fix shellcheck violations
This commit is contained in:
parent
41d0ca261d
commit
68e4648694
41
shellpki
41
shellpki
|
@ -83,8 +83,9 @@ init() {
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genrsa \
|
||||||
-out "${CA_KEY}" \
|
-out "${CA_KEY}" \
|
||||||
-aes256 \
|
-aes256 \
|
||||||
${CA_KEY_LENGTH} \
|
"${CA_KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the CA key"
|
error "Error generating the CA key"
|
||||||
fi
|
fi
|
||||||
|
@ -111,13 +112,14 @@ init() {
|
||||||
-x509 \
|
-x509 \
|
||||||
-days 3650 \
|
-days 3650 \
|
||||||
-extensions v3_ca \
|
-extensions v3_ca \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
-key "${CA_KEY}" \
|
-key "${CA_KEY}" \
|
||||||
-out "${CA_CERT}" \
|
-out "${CA_CERT}" \
|
||||||
-config /dev/stdin <<EOF
|
-config /dev/stdin <<EOF
|
||||||
$(cat "${CONF_FILE}")
|
$(cat "${CONF_FILE}")
|
||||||
commonName_default = ${cn}
|
commonName_default = ${cn}
|
||||||
EOF
|
EOF
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the CA certificate"
|
error "Error generating the CA certificate"
|
||||||
fi
|
fi
|
||||||
|
@ -140,8 +142,9 @@ ocsp() {
|
||||||
if [ ! -f "${OCSP_KEY}" ]; then
|
if [ ! -f "${OCSP_KEY}" ]; then
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genrsa \
|
||||||
-out "${OCSP_KEY}" \
|
-out "${OCSP_KEY}" \
|
||||||
${KEY_LENGTH} \
|
"${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the OCSP key"
|
error "Error generating the OCSP key"
|
||||||
fi
|
fi
|
||||||
|
@ -158,6 +161,7 @@ commonName_default = ${url}
|
||||||
[ usr_cert ]
|
[ usr_cert ]
|
||||||
authorityInfoAccess = OCSP;URI:http://${ocsp_uri}
|
authorityInfoAccess = OCSP;URI:http://${ocsp_uri}
|
||||||
EOF
|
EOF
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the OCSP request"
|
error "Error generating the OCSP request"
|
||||||
fi
|
fi
|
||||||
|
@ -171,8 +175,9 @@ EOF
|
||||||
-extensions v3_ocsp \
|
-extensions v3_ocsp \
|
||||||
-in "${ocsp_csr_file}" \
|
-in "${ocsp_csr_file}" \
|
||||||
-out "${OCSP_CERT}" \
|
-out "${OCSP_CERT}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
-config "${CONF_FILE}"
|
-config "${CONF_FILE}"
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the OCSP certificate"
|
error "Error generating the OCSP certificate"
|
||||||
fi
|
fi
|
||||||
|
@ -236,7 +241,7 @@ warning() {
|
||||||
verify_ca_password() {
|
verify_ca_password() {
|
||||||
"${OPENSSL_BIN}" rsa \
|
"${OPENSSL_BIN}" rsa \
|
||||||
-in "${CA_KEY}" \
|
-in "${CA_KEY}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
}
|
}
|
||||||
get_real_path() {
|
get_real_path() {
|
||||||
|
@ -333,6 +338,7 @@ create() {
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$2" ]; then
|
||||||
from_csr=1
|
from_csr=1
|
||||||
csr_file=$(get_real_path "${2}")
|
csr_file=$(get_real_path "${2}")
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error accessing file \`${2}'"
|
error "Error accessing file \`${2}'"
|
||||||
fi
|
fi
|
||||||
|
@ -345,6 +351,7 @@ create() {
|
||||||
from_csr=1
|
from_csr=1
|
||||||
# csr-file option, with value separated by =
|
# csr-file option, with value separated by =
|
||||||
csr_file=$(get_real_path "${1#*=}")
|
csr_file=$(get_real_path "${1#*=}")
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error accessing file \`${1#*=}'"
|
error "Error accessing file \`${1#*=}'"
|
||||||
fi
|
fi
|
||||||
|
@ -360,6 +367,7 @@ create() {
|
||||||
# password-file option, with value separated by space
|
# password-file option, with value separated by space
|
||||||
if [ -n "$2" ]; then
|
if [ -n "$2" ]; then
|
||||||
password_file=$(get_real_path "${2}")
|
password_file=$(get_real_path "${2}")
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error accessing file \`${2}'"
|
error "Error accessing file \`${2}'"
|
||||||
fi
|
fi
|
||||||
|
@ -371,6 +379,7 @@ create() {
|
||||||
--password-file=?*)
|
--password-file=?*)
|
||||||
# password-file option, with value separated by =
|
# password-file option, with value separated by =
|
||||||
password_file=$(get_real_path "${1#*=}")
|
password_file=$(get_real_path "${1#*=}")
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error accessing file \`${1#*=}'"
|
error "Error accessing file \`${1#*=}'"
|
||||||
fi
|
fi
|
||||||
|
@ -447,6 +456,7 @@ create() {
|
||||||
fi
|
fi
|
||||||
if [ -n "${end_date}" ]; then
|
if [ -n "${end_date}" ]; then
|
||||||
cert_end_date=$(TZ=:Zulu date --date "${end_date}" +"%Y%m%d%H%M%SZ" 2> /dev/null)
|
cert_end_date=$(TZ=:Zulu date --date "${end_date}" +"%Y%m%d%H%M%SZ" 2> /dev/null)
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Invalid end date format : \`${end_date}' can't be parsed by date(1)"
|
error "Invalid end date format : \`${end_date}' can't be parsed by date(1)"
|
||||||
else
|
else
|
||||||
|
@ -478,6 +488,7 @@ create() {
|
||||||
-subject \
|
-subject \
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "${csr_file} is not a valid CSR !"
|
error "${csr_file} is not a valid CSR !"
|
||||||
fi
|
fi
|
||||||
|
@ -489,6 +500,7 @@ create() {
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
| grep -Eo "CN\s*=[^,/]*" \
|
| grep -Eo "CN\s*=[^,/]*" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "${csr_file} doesn't contain a CommonName !"
|
error "${csr_file} doesn't contain a CommonName !"
|
||||||
fi
|
fi
|
||||||
|
@ -511,9 +523,10 @@ create() {
|
||||||
${batch_arg} \
|
${batch_arg} \
|
||||||
-config "${CONF_FILE}" \
|
-config "${CONF_FILE}" \
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
-out "${crt_file}" \
|
-out "${crt_file}" \
|
||||||
${crt_expiration_arg}
|
${crt_expiration_arg}
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the certificate"
|
error "Error generating the certificate"
|
||||||
else
|
else
|
||||||
|
@ -552,8 +565,9 @@ create() {
|
||||||
"${OPENSSL_BIN}" genrsa \
|
"${OPENSSL_BIN}" genrsa \
|
||||||
-out "${key_file}" \
|
-out "${key_file}" \
|
||||||
${pass_args} \
|
${pass_args} \
|
||||||
${KEY_LENGTH} \
|
"${KEY_LENGTH}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
echo "The KEY file is available at \`${key_file}'"
|
echo "The KEY file is available at \`${key_file}'"
|
||||||
else
|
else
|
||||||
|
@ -577,6 +591,7 @@ create() {
|
||||||
$(cat "${CONF_FILE}")
|
$(cat "${CONF_FILE}")
|
||||||
commonName_default = ${cn}
|
commonName_default = ${cn}
|
||||||
EOF
|
EOF
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the CSR"
|
error "Error generating the CSR"
|
||||||
fi
|
fi
|
||||||
|
@ -589,6 +604,7 @@ EOF
|
||||||
-in "${csr_file}" \
|
-in "${csr_file}" \
|
||||||
-out "${crt_file}" \
|
-out "${crt_file}" \
|
||||||
${crt_expiration_arg}
|
${crt_expiration_arg}
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the certificate"
|
error "Error generating the certificate"
|
||||||
fi
|
fi
|
||||||
|
@ -599,6 +615,7 @@ EOF
|
||||||
-subject \
|
-subject \
|
||||||
-in "${crt_file}" \
|
-in "${crt_file}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
rm -f "${crt_file}"
|
rm -f "${crt_file}"
|
||||||
fi
|
fi
|
||||||
|
@ -631,6 +648,7 @@ EOF
|
||||||
-in "${crt_file}" \
|
-in "${crt_file}" \
|
||||||
-out "${pkcs12_file}" \
|
-out "${pkcs12_file}" \
|
||||||
${pass_args}
|
${pass_args}
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "Error generating the pkcs12 file"
|
error "Error generating the pkcs12 file"
|
||||||
fi
|
fi
|
||||||
|
@ -686,6 +704,7 @@ EOF
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
|
# shellcheck disable=SC2086
|
||||||
chown -R ${PKI_USER}:${PKI_USER} "${COPY_DIR}/"
|
chown -R ${PKI_USER}:${PKI_USER} "${COPY_DIR}/"
|
||||||
chmod -R u=rwX,g=rwX,o= "${COPY_DIR}/"
|
chmod -R u=rwX,g=rwX,o= "${COPY_DIR}/"
|
||||||
fi
|
fi
|
||||||
|
@ -740,6 +759,7 @@ revoke() {
|
||||||
-subject \
|
-subject \
|
||||||
-in "${crt_file}" \
|
-in "${crt_file}" \
|
||||||
>/dev/null 2>&1
|
>/dev/null 2>&1
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -ne 0 ]; then
|
if [ "$?" -ne 0 ]; then
|
||||||
error "${crt_file} is not a valid CRT, you must delete it !"
|
error "${crt_file} is not a valid CRT, you must delete it !"
|
||||||
fi
|
fi
|
||||||
|
@ -750,15 +770,16 @@ revoke() {
|
||||||
echo "Revoke certificate ${crt_file} :"
|
echo "Revoke certificate ${crt_file} :"
|
||||||
"${OPENSSL_BIN}" ca \
|
"${OPENSSL_BIN}" ca \
|
||||||
-config "${CONF_FILE}" \
|
-config "${CONF_FILE}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
-revoke "${crt_file}"
|
-revoke "${crt_file}"
|
||||||
|
# shellcheck disable=SC2181
|
||||||
if [ "$?" -eq 0 ]; then
|
if [ "$?" -eq 0 ]; then
|
||||||
rm "${crt_file}"
|
rm "${crt_file}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
"${OPENSSL_BIN}" ca \
|
"${OPENSSL_BIN}" ca \
|
||||||
-config "${CONF_FILE}" \
|
-config "${CONF_FILE}" \
|
||||||
-passin pass:${CA_PASSWORD} \
|
-passin pass:"${CA_PASSWORD}" \
|
||||||
-gencrl \
|
-gencrl \
|
||||||
-out "${CRL}"
|
-out "${CRL}"
|
||||||
}
|
}
|
||||||
|
@ -826,7 +847,7 @@ check() {
|
||||||
min_day=90
|
min_day=90
|
||||||
cur_epoch=$(date -u +'%s')
|
cur_epoch=$(date -u +'%s')
|
||||||
|
|
||||||
for cert in ${CRT_DIR}/*; do
|
for cert in "${CRT_DIR}"/*; do
|
||||||
end_date=$(cert_end_date "${cert}")
|
end_date=$(cert_end_date "${cert}")
|
||||||
end_epoch=$(date -ud "${end_date}" +'%s')
|
end_epoch=$(date -ud "${end_date}" +'%s')
|
||||||
diff_epoch=$(( end_epoch - cur_epoch ))
|
diff_epoch=$(( end_epoch - cur_epoch ))
|
||||||
|
|
Loading…
Reference in a new issue