Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Vincent Pelletier
caucase
Commits
34113c92
Commit
34113c92
authored
Jun 25, 2020
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
shell/caucase.sh: Make function "Usage:" consistent.
Avoid repeating function name in these.
parent
74540bdc
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
16 deletions
+16
-16
shell/caucase.sh
shell/caucase.sh
+16
-16
No files found.
shell/caucase.sh
View file @
34113c92
...
...
@@ -22,7 +22,7 @@ set -u
str2json
()
{
# Convert some text into a json string.
# Usage:
str2json
< str
# Usage: < str
# Note: using $() to strip the trailing newline added by jq.
printf
'%s'
"
$(
jq
--raw-input
--slurp
.
)
"
...
...
@@ -30,7 +30,7 @@ str2json () {
pairs2obj
()
{
# Convert pairs of arguments into keys & values of a json objet.
# Usage:
pairs2obj
<key0> <value0> [...]
# Usage: <key0> <value0> [...]
# Outputs: {"key0":value0}
# No sanity checks on keys nor values.
# Keys are expected unquoted, as they must be strings anyway.
...
...
@@ -65,7 +65,7 @@ forEachJSONListItem () {
wrap
()
{
# Wrap payload in a format suitable for caucase and sign it
# Usage:
wrap
<key file> <digest> < payload > wrapped
# Usage: <key file> <digest> < payload > wrapped
# shellcheck disable=SC2039
local
digest
=
"
$2
"
payload
payload
=
"
$(
cat
)
"
...
...
@@ -90,12 +90,12 @@ wrap () {
nullWrap
()
{
# Wrap payload in a format suitable for caucase without signing it
# Usage:
nullWrap
< payload > wrapped
# Usage: < payload > wrapped
pairs2obj digest null payload
"
$(
str2json
)
"
}
unwrap
()
{
# Usage:
unwrap
<command> [...] < wrapped > payload
# Usage: <command> [...] < wrapped > payload
# <command> must output the x509 certificate to use to verify the signature.
# It receives the payload being unwrapped.
# shellcheck disable=SC2039
...
...
@@ -144,7 +144,7 @@ unwrap () {
}
nullUnwrap
()
{
# Usage:
nullUnwrap
< wrapped > payload
# Usage: < wrapped > payload
# shellcheck disable=SC2039
local
wrapped
wrapped
=
"
$(
cat
)
"
...
...
@@ -156,7 +156,7 @@ nullUnwrap () {
writeCertKey
()
{
# Write given certificate and key to file(s).
# Usage:
writeCertKey
<crt data> <crt path> <key data> <key path>
# Usage: <crt data> <crt path> <key data> <key path>
# shellcheck disable=SC2039
local
crt_path
=
"
$1
"
crt_data
=
"
$2
"
key_path
=
"
$3
"
key_data
=
"
$4
"
need_chmod
test
!
-e
"
$key_path
"
...
...
@@ -230,7 +230,7 @@ _matchPrivateKeyBoundary () {
_forEachPEM
()
{
# Iterate over components of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<type tester> <command> [<arg> ...] < pem
# Usage: <type tester> <command> [<arg> ...] < pem
# <type tester> is called with the end boundary as argument
# <command> receives each matching PEM element as input.
# If <command> exit status is non-zero, enumeration stops.
...
...
@@ -256,23 +256,23 @@ _forEachPEM () {
alias
forEachCertificate
=
'_forEachPEM _matchCertificateBoundary'
# Iterate over certificate of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<command> [<arg> ...] < pem
# Usage: <command> [<arg> ...] < pem
alias
forEachPrivateKey
=
'_forEachPEM _matchPrivateKeyBoundary'
# Iterate over private key of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<command> [<arg> ...] < pem
# Usage: <command> [<arg> ...] < pem
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
pemFingerprintIs
()
{
# Usage:
pemFingerprintIs
<fingerprint> < certificate
# Usage: <fingerprint> < certificate
# Return 1 when certificate's fingerprint matches argument
test
"
$1
"
=
"
$(
pem2fingerprint
)
"
&&
return
1
}
expiresBefore
()
{
# Tests whether certificate is expired at given date
# Usage:
expiresBefore
<date> < certificate > certificate
# Usage: <date> < certificate > certificate
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
local
enddate
...
...
@@ -283,7 +283,7 @@ expiresBefore () {
printIfExpiresAfter
()
{
# Print certificate if it expires after given date
# Usage:
printIfExpiresAfter
<date> < certificate > certificate
# Usage: <date> < certificate > certificate
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
local
crt
...
...
@@ -294,7 +294,7 @@ printIfExpiresAfter () {
appendValidCA
()
{
# TODO: test
# Append CA to given file if it is signed by a CA we know of already.
# Usage:
_appendValidCA
<ca path> < json
# Usage: <ca path> < json
# Appends valid certificates to the file at <ca path>
# shellcheck disable=SC2039
local
ca
=
"
$1
"
payload cert
...
...
@@ -314,7 +314,7 @@ appendValidCA () {
}
checkCertificateMatchesKey
()
{
# Usage:
checkCertificateMatchesKey
<crt> <key>
# Usage: <crt> <key>
# Returns 0 if certificate's public key matches private key's public key,
# 1 otherwise.
test
"
$(
...
...
@@ -707,7 +707,7 @@ EOF
}
_matchOneKeyAndPrintOneMatchingCert
()
{
# Usage:
_matchOneKeyAndPrintOneMatchingCert
<crt path> <key path>
# Usage: <crt path> <key path>
# Sets globals "crt_found" and "key_found"
# shellcheck disable=SC2039
local
crt
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment