Commit | Line | Data |
---|---|---|
b294f6b5 MW |
1 | ### -*-sh-*- |
2 | ||
3 | runas_ca () { | |
4 | ## runas_ca | |
5 | ## | |
6 | ## Make sure we're running as the CA user. I don't trust ASN.1 parsers | |
7 | ## to run as root against untrusted input -- especially OpenSSL's one. | |
8 | ||
9 | case $(id -un) in | |
10 | ca) ;; | |
11 | *) exec sudo -u ca "$0" "$@" ;; | |
12 | esac | |
13 | } | |
14 | ||
15 | linkserial () { | |
16 | ## linkserial CERT [SERIAL] | |
17 | ## | |
18 | ## Make a link for the certificate according to its serial number. | |
19 | ||
20 | cert=$1 suffix=$2 | |
21 | serial=$(openssl x509 -serial -noout -in "$cert") | |
22 | serial=${serial##*=} | |
23 | t=index/byserial$suffix/$serial.pem | |
24 | if [ -L "$t" ]; then | |
25 | other=$(readlink "$t") | |
26 | echo "Duplicate serial numbers: ${other##*/}, ${cert##*/}" | |
27 | badness=1 | |
28 | return | |
29 | fi | |
30 | lns "$cert" "$t" | |
31 | } | |
32 | ||
33 | linkhash () { | |
34 | ## linkhash CERT [SUFFIX] | |
35 | ## | |
36 | ## Make links for the certificate according to its hash. | |
37 | ||
38 | cert=$1 suffix=$2 | |
39 | fpr=$(openssl x509 -fingerprint -noout -in "$cert") | |
40 | for opt in subject_hash subject_hash_old; do | |
41 | n=0 | |
42 | hash=$(openssl x509 -$opt -noout -in "$cert") | |
43 | while t=index/byhash$suffix/$hash.$n; [ -L "$t" ]; do | |
44 | ofpr=$(openssl x509 -fingerprint -noout -in "$t") | |
45 | other=$(readlink "$t") | |
46 | case "${cert##*/}" in "${other##*/}") continue ;; esac | |
47 | case "$ofpr" in | |
48 | "$fpr") | |
49 | echo "Duplicate certificates: ${other##*/}, ${cert##*/}" | |
50 | badness=1 | |
51 | return | |
52 | ;; | |
53 | esac | |
54 | n=$(expr $n + 1) | |
55 | done | |
56 | lns "$cert" "$t" | |
57 | done | |
58 | } |