whitespaces and if/then normalization

shellpki

@@ -46,28 +46,39 @@ init() {
     if [ -f "${CAKEY}" ]; then
         printf "%s already exists, do you really want to erase it ? [y/N] " "${CAKEY}"
         read -r REPLY
-        resp=$(echo "${REPLY}"|tr 'Y' 'y')
+        resp=$(echo "${REPLY}" | tr 'Y' 'y')
-        [ "${resp}" = "y" ] && rm -f "${CAKEY}" "${CACERT}"
+        if [ "${resp}" = "y" ]; then
+            rm -f "${CAKEY}" "${CACERT}"
+        fi
     fi
 
-    [ ! -f "${CAKEY}" ] && "$OPENSSL"   \
+    if [ ! -f "${CAKEY}" ]; then
-        genrsa                          \
+        "$OPENSSL" genrsa \
             -out "${CAKEY}" \
-        -aes256 4096 >/dev/null 2>&1
+            -aes256 4096 \
+            >/dev/null 2>&1
+    fi
 
     if [ -f "${CACERT}" ]; then
         printf "%s already exists, do you really want to erase it ? [y/N] " "${CACERT}"
         read -r REPLY
-        resp=$(echo "${REPLY}"|tr 'Y' 'y')
+        resp=$(echo "${REPLY}" | tr 'Y' 'y')
-        [ "${resp}" = "y" ] && rm "${CACERT}"
+        if [ "${resp}" = "y" ]; then
+            rm "${CACERT}"
+        fi
     fi
 
-    [ ! -f "${CACERT}" ] && ask_ca_password 0
+    if [ ! -f "${CACERT}" ]; then
+        ask_ca_password 0
+    fi
 
-    [ ! -f "${CACERT}" ] && CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}"   \
+    if [ ! -f "${CACERT}" ]; then
-         req -new                                                       \
+        CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}" req \
-        -batch -sha512                                                  \
+            -new \
-        -x509 -days 3650                                                \
+            -batch \
+            -sha512 \
+            -x509 \
+            -days 3650 \
             -extensions v3_ca \
             -key "${CAKEY}" \
             -out "${CACERT}" \
@@ -76,6 +87,7 @@ init() {
 $(cat "${CONFFILE}")
 commonName_default = ${cn}
 EOF
+    fi
 }
 
 ocsp() {
@@ -87,16 +99,19 @@ ocsp() {
         exit 1
     fi
 
-    url=$(echo "${ocsp_uri}"|cut -d':' -f1)
+    url=$(echo "${ocsp_uri}" | cut -d':' -f1)
-    port=$(echo "${ocsp_uri}"|cut -d':' -f2)
+    port=$(echo "${ocsp_uri}" | cut -d':' -f2)
 
-    [ ! -f "${OCSPKEY}" ] && "$OPENSSL"   \
+    if [ ! -f "${OCSPKEY}" ]; then
-        genrsa                            \
+        "$OPENSSL" genrsa \
             -out "${OCSPKEY}" \
-        2048 >/dev/null 2>&1
+            2048 \
+            >/dev/null 2>&1
+    fi
 
     "$OPENSSL" req \
-        -batch -new                             \
+        -batch \
+        -new \
         -key "${OCSPKEY}" \
         -out "${CSRDIR}/ocsp.csr" \
         -config /dev/stdin <<EOF
@@ -106,17 +121,27 @@ commonName_default = ${url}
 authorityInfoAccess = OCSP;URI:http://${ocsp_uri}
 EOF
 
-    [ ! -f "${OCSPCERT}" ] && ask_ca_password 0
+    if [ ! -f "${OCSPCERT}" ]; then
+        ask_ca_password 0
+    fi
 
-    [ ! -f "${OCSPCERT}" ] && CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}"	\
+    if [ ! -f "${OCSPCERT}" ]; then
-        ca								\
+        CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}" ca \
             -extensions v3_ocsp \
             -in "${CSRDIR}/ocsp.csr" \
             -out "${OCSPCERT}" \
             -passin env:CA_PASSWORD \
             -config "${CONFFILE}"
+    fi
 
-    exec "${OPENSSL}" ocsp -ignore_err -index "${INDEX}" -port "${port}" -rsigner "${OCSPCERT}" -rkey "${OCSPKEY}" -CA "${CACERT}" -text
+    exec "${OPENSSL}" ocsp \
+        -ignore_err \
+        -index "${INDEX}" \
+        -port "${port}" \
+        -rsigner "${OCSPCERT}" \
+        -rkey "${OCSPKEY}" \
+        -CA "${CACERT}" \
+        -text
 }
 
 show_usage() {
@@ -167,14 +192,19 @@ warning() {
 ask_ca_password() {
     [ ! -f "${CAKEY}" ] && error "You must initialize your's PKI with shellpki init !"
     attempt=$((${1} + 1))
-    [ "${attempt}" -gt 1 ] && warning "Invalid password, retry."
+    if [ "${attempt}" -gt 1 ]; then
+        warning "Invalid password, retry."
+    fi
     trap 'unset CA_PASSWORD' 0
     stty -echo
     printf "Password for CA key : "
     read -r CA_PASSWORD
     stty echo
     printf "\n"
-    [ "${CA_PASSWORD}" != "" ] || ask_ca_password "${attempt}"
+
+    if [ -z "${CA_PASSWORD}" ]; then
+        ask_ca_password "${attempt}"
+    fi
     CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}" rsa \
         -in "${CAKEY}"    \
         -passin env:CA_PASSWORD \
@@ -254,8 +284,12 @@ create() {
     cn="${1:-}"
 
     if [ "${from_csr}" -eq 1 ]; then
-        [ "${ask_pass}" -eq 1 ] && warning "Warning: -p|--password is ignored with -f|--file|--crt-file"
+        if [ "${ask_pass}" -eq 1 ]; then
-        [ -n "${password_file}" ] && warning "Warning: --password-file is ignored with -f|--file|--crt-file"
+            warning "Warning: -p|--password is ignored with -f|--file|--crt-file"
+        fi
+        if [ -n "${password_file}" ]; then
+            warning "Warning: --password-file is ignored with -f|--file|--crt-file"
+        fi
 
         # ask for CA passphrase
         ask_ca_password 0
@@ -276,10 +310,12 @@ create() {
         || error "${csr_file} don't contain a CommonName !"
 
         # get CN from CSR
-        cn=$("${OPENSSL}" req -noout -subject -in "${csr_file}"|grep -Eo "CN\s*=[^,/]*"|cut -d'=' -f2|xargs)
+        cn=$("${OPENSSL}" req -noout -subject -in "${csr_file}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs)
 
         # check if CN already exist
-        [ -f "${CRTDIR}/${cn}.crt" ] && error "${cn} already used !"
+        if [ -f "${CRTDIR}/${cn}.crt" ]; then
+            error "${cn} already used !"
+        fi
 
         # ca sign and generate cert
         CA_PASSWORD="${CA_PASSWORD}" "${OPENSSL}" ca \
@@ -296,7 +332,9 @@ create() {
         fi
 
         # check if CN already exist
-        [ -f "${CRTDIR}/${cn}.crt" ] && error "${cn} already used !"
+        if [ -f "${CRTDIR}/${cn}.crt" ]; then
+            error "${cn} already used !"
+        fi
 
         # ask for CA passphrase
         ask_ca_password 0
@@ -313,6 +351,7 @@ create() {
             read -r PASSWORD
             stty echo
             printf "\n"
+
             if [ -z "${PASSWORD}" ]; then
                 warning "Warning: empty password from input"
             fi
@@ -321,19 +360,23 @@ create() {
         # generate private key
         if [ -n "${PASSWORD}" ]; then
             PASSWORD="${PASSWORD}" "$OPENSSL" genrsa \
-                -aes256 -passout env:PASSWORD           \
+                -aes256 \
+                -passout env:PASSWORD \
                 -out "${KEYDIR}/${cn}-${TIMESTAMP}.key" \
-                2048 >/dev/null 2>&1
+                2048 \
+                >/dev/null 2>&1
         else
             "$OPENSSL" genrsa                           \
                 -out "${KEYDIR}/${cn}-${TIMESTAMP}.key" \
-                2048 >/dev/null 2>&1
+                2048 \
+                >/dev/null 2>&1
         fi
 
         if [ -n "${PASSWORD}" ]; then
             # generate csr req
             PASSWORD="${PASSWORD}" "$OPENSSL" req \
-                -batch -new                             \
+                -batch \
+                -new \
                 -key "${KEYDIR}/${cn}-${TIMESTAMP}.key" \
                 -passin env:PASSWORD \
                 -out "${CSRDIR}/${cn}-${TIMESTAMP}.csr" \
@@ -344,7 +387,8 @@ EOF
         else
             # generate csr req
             "$OPENSSL" req \
-                -batch -new                             \
+                -batch \
+                -new \
                 -key "${KEYDIR}/${cn}-${TIMESTAMP}.key" \
                 -out "${CSRDIR}/${cn}-${TIMESTAMP}.csr" \
                 -config /dev/stdin <<EOF
@@ -362,12 +406,15 @@ EOF
 
