diff options
| author | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2015-11-17 01:43:35 +0100 |
|---|---|---|
| committer | Alexander Sulfrian <alex@spline.inf.fu-berlin.de> | 2015-11-17 01:43:35 +0100 |
| commit | b125d69848aaac1265b70b59aea3a4bcd37de54c (patch) | |
| tree | 27b02383061e9cea91447211f8ff165ccfb3ead0 | |
| parent | 58d8d656e3e805888de2932ff58c71ba76e8027b (diff) | |
| download | bcfg2-tools-b125d69848aaac1265b70b59aea3a4bcd37de54c.tar.gz bcfg2-tools-b125d69848aaac1265b70b59aea3a4bcd37de54c.tar.bz2 bcfg2-tools-b125d69848aaac1265b70b59aea3a4bcd37de54c.zip | |
show-req: Add utility to show pending siging requests
Also adds "pubkey" to generate the pubkey of a private key for
a certificate request at the DFN.
| -rwxr-xr-x | pubkey | 27 | ||||
| -rwxr-xr-x | show-req | 126 |
2 files changed, 153 insertions, 0 deletions
@@ -0,0 +1,27 @@ +#!/bin/bash + +KEY=$1 +PASS=$2 + +declare -a ARGS +if [[ -n "$KEY" ]]; then + if [[ ! -r "$KEY" ]]; then + echo "Usage: $0 [KEY [PASSFILE]]" >&2 + exit 1 + fi + + ARGS+=("-in" "$KEY") +fi + +if [[ -n "$PASS" ]]; then + if [[ ! -r "$PASS" ]]; then + echo "Usage: $0 [KEY [PASSFILE]]" >&2 + exit 1 + fi + + ARGS+=("-passin" "file:$PASS") +fi + +openssl rsa "${ARGS[@]}" -pubout 2>/dev/null | \ + openssl rsa -pubin -noout -text | \ + sed -e '/Modulus:$/d;s/Public-Key: (\(.*\))/Modulus (\1):/' diff --git a/show-req b/show-req new file mode 100755 index 0000000..dd0a4bc --- /dev/null +++ b/show-req @@ -0,0 +1,126 @@ +#!/bin/bash + +. $(dirname $0)/settings.sh + +print_help() { + cat <<EOH +Usage: $0 [-i] [-t] [-c] [-h] [REQEUST...] + + -i Print the id of the request, too. + -c + -h Show this message. + + REQUEST Only display the specified request. You could specify + a request id, a FQDN or a hostname. If you only supply + a hostname, ".spline.inf.fu-berlin.de" is added + automatically. + +EOH +} + +select_string() { + local cond=$1; shift + [[ "$cond" -ne 0 ]] && echo -n "$1" || echo -n "$2" +} + +ID=0 +CRON=0 +while getopts :itch FLAG; do + case "$FLAG" in + i) + ID=1 + ;; + c) + CRON=1 + ;; + h) + print_help + exit + ;; + *) + echo "Unknown option: -$OPTARG" + print_help + exit 1 + ;; + esac +done +shift $((OPTIND-1)) + +declare -a OUTPUT +while read serial; do + dir="$(dirname "$serial")" + host="$(basename "$dir")" + basename="$(basename "$serial" .serial)" + id="$(cat "$serial")" + + [[ -f "$REPO/SSL/$host/$basename.crt" ]] && continue + [[ -f "/var/cache/spline-ssl/$basename.crt" ]] && continue + + for REQUEST in "$@"; do + [[ -n "$REQUEST" ]] || continue + + if [[ -n "${REQUEST%%*[!0-9]*}" ]]; then + [[ "$REQUEST" == "$id" ]] || continue 2 + else + if [[ "$REQUEST" == "${REQUEST%.de}" ]]; then + REQUEST="$REQUEST.spline.inf.fu-berlin.de" + fi + + [[ "$REQUEST" == "$host" ]] || continue 2 + fi + done + + if [[ ${#OUTPUT[@]} -eq 0 ]]; then + OUTPUT+=("$(select_string "$ID" "Antrag Host Fingerprint" "Host Fingerprint")") + fi + + OUTPUT+=("$( + select_string "$ID" "$id $host " "$host " + + pubkey "$dir/$basename.key" "$dir/$basename.passphrase" | \ + sha1sum - | \ + perl -ne 's/([a-f0-9]{2})(?! *-$)/\1:/g;s/ *-$//; print uc' + )") +done < <(find "$REPO/SSL/private/" -name '*.serial') + +[[ ${#OUTPUT[@]} -gt 0 ]] || exit 0 + +TABLE="$( + printf "%s\n%s\n" "${OUTPUT[@]:0:1}" "$(printf "%s\n" "${OUTPUT[@]:1}" | sort)" | + column -t | + awk '{ + gsub(/ [^ ]/, "|&", $0) + a[NR]=$0 + + if (length>x) x=length + } + END { + if (x==0) exit 0 + fstr="| %-"x"s |" + + header=sprintf(fstr, a[1]); print header + gsub(/[^|\n]/, "-", header); print header + for(i=2;i<=NR;i++) printf(fstr"\n", a[i]) + }' +)" + + +if [[ "$CRON" -eq 0 ]]; then + echo "$TABLE" +else + echo "To: ra@spline.de +Subject: Neue Zertifikatsanträge gefunden + +Hallo, + +es wurden neue Zertifikatsanträge gefunden: + +$TABLE + +Diese Nachricht wird täglich verschickt bis die Zertifikate ausgestellt +wurden. Sobald die Zertