evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

fix shellcheck violations

Browse source
This commit is contained in:
Jérémy Lecour 2022-03-11 11:44:09 +01:00 committed by Jérémy Lecour
parent 41d0ca261d
commit 68e4648694
1 changed files with 31 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
shellpki
View file

@ -83,8 +83,9 @@ init() {
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genrsa \
-out "${CA_KEY}" \ -out "${CA_KEY}" \
-aes256 \ -aes256 \
${CA_KEY_LENGTH} \ "${CA_KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the CA key" error "Error generating the CA key"
fi fi
@ -111,13 +112,14 @@ init() {
-x509 \ -x509 \
-days 3650 \ -days 3650 \
-extensions v3_ca \ -extensions v3_ca \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
-key "${CA_KEY}" \ -key "${CA_KEY}" \
-out "${CA_CERT}" \ -out "${CA_CERT}" \
-config /dev/stdin <<EOF -config /dev/stdin <<EOF
$(cat "${CONF_FILE}") $(cat "${CONF_FILE}")
commonName_default = ${cn} commonName_default = ${cn}
EOF EOF
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the CA certificate" error "Error generating the CA certificate"
fi fi
@ -140,8 +142,9 @@ ocsp() {
if [ ! -f "${OCSP_KEY}" ]; then if [ ! -f "${OCSP_KEY}" ]; then
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genrsa \
-out "${OCSP_KEY}" \ -out "${OCSP_KEY}" \
${KEY_LENGTH} \ "${KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the OCSP key" error "Error generating the OCSP key"
fi fi
@ -158,6 +161,7 @@ commonName_default = ${url}
[ usr_cert ] [ usr_cert ]
authorityInfoAccess = OCSP;URI:http://${ocsp_uri} authorityInfoAccess = OCSP;URI:http://${ocsp_uri}
EOF EOF
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the OCSP request" error "Error generating the OCSP request"
fi fi
@ -171,8 +175,9 @@ EOF
-extensions v3_ocsp \ -extensions v3_ocsp \
-in "${ocsp_csr_file}" \ -in "${ocsp_csr_file}" \
-out "${OCSP_CERT}" \ -out "${OCSP_CERT}" \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
-config "${CONF_FILE}" -config "${CONF_FILE}"
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the OCSP certificate" error "Error generating the OCSP certificate"
fi fi
@ -236,7 +241,7 @@ warning() {
verify_ca_password() { verify_ca_password() {
"${OPENSSL_BIN}" rsa \ "${OPENSSL_BIN}" rsa \
-in "${CA_KEY}" \ -in "${CA_KEY}" \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
>/dev/null 2>&1 >/dev/null 2>&1
} }
get_real_path() { get_real_path() {
@ -333,6 +338,7 @@ create() {
if [ -n "$2" ]; then if [ -n "$2" ]; then
from_csr=1 from_csr=1
csr_file=$(get_real_path "${2}") csr_file=$(get_real_path "${2}")
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error accessing file \`${2}'" error "Error accessing file \`${2}'"
fi fi
@ -345,6 +351,7 @@ create() {
from_csr=1 from_csr=1
# csr-file option, with value separated by = # csr-file option, with value separated by =
csr_file=$(get_real_path "${1#*=}") csr_file=$(get_real_path "${1#*=}")
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error accessing file \`${1#*=}'" error "Error accessing file \`${1#*=}'"
fi fi
@ -360,6 +367,7 @@ create() {
# password-file option, with value separated by space # password-file option, with value separated by space
if [ -n "$2" ]; then if [ -n "$2" ]; then
password_file=$(get_real_path "${2}") password_file=$(get_real_path "${2}")
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error accessing file \`${2}'" error "Error accessing file \`${2}'"
fi fi
@ -371,6 +379,7 @@ create() {
--password-file=?*) --password-file=?*)
# password-file option, with value separated by = # password-file option, with value separated by =
password_file=$(get_real_path "${1#*=}") password_file=$(get_real_path "${1#*=}")
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error accessing file \`${1#*=}'" error "Error accessing file \`${1#*=}'"
fi fi
@ -447,6 +456,7 @@ create() {
fi fi
if [ -n "${end_date}" ]; then if [ -n "${end_date}" ]; then
cert_end_date=$(TZ=:Zulu date --date "${end_date}" +"%Y%m%d%H%M%SZ" 2> /dev/null) cert_end_date=$(TZ=:Zulu date --date "${end_date}" +"%Y%m%d%H%M%SZ" 2> /dev/null)
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Invalid end date format : \`${end_date}' can't be parsed by date(1)" error "Invalid end date format : \`${end_date}' can't be parsed by date(1)"
else else
@ -478,6 +488,7 @@ create() {
-subject \ -subject \
-in "${csr_file}" \ -in "${csr_file}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "${csr_file} is not a valid CSR !" error "${csr_file} is not a valid CSR !"
fi fi
@ -489,6 +500,7 @@ create() {
-in "${csr_file}" \ -in "${csr_file}" \
| grep -Eo "CN\s*=[^,/]*" \ | grep -Eo "CN\s*=[^,/]*" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "${csr_file} doesn't contain a CommonName !" error "${csr_file} doesn't contain a CommonName !"
fi fi
@ -511,9 +523,10 @@ create() {
${batch_arg} \ ${batch_arg} \
-config "${CONF_FILE}" \ -config "${CONF_FILE}" \
-in "${csr_file}" \ -in "${csr_file}" \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
-out "${crt_file}" \ -out "${crt_file}" \
${crt_expiration_arg} ${crt_expiration_arg}
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the certificate" error "Error generating the certificate"
else else
@ -552,8 +565,9 @@ create() {
"${OPENSSL_BIN}" genrsa \ "${OPENSSL_BIN}" genrsa \
-out "${key_file}" \ -out "${key_file}" \
${pass_args} \ ${pass_args} \
${KEY_LENGTH} \ "${KEY_LENGTH}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -eq 0 ]; then if [ "$?" -eq 0 ]; then
echo "The KEY file is available at \`${key_file}'" echo "The KEY file is available at \`${key_file}'"
else else
@ -577,6 +591,7 @@ create() {
$(cat "${CONF_FILE}") $(cat "${CONF_FILE}")
commonName_default = ${cn} commonName_default = ${cn}
EOF EOF
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the CSR" error "Error generating the CSR"
fi fi
@ -589,6 +604,7 @@ EOF
-in "${csr_file}" \ -in "${csr_file}" \
-out "${crt_file}" \ -out "${crt_file}" \
${crt_expiration_arg} ${crt_expiration_arg}
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the certificate" error "Error generating the certificate"
fi fi
@ -599,6 +615,7 @@ EOF
-subject \ -subject \
-in "${crt_file}" \ -in "${crt_file}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
rm -f "${crt_file}" rm -f "${crt_file}"
fi fi
@ -631,6 +648,7 @@ EOF
-in "${crt_file}" \ -in "${crt_file}" \
-out "${pkcs12_file}" \ -out "${pkcs12_file}" \
${pass_args} ${pass_args}
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "Error generating the pkcs12 file" error "Error generating the pkcs12 file"
fi fi
@ -686,6 +704,7 @@ EOF
fi fi
done done
# shellcheck disable=SC2086
chown -R ${PKI_USER}:${PKI_USER} "${COPY_DIR}/" chown -R ${PKI_USER}:${PKI_USER} "${COPY_DIR}/"
chmod -R u=rwX,g=rwX,o= "${COPY_DIR}/" chmod -R u=rwX,g=rwX,o= "${COPY_DIR}/"
fi fi
@ -740,6 +759,7 @@ revoke() {
-subject \ -subject \
-in "${crt_file}" \ -in "${crt_file}" \
>/dev/null 2>&1 >/dev/null 2>&1
# shellcheck disable=SC2181
if [ "$?" -ne 0 ]; then if [ "$?" -ne 0 ]; then
error "${crt_file} is not a valid CRT, you must delete it !" error "${crt_file} is not a valid CRT, you must delete it !"
fi fi
@ -750,15 +770,16 @@ revoke() {
echo "Revoke certificate ${crt_file} :" echo "Revoke certificate ${crt_file} :"
"${OPENSSL_BIN}" ca \ "${OPENSSL_BIN}" ca \
-config "${CONF_FILE}" \ -config "${CONF_FILE}" \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
-revoke "${crt_file}" -revoke "${crt_file}"
# shellcheck disable=SC2181
if [ "$?" -eq 0 ]; then if [ "$?" -eq 0 ]; then
rm "${crt_file}" rm "${crt_file}"
fi fi
"${OPENSSL_BIN}" ca \ "${OPENSSL_BIN}" ca \
-config "${CONF_FILE}" \ -config "${CONF_FILE}" \
-passin pass:${CA_PASSWORD} \ -passin pass:"${CA_PASSWORD}" \
-gencrl \ -gencrl \
-out "${CRL}" -out "${CRL}"
} }
@ -826,7 +847,7 @@ check() {
min_day=90 min_day=90
cur_epoch=$(date -u +'%s') cur_epoch=$(date -u +'%s')
for cert in ${CRT_DIR}/*; do for cert in "${CRT_DIR}"/*; do
end_date=$(cert_end_date "${cert}") end_date=$(cert_end_date "${cert}")
end_epoch=$(date -ud "${end_date}" +'%s') end_epoch=$(date -ud "${end_date}" +'%s')
diff_epoch=$(( end_epoch - cur_epoch )) diff_epoch=$(( end_epoch - cur_epoch ))