scripts/certs/cert-import


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91

#!/bin/bash

# extension on top of cert-check to conveniently install certificate
#
# jpokorny@redhat.com
#
# TODO:
# - fix exit code, remove unneeded subshells? ( '()' -> '{}' )
# - output also some identification/at least original cert-import command

source cert-check

MUTT_CERTIFICATES=~/.mutt_certificates

cert_import_homebundle() {
	[ "$1" != "1" ] && return
	echo "Adding to homebundle" >&2
	mkdir -p "$(dirname ${HOMEBUNDLE})"
	cp ${HOMEBUNDLE}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${HOMEBUNDLE}
}

cert_import_mutt() {
	[ "$1" != "1" ] && return
	echo "Adding to mutt" >&2
	mkdir -p "$(dirname ${MUTT_CERTIFICATES})"
	cp ${MUTT_CERTIFICATES}{,.$(date '+%y%m%d%H%M%s')}
	cat >>${MUTT_CERTIFICATES}
}

cert_import_firefox() {
	# XXX: stdin is consumed in the first profile found
	# XXX: explore certificate to get a proper name (-n) for it
	[ "$1" != "1" ] && return
	echo "Adding to firefox" >&2
	for d in $(find ~/.mozilla/firefox/ -maxdepth 1 -mindepth 1 -type d); do
		grep -qs $(basename $d) ~/.mozilla/firefox/profiles.ini \
		  && certutil -A -n "cert-import:$(date +'%y%m%d%H%M%S')" -t C,p,p -d $d \
		  && break
	done < <(cat)
}

# CRL can only be appended to homebundle
cert_import() {
	local homebundle=0 firefox=0 mutt=0 crl=1 spec=0
	while true; do
		case $1 in
		homebundle) homebundle=1;;
		firefox)    firefox=1;;
		mutt)       mutt=1;;
		all)        homebundle=1; firefox=1; mutt=1;;
		--|*)       break;;
		esac
		spec=1
		shift
	done
	[ $spec -eq 0 ] \
	  && echo "run me without arguments to get usage help" && return
	(
	    #| tee >(openssl x509 \
	    #| tee >(openssl crl \
	  cert_pick_check "$@" \
	      | tee >(cert_import_homebundle $homebundle) \
	      | tee >(cert_import_firefox $firefox) \
	      | tee >(cert_import_mutt $mutt) \
	      | tee >(cert_import_homebundle $homebundle)
	) |& colorize 1
}

# see cert-check
#setup() {
#	set -u
#	RESTOREUMASK=$(umask -p)
#	umask 077
#}
#
#teardown() {
#	${RESTOREUMASK}
#	unset RESTOREUMASK
#	unset vercmd
#	return $1
#}


[[ "${BASH_SOURCE[0]}" != "${0}" ]] || \
  { [ $# -lt 1 ] \
    && echo "usage: $0" \
            "(homebundle|mutt|firefox|all)*" \
	    "[-nocrl] file-or-server [port=443]" \
    || { setup; cert_import "$@"; teardown $?; };
  }