         # check if CRT is a valid
         "${OPENSSL}" x509 \
-            -noout -subject                         \
+            -noout \
+            -subject \
             -in "${CRTDIR}/${cn}.crt" \
             >/dev/null 2>&1 \
         || rm -f "${CRTDIR}/${cn}.crt"
 
-        [ -f "${CRTDIR}/${cn}.crt" ] || error "Error in CSR creation"
+        if [ ! -f "${CRTDIR}/${cn}.crt" ]; then
+            error "Error in CSR creation"
+        fi
 
         chmod 640 "${CRTDIR}/${cn}.crt"
 
@@ -427,10 +474,17 @@ revoke() {
     cn="${1}"
 
     # check if CRT exists
-    [ ! -f "${CRTDIR}/${cn}.crt" ] && error "Unknow CN : ${cn}"
+    if [ ! -f "${CRTDIR}/${cn}.crt" ]; then
+        error "Unknow CN : ${cn}"
+    fi
 
     # check if CRT is a valid
-    "${OPENSSL}" x509 -noout -subject -in "${CRTDIR}/${cn}.crt" >/dev/null 2>&1 || error "${CRTDIR}/${cn}.crt is not a valid CRT, you must delete it !"
+    "${OPENSSL}" x509 \
+        -noout \
+        -subject \
+        -in "${CRTDIR}/${cn}.crt" \
+        >/dev/null 2>&1 \
+    || error "${CRTDIR}/${cn}.crt is not a valid CRT, you must delete it !"
 
     # ask for CA passphrase
     ask_ca_password 0
@@ -449,7 +503,9 @@ revoke() {
 }
 
 list() {
-    [ -f "${INDEX}" ] || exit 0
+    if [ ! -f "${INDEX}" ]; then
+        exit 0
+    fi
 
     list_valid=0
     list_revoked=1
@@ -479,11 +535,17 @@ list() {
         esac
     done
 
-    [ "${list_valid}" -eq 0 ] && certs=$(grep "^V" "${INDEX}")
+    if [ "${list_valid}" -eq 0 ]; then
+        certs=$(grep "^V" "${INDEX}")
+    fi
 
-    [ "${list_revoked}" -eq 0 ] && certs=$(grep "^R" "${INDEX}")
+    if [ "${list_revoked}" -eq 0 ]; then
+        certs=$(grep "^R" "${INDEX}")
+    fi
 
-    [ "${list_valid}" -eq 0 ] && [ "${list_revoked}" -eq 0 ] && certs=$(cat "${INDEX}")
+    if [ "${list_valid}" -eq 0 ] && [ "${list_revoked}" -eq 0 ]; then
+        certs=$(cat "${INDEX}")
+    fi
 
     echo "${certs}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs -n1
 }
@@ -525,16 +587,16 @@ main() {
     fi
 
     # retrieve CA path from config file
-    CADIR=$(grep -E "^dir" "${CONFFILE}" | cut -d'=' -f2|xargs -n1)
+    CADIR=$(grep -E "^dir" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1)
-    CAKEY=$(grep -E "^private_key" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    CAKEY=$(grep -E "^private_key" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
-    CACERT=$(grep -E "^certificate" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    CACERT=$(grep -E "^certificate" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
     OCSPKEY="${CADIR}/ocsp.key"
     OCSPCERT="${CADIR}/ocsp.pem"
-    CRTDIR=$(grep -E "^certs" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    CRTDIR=$(grep -E "^certs" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
-    TMPDIR=$(grep -E "^new_certs_dir" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    TMPDIR=$(grep -E "^new_certs_dir" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
-    INDEX=$(grep -E "^database" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    INDEX=$(grep -E "^database" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
-    SERIAL=$(grep -E "^serial" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    SERIAL=$(grep -E "^serial" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
-    CRL=$(grep -E "^crl" "${CONFFILE}" | cut -d'=' -f2|xargs -n1|sed "s~\$dir~${CADIR}~")
+    CRL=$(grep -E "^crl" "${CONFFILE}" | cut -d'=' -f2 | xargs -n1 | sed "s~\$dir~${CADIR}~")
 
     # directories for clients key, csr, crt
     KEYDIR="${CADIR}/private"
@@ -549,7 +611,9 @@ main() {
         error "You must create ${PKIUSER} user and group !"
     fi
 
-    [ -e "${CONFFILE}" ] || error "${CONFFILE} is missing"
+    if [ ! -e "${CONFFILE}" ]; then
+        error "${CONFFILE} is missing"
+    fi
 
     mkdir -p "${CADIR}" "${CRTDIR}" "${KEYDIR}" "${CSRDIR}" "${PKCS12DIR}" "${OVPNDIR}" "${TMPDIR}"