Differential D28057 Diff 81942 usr.sbin/certctl/certctl.sh

Changeset View

Standalone View

usr.sbin/certctl/certctl.sh

Show All 30 Lines

: ${DESTDIR:=}		: ${DESTDIR:=}
: ${FILEPAT:="\.pem$\|\.crt$\|\.cer$\|\.crl$"}		: ${FILEPAT:="\.pem$\|\.crt$\|\.cer$\|\.crl$"}
: ${VERBOSE:=0}		: ${VERBOSE:=0}

############################################################ GLOBALS		############################################################ GLOBALS

SCRIPTNAME="${0##*/}"		SCRIPTNAME="${0##*/}"
		CHANGES=0
ERRORS=0		ERRORS=0
NOOP=0		NOOP=0
UNPRIV=0		UNPRIV=0
BLACKLIST_HASHPATH=		BLACKLIST_HASHPATH=

############################################################ FUNCTIONS		############################################################ FUNCTIONS

do_hash()		do_hash()
▲ Show 20 Lines • Show All 100 Lines • ▼ Show 20 Lines	add_blacklisted()
if [ -z "${srcfile}" -o -z "${filename}" ]; then		if [ -z "${srcfile}" -o -z "${filename}" ]; then
return		return
fi		fi

[ $VERBOSE -gt 0 ] && echo "Installing $filename to $BLACKLISTDESTDIR"		[ $VERBOSE -gt 0 ] && echo "Installing $filename to $BLACKLISTDESTDIR"

# Install the entirety of the file as-is here, so that we don't risk a		# Install the entirety of the file as-is here, so that we don't risk a
# broken symlink removing the entry.		# broken symlink removing the entry.
[ $NOOP -eq 0 ] && install ${INSTALLFLAGS} "${srcfile}" "${BLACKLISTDESTDIR}"		if [ $NOOP -eq 0 ]; then
		install ${INSTALLFLAGS} "${srcfile}" "${BLACKLISTDESTDIR}"
		CHANGES=$(( ${CHANGES} + 1 ))
		fi
}		}

remove_blacklisted()		remove_blacklisted()
{		{
local BFILE blistfile blisthash blistpath certhash		local BFILE blistfile blisthash blistpath certhash
local oldIFS		local oldIFS

BFILE="$1"		BFILE="$1"
Show All 12 Lines	remove_blacklisted()
for blistpath in "$@"; do		for blistpath in "$@"; do
if [ ! -d "${blistpath}" ]; then		if [ ! -d "${blistpath}" ]; then
continue		continue
fi		fi
for blistfile in $(ls -1 "${blistpath}" \| grep -Ee "${FILEPAT}"); do		for blistfile in $(ls -1 "${blistpath}" \| grep -Ee "${FILEPAT}"); do
blisthash=$( openssl x509 -sha256 -in "${blistpath}/${blistfile}" -noout -fingerprint )		blisthash=$( openssl x509 -sha256 -in "${blistpath}/${blistfile}" -noout -fingerprint )
if [ "${certhash}" = "${blisthash}" ]; then		if [ "${certhash}" = "${blisthash}" ]; then
echo "Removing ${blistpath}/${blistfile}"		echo "Removing ${blistpath}/${blistfile}"
[ $NOOP -eq 0 ] && rm -f "${blistpath}/${blistfile}"		if [ $NOOP -eq 0 ]; then
		rm -f "${blistpath}/${blistfile}"
		CHANGES=$(( ${CHANGES} + 1 ))
fi		fi
		fi
done		done
done		done
}		}

do_scan()		do_scan()
{		{
local CFUNC CSEARCH CPATH CFILE		local CFUNC CSEARCH CPATH CFILE
local oldIFS="$IFS"		local oldIFS="$IFS"
▲ Show 20 Lines • Show All 71 Lines • ▼ Show 20 Lines	cmd_blacklist()
local BPATH		local BPATH

shift # verb		shift # verb
[ $NOOP -eq 0 ] && mkdir -p "$BLACKLISTDESTDIR"		[ $NOOP -eq 0 ] && mkdir -p "$BLACKLISTDESTDIR"
for BFILE in "$@"; do		for BFILE in "$@"; do
echo "Adding $BFILE to blacklist"		echo "Adding $BFILE to blacklist"
add_blacklisted "$BFILE"		add_blacklisted "$BFILE"
done		done

		# Trigger a rehash if we successfully blacklisted any cert.
		if [ "${CHANGES}" -gt 0 ]; then
		echo "Triggering rehash after changes..."
		cmd_rehash
		fi
}		}

cmd_unblacklist()		cmd_unblacklist()
{		{
local BFILE		local BFILE

shift # verb		shift # verb
for BFILE in "$@"; do		for BFILE in "$@"; do
remove_blacklisted "$BFILE"		remove_blacklisted "$BFILE"
done		done

		# Trigger a rehash if we successfully blacklisted any cert.
		if [ "${CHANGES}" -gt 0 ]; then
		echo "Triggering rehash after changes..."
		cmd_rehash
		fi
}		}

blacklist_formatter()		blacklist_formatter()
{		{
local cfile subject		local cfile subject

cfile=$(realpath "$1")		cfile=$(realpath "$1")
subject="$2"		subject="$2"
▲ Show 20 Lines • Show All 67 Lines • Show Last 20 Lines