Commit bfbe1061 authored by Vincent Pelletier's avatar Vincent Pelletier

shell/caucase.sh: Split file-or-folder detection from updateCACertificate.

So it can be reused elsewhere.
parent b30927be
Pipeline #13646 passed with stage
in 0 seconds
......@@ -271,6 +271,28 @@ alias foreachCRL='_forEachPEM _matchCRLBoundary'
# Iterate over CRLs of a PEM file, piping each to <command>
# Usage: <command> [<arg> ...] < pem
foreachCACertificate () {
# Iterate over CA certificates in given file or directory, piping each to
# <command>.
# Usage: <ca> <command> [<arg> ...]
# shellcheck disable=SC2039
local ca="$1" ca_file ca_is_file
shift
ca_is_file="$(_isFile "$ca")" || return
if [ "$ca_is_file" -eq 0 ]; then
for ca_file in "$ca"/*; do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if [ -f "$ca_file" ] && [ ! -h "$ca_file" ]; then
forEachCertificate "$@" < "$ca_file" || return
fi
done
elif [ -e "$ca" ]; then
forEachCertificate "$@" < "$ca" || return
fi
}
alias pem2fingerprint='openssl x509 -fingerprint -noout'
pemFingerprintIs () {
......@@ -300,6 +322,30 @@ printIfExpiresAfter () {
printf '%s\n' "$crt" | expiresBefore "$1" || printf '%s\n' "$crt"
}
_isFile () {
# Prints 1 if given path either points at an existing file, or its basename
# contains a non-empty filename, followed by a "." and a non-empty extension.
# Otherwise, prints 0 and create given path as a directory (if it does not
# already exists).
# Returns 0 on success, anything else on error.
# Usage: <path>
if [ -e "$1" ]; then
if [ -f "$1" ]; then
echo 1
elif [ -d "$1" ]; then
echo 0
else
printf '%s exists and is neither a directory nor a file\n' "$1" 1>&2
return 1
fi
elif printf '%s\n' "$1" | grep -q '\(^\|/\)[^/]\+\.[^/]\+$'; then
echo 1
else
mkdir -p "$1" || return 1
echo 0
fi
}
storeCertBySerial () {
# Store certificate in a file named after its serial, in given directory
# and using given printf format string.
......@@ -468,49 +514,15 @@ updateCACertificate () {
local url="$1" \
ca="$2" \
future_ca \
status \
orig_ca="" \
orig_ca \
ca_is_file \
ca_file \
valid_ca
if [ -e "$ca" ]; then
if [ -f "$ca" ]; then
ca_is_file=1
orig_ca="$(cat "$ca")"
elif [ -d "$ca" ]; then
ca_is_file=0
else
printf "%s exists and is neither a directory nor a file\n" "$ca"
return 1
fi
else
case "$ca" in
*.*)
ca_is_file=1
;;
*)
mkdir "$ca"
ca_is_file=0
;;
esac
fi
if [ $ca_is_file -eq 0 ]; then
for ca_file in "$ca"/*; do
# double use:
# - skips non-files
# - skips the one iteration when there is nothing in "$ca"/
if [ -f "$ca_file" ] && [ ! -h "$ca_file" ]; then
orig_ca="$( \
printf "%s\n%s" "$orig_ca" "$(cat "$ca_file")" \
)"
fi
done
fi
ca_is_file="$(_isFile "$ca")" || return
orig_ca="$(foreachCACertificate "$ca" cat)" || return
if [ -z "$orig_ca" ]; then
orig_ca="$(_curlInsecure "$url/crt/ca.crt.pem")"
orig_ca="$(_curlInsecure "$url/crt/ca.crt.pem")" || return
fi
status=$?
test $status -ne 0 && return 1
valid_ca="$(
printf '%s\n' "$orig_ca" \
| forEachCertificate printIfExpiresAfter "$(date +%s)"
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment