Changeset View
Changeset View
Standalone View
Standalone View
usr.sbin/certctl/certctl.sh
Show All 30 Lines | |||||
: ${DESTDIR:=} | : ${DESTDIR:=} | ||||
: ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} | : ${FILEPAT:="\.pem$|\.crt$|\.cer$|\.crl$"} | ||||
: ${VERBOSE:=0} | : ${VERBOSE:=0} | ||||
############################################################ GLOBALS | ############################################################ GLOBALS | ||||
SCRIPTNAME="${0##*/}" | SCRIPTNAME="${0##*/}" | ||||
CHANGES=0 | |||||
ERRORS=0 | ERRORS=0 | ||||
NOOP=0 | NOOP=0 | ||||
UNPRIV=0 | UNPRIV=0 | ||||
BLACKLIST_HASHPATH= | BLACKLIST_HASHPATH= | ||||
############################################################ FUNCTIONS | ############################################################ FUNCTIONS | ||||
do_hash() | do_hash() | ||||
▲ Show 20 Lines • Show All 100 Lines • ▼ Show 20 Lines | add_blacklisted() | ||||
if [ -z "${srcfile}" -o -z "${filename}" ]; then | if [ -z "${srcfile}" -o -z "${filename}" ]; then | ||||
return | return | ||||
fi | fi | ||||
[ $VERBOSE -gt 0 ] && echo "Installing $filename to $BLACKLISTDESTDIR" | [ $VERBOSE -gt 0 ] && echo "Installing $filename to $BLACKLISTDESTDIR" | ||||
# Install the entirety of the file as-is here, so that we don't risk a | # Install the entirety of the file as-is here, so that we don't risk a | ||||
# broken symlink removing the entry. | # broken symlink removing the entry. | ||||
[ $NOOP -eq 0 ] && install ${INSTALLFLAGS} "${srcfile}" "${BLACKLISTDESTDIR}" | if [ $NOOP -eq 0 ]; then | ||||
install ${INSTALLFLAGS} "${srcfile}" "${BLACKLISTDESTDIR}" | |||||
CHANGES=$(( ${CHANGES} + 1 )) | |||||
fi | |||||
} | } | ||||
remove_blacklisted() | remove_blacklisted() | ||||
{ | { | ||||
local BFILE blistfile blisthash blistpath certhash | local BFILE blistfile blisthash blistpath certhash | ||||
local oldIFS | local oldIFS | ||||
BFILE="$1" | BFILE="$1" | ||||
Show All 12 Lines | remove_blacklisted() | ||||
for blistpath in "$@"; do | for blistpath in "$@"; do | ||||
if [ ! -d "${blistpath}" ]; then | if [ ! -d "${blistpath}" ]; then | ||||
continue | continue | ||||
fi | fi | ||||
for blistfile in $(ls -1 "${blistpath}" | grep -Ee "${FILEPAT}"); do | for blistfile in $(ls -1 "${blistpath}" | grep -Ee "${FILEPAT}"); do | ||||
blisthash=$( openssl x509 -sha256 -in "${blistpath}/${blistfile}" -noout -fingerprint ) | blisthash=$( openssl x509 -sha256 -in "${blistpath}/${blistfile}" -noout -fingerprint ) | ||||
if [ "${certhash}" = "${blisthash}" ]; then | if [ "${certhash}" = "${blisthash}" ]; then | ||||
echo "Removing ${blistpath}/${blistfile}" | echo "Removing ${blistpath}/${blistfile}" | ||||
[ $NOOP -eq 0 ] && rm -f "${blistpath}/${blistfile}" | if [ $NOOP -eq 0 ]; then | ||||
rm -f "${blistpath}/${blistfile}" | |||||
CHANGES=$(( ${CHANGES} + 1 )) | |||||
fi | fi | ||||
fi | |||||
done | done | ||||
done | done | ||||
} | } | ||||
do_scan() | do_scan() | ||||
{ | { | ||||
local CFUNC CSEARCH CPATH CFILE | local CFUNC CSEARCH CPATH CFILE | ||||
local oldIFS="$IFS" | local oldIFS="$IFS" | ||||
▲ Show 20 Lines • Show All 71 Lines • ▼ Show 20 Lines | cmd_blacklist() | ||||
local BPATH | local BPATH | ||||
shift # verb | shift # verb | ||||
[ $NOOP -eq 0 ] && mkdir -p "$BLACKLISTDESTDIR" | [ $NOOP -eq 0 ] && mkdir -p "$BLACKLISTDESTDIR" | ||||
for BFILE in "$@"; do | for BFILE in "$@"; do | ||||
echo "Adding $BFILE to blacklist" | echo "Adding $BFILE to blacklist" | ||||
add_blacklisted "$BFILE" | add_blacklisted "$BFILE" | ||||
done | done | ||||
# Trigger a rehash if we successfully blacklisted any cert. | |||||
if [ "${CHANGES}" -gt 0 ]; then | |||||
echo "Triggering rehash after changes..." | |||||
cmd_rehash | |||||
fi | |||||
} | } | ||||
cmd_unblacklist() | cmd_unblacklist() | ||||
{ | { | ||||
local BFILE | local BFILE | ||||
shift # verb | shift # verb | ||||
for BFILE in "$@"; do | for BFILE in "$@"; do | ||||
remove_blacklisted "$BFILE" | remove_blacklisted "$BFILE" | ||||
done | done | ||||
# Trigger a rehash if we successfully blacklisted any cert. | |||||
if [ "${CHANGES}" -gt 0 ]; then | |||||
echo "Triggering rehash after changes..." | |||||
cmd_rehash | |||||
fi | |||||
} | } | ||||
blacklist_formatter() | blacklist_formatter() | ||||
{ | { | ||||
local cfile subject | local cfile subject | ||||
cfile=$(realpath "$1") | cfile=$(realpath "$1") | ||||
subject="$2" | subject="$2" | ||||
▲ Show 20 Lines • Show All 67 Lines • Show Last 20 Lines |