 's!^[^:]*:!!'
)"
;;
*)
# No bracket-encosed address, rely on colon
ca_address="$(
printf "%s\\n" "$ca_netloc" | sed "s!^\\([^:]*\\).*!\\1!"
printf '%s\n' "$ca_netloc" | sed 's!^\([^:]*\).*!\1!'
)"
;;
esac
if [ "$ca_port" -eq 80 ]; then
ca_port=""
ca_port=''
else
ca_port=":$((ca_port + 1))"
fi
ca_auth_url="https://${ca_address}${ca_port}${ca_path}"
;;
*)
_argUsage "Unrecognised URL scheme"
_argUsage 'Unrecognised URL scheme'
return 1
;;
esac
......@@ -869,7 +871,7 @@ EOF
if [ "$threshold" -eq "$threshold" ] 2> /dev/null ; then
:
else
_argUsage "Argument must be an integer"
_argUsage 'Argument must be an integer'
return 1
fi
;;
......@@ -890,13 +892,13 @@ EOF
shift
case "$mode" in
service)
mode_path="cas"
mode_path='cas'
;;
user)
mode_path="cau"
mode_path='cau'
;;
*)
_argUsage "Invalid mode"
_argUsage 'Invalid mode'
return 1
;;
esac
......@@ -913,7 +915,7 @@ EOF
)"
status=$?
test $status -ne 0 && return $status
printf "%s %s\\n" "$csr_id" "$1"
printf '%s %s\n' "$csr_id" "$1"
shift
;;
--get-crt)
......@@ -922,7 +924,7 @@ EOF
crt_path="$2"
shift 2
crt_dir="$(dirname "$crt_path")"
if [ "x$crt_path" = "x-" ]; then # stdin & stdout
if [ "x$crt_path" = 'x-' ]; then # stdin & stdout
:
elif [ -w "$crt_path" ] && [ -r "$crt_path" ]; then # existing file
:
......@@ -936,8 +938,8 @@ EOF
crt="$(getCertificate "${ca_anon_url}/${mode_path}" "$csr_id")"
status=$?
test $status -ne 0 && return $status
if [ "$crt_path" = "-" ]; then
printf "%s\\n" "$crt"
if [ "$crt_path" = '-' ]; then
printf '%s\n' "$crt"
else
if [ -e "$crt_path" ]; then
key_found=0
......@@ -945,14 +947,14 @@ EOF
< "$crt_path"
status=$?
if [ $status -eq 1 ]; then
_argUsage "Certificate does not match private key"
_argUsage 'Certificate does not match private key'
return 1
elif [ $status -eq 2 ]; then
_argUsage "Multiple private keys"
_argUsage 'Multiple private keys'
return 1
fi
fi
printf "%s\\n" "$crt" >> "$crt_path"
printf '%s\n' "$crt" >> "$crt_path"
fi
;;
--revoke-crt)
......@@ -963,7 +965,7 @@ EOF
crt="$(_matchOneKeyAndPrintOneMatchingCert "$crt_path" "$key_path")"
status=$?
test $status -ne 0 && return $status
printf "%s\\n" "$crt" \
printf '%s\n' "$crt" \
| revokeCertificate "${ca_anon_url}/${mode_path}" "$key_path"
status=$?
test $status -ne 0 && return $status
......@@ -976,9 +978,9 @@ EOF
crt="$(_matchOneKeyAndPrintOneMatchingCert "$crt_path" "$key_path")"
status=$?
test $status -ne 0 && return $status
if printf "%s\\n" "$crt" \
if printf '%s\n' "$crt" \
| expiresBefore "$(date --date="$threshold days" +%s)"; then
printf "%s\\n" "$crt" \
printf '%s\n' "$crt" \
| renewCertificate "${ca_anon_url}/${mode_path}" \
"$key_path" \
"$key_len" \
......@@ -986,7 +988,7 @@ EOF
status=$?
test $status -ne 0 && return $status
else
printf "%s did not reach renew threshold, not renewing\\n" \
printf '%s did not reach renew threshold, not renewing\n' \
"$crt_path" >&2
fi
;;
......@@ -1000,10 +1002,10 @@ EOF
)"
status=$?
test $status -ne 0 && return $status
if [ "$csr_path" = "-" ]; then
printf "%s\\n" "$csr"
if [ "$csr_path" = '-' ]; then
printf '%s\n' "$csr"
else
printf "%s\\n" "$csr" > "$csr_path"
printf '%s\n' "$csr" > "$csr_path"
fi
;;
--update-user)
......@@ -1013,18 +1015,18 @@ EOF
# Authenticated actions
--list-csr)
_needAuthURLAndArg 0 || return 1
printf "%s\\n" "-- pending $mode CSRs --"
printf '%s\n' "-- pending $mode CSRs --"
printf \
"%20s | subject preview (fetch csr and check full content !)\\n" \
"csr_id"
'%20s | subject preview (fetch csr and check full content !)\n' \
'csr_id'
csr_list_json="$(
getPendingCertificateRequestList "${ca_auth_url}/${mode_path}" \
"$cas_ca" "$user_key"
)"
status=$?
test $status -ne 0 && return $status
printf "%s" "$csr_list_json" | forEachJSONListItem _printPendingCSR
printf "%s\\n" "-- end of pending $mode CSRs --"
printf '%s' "$csr_list_json" | forEachJSONListItem _printPendingCSR
printf '%s\n' "-- end of pending $mode CSRs --"
;;
--sign-csr)
_needAuthURLAndArg 1 || return 1
......@@ -1062,7 +1064,7 @@ EOF
crt="$(forEachCertificate _printOneCert < "$crt_path")"
status=$?
test $status -ne 0 && return $status
printf "%s\\n" "$crt" | revokeCRTWithoutKey \
printf '%s\n' "$crt" | revokeCRTWithoutKey \
"${ca_auth_url}/${mode_path}" "$cas_ca" "$user_key"
status=$?
test $status -ne 0 && return $status
......@@ -1078,7 +1080,7 @@ EOF
;;
*)
_argUsage "Unknown argument"
_argUsage 'Unknown argument'
return 1
;;
esac
......@@ -1087,10 +1089,10 @@ EOF
if crl="$(
getCertificateRevocationList "${ca_anon_url}/cas" "$cas_ca"
)"; then
printf "%s\\n" "$crl" > "$cas_crl"
printf '%s\n' "$crl" > "$cas_crl"
else
printf \
"Received CAS CRL was not signed by CAS CA certificate, skipping\\n"
'Received CAS CRL was not signed by CAS CA certificate, skipping\n'
fi
if [ $update_user -eq 1 ]; then
updateCACertificate "${ca_anon_url}/cau" "$cas_ca" "$cau_ca"
......@@ -1099,10 +1101,10 @@ EOF
if crl="$(
getCertificateRevocationList "${ca_anon_url}/cau" "$cau_ca"
)"; then
printf "%s\\n" "$crl" > "$cau_crl"
printf '%s\n' "$crl" > "$cau_crl"
else
printf \
"Received CAU CRL was not signed by CAU CA certificate, skipping\\n"
'Received CAU CRL was not signed by CAU CA certificate, skipping\n'
fi
fi
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7