evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

Add --revoke-existing command line option

Browse source
This commit is contained in:
Jérémy Lecour 2020-05-05 23:50:04 +02:00 committed by Jérémy Lecour
parent 1c4b68f571
commit 6bb05a6366
2 changed files with 42 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
CHANGELOG.md
View file

@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
* Accept `--days` and `--end-date` command line options * Accept `--days` and `--end-date` command line options
* CA key length is configurable (minimum 4096) * CA key length is configurable (minimum 4096)
* Add `--non-interactive` command line option * Add `--non-interactive` command line option
* Add `--revoke-existing` command line option
### Changed ### Changed

66
shellpki
View file

@ -246,21 +246,48 @@ ask_ca_password() {
ask_user_password() { ask_user_password() {
trap 'unset PASSWORD' 0 trap 'unset PASSWORD' 0
stty -echo if [ -z "${PASSWORD:-}" ]; then
printf "Password for user key: " if [ "${non_interactive}" -eq 1 ]; then
read -r PASSWORD error "In non-interactive mode, you must pass PASSWORD as environment variable or use --password-file"
stty echo fi
printf "\n" stty -echo
printf "Password for user key: "
if [ -z "${PASSWORD}" ]; then read -r PASSWORD
stty echo
printf "\n"
fi
if [ -z "${PASSWORD:-}" ]; then
warning "Warning: empty password from input" warning "Warning: empty password from input"
fi fi
} }
revoke_existing_or_abort() {
cn=${1:?}
if [ "${non_interactive}" -eq 1 ]; then
if [ "${revoke_existing}" -eq 1 ]; then
resp="y"
else
error "${cn} already exists, use \`--revoke-existing' to force"
fi
else
if [ "${revoke_existing}" -eq 1 ]; then
resp="y"
else
printf "%s already exists, do you want to revoke and recreate it ? [y/N] " "${cn}"
read -r REPLY
resp=$(echo "${REPLY}" | tr 'Y' 'y')
fi
fi
if [ "${resp}" = "y" ]; then
revoke "${cn}"
else
error "Aborted"
fi
}
create() { create() {
from_csr=0 from_csr=0
ask_pass=0 ask_pass=0
non_interactive=0 non_interactive=0
revoke_existing=0
days="" days=""
end_date="" end_date=""
@ -356,6 +383,9 @@ create() {
--non-interactive) --non-interactive)
non_interactive=1 non_interactive=1
;; ;;
--revoke-existing)
revoke_existing=1
;;
--) --)
# End of all options. # End of all options.
shift shift
@ -434,15 +464,8 @@ create() {
cn=$("${OPENSSL_BIN}" req -noout -subject -in "${csr_file}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs) cn=$("${OPENSSL_BIN}" req -noout -subject -in "${csr_file}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs)
# check if CN already exist # check if CN already exist
if [ -f "${CRT_DIR}/${cn}.crt" ]; then if [ -f "${crt_file}" ]; then
printf "%s already exists, do you revoke and recreate it ? [y/N] " "${cn}" revoke_existing_or_abort "${cn}"
read -r REPLY
resp=$(echo "${REPLY}" | tr 'Y' 'y')
if [ "${resp}" = "y" ]; then
revoke "${cn}"
else
error "Abort"
fi
fi fi
# ca sign and generate cert # ca sign and generate cert
@ -477,14 +500,7 @@ create() {
# check if CN already exist # check if CN already exist
if [ -f "${crt_file}" ]; then if [ -f "${crt_file}" ]; then
printf "%s already exists, do you revoke and recreate it ? [y/N] " "${cn}" revoke_existing_or_abort "${cn}"
read -r REPLY
resp=$(echo "${REPLY}" | tr 'Y' 'y')
if [ "${resp}" = "y" ]; then
revoke "${cn}"
else
error "Abort"
fi
fi fi
# ask for CA passphrase # ask for CA passphrase