blob: 6540fbbaae972ad02e8f6ef794d164b1d1f9b2c2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
|
#!/bin/bash
# extension on top of cert-check to conveniently install certificate
#
# jpokorny@redhat.com
#
# TODO:
# - fix exit code, remove unneeded subshells? ( '()' -> '{}' )
# - output also some identification/at least original cert-import command
source cert-check
cert_import_homebundle() {
[ "$1" != "1" ] && return
echo "Adding to default home bundle" >&2
mkdir -p "$(dirname ${HOMEBUNDLE})"
cp ${HOMEBUNDLE}{,.$(date '+%y%m%d%H%M%s')}
cat >>${HOMEBUNDLE}
}
cert_import_mutt() {
[ "$1" != "1" ] && return
echo "Adding to mutt bundle" >&2
mkdir -p "$(dirname "${CA_BUNDLE_MUTT}")"
cp ${CA_BUNDLE_MUTT}{,.$(date '+%y%m%d%H%M%s')}
cat >>${CA_BUNDLE_MUTT}
}
cert_import_offlineimap() {
[ "$1" != "1" ] && return
echo "Adding to offlineimap bundle" >&2
mkdir -p "$(dirname "${CA_BUNDLE_OFFLINEIMAP}")"
cp ${CA_BUNDLE_OFFLINEIMAP}{,.$(date '+%y%m%d%H%M%s')}
cat >>${CA_BUNDLE_OFFLINEIMAP}
}
cert_import_firefox() {
# XXX: stdin is consumed in the first profile found
# XXX: explore certificate to get a proper name (-n) for it
[ "$1" != "1" ] && return
echo "Adding to firefox bundle" >&2
for d in $(find ~/.mozilla/firefox/ -maxdepth 1 -mindepth 1 -type d); do
grep -qs $(basename $d) ~/.mozilla/firefox/profiles.ini \
&& certutil -A -n "cert-import:$(date +'%y%m%d%H%M%S')" -t C,p,p -d $d \
&& break
done < <(cat)
}
cert_import_npm() {
# XXX: use "npm config edit" instead until ca_file or something occurs:
# https://github.com/isaacs/npm/issues/4030
[ "$1" != "1" ] && return
echo "Adding to npm bundle" >&2
mkdir -p "$(dirname "${CA_BUNDLE_NPM}")"
cp ${CA_BUNDLE_NPM}{,.$(date '+%y%m%d%H%M%s')}
cat >>${CA_BUNDLE_NPM}
}
# CRL can only be appended to homebundle
cert_import() {
local homebundle=0 firefox=0 mutt=0 npm=0 offlineimap=0 crl=1 spec=0
while true; do
case $1 in
homebundle) homebundle=1;;
firefox) firefox=1;;
mutt) mutt=1;;
npm) npm=1;;
offlineimap) offlineimap=1;;
all) homebundle=1; firefox=1; mutt=1;;
--|*) break;;
esac
spec=1
shift
done
[ $spec -eq 0 ] \
&& echo "run me without arguments to get usage help" && return
(
#| tee >(openssl x509 \
#| tee >(openssl crl \
cert_pick_check "$@" \
| tee >(cert_import_homebundle $homebundle) \
| tee >(cert_import_firefox $firefox) \
| tee >(cert_import_mutt $mutt) \
| tee >(cert_import_npm $npm) \
| tee >(cert_import_offlineimap $offlineimap) \
| tee >(cert_import_homebundle $homebundle)
) |& colorize 1
}
# see cert-check
#setup() {
# set -u
# RESTOREUMASK=$(umask -p)
# umask 077
#}
#
#teardown() {
# ${RESTOREUMASK}
# unset RESTOREUMASK
# unset vercmd
# return $1
#}
[[ "${BASH_SOURCE[0]}" != "${0}" ]] || \
{ [ $# -lt 1 ] \
&& echo "usage: $0" \
"(homebundle|mutt|firefox|all)*" \
"[-nocrl] file-or-server [port=443]" \
|| { setup; cert_import "$@"; teardown $?; };
}
|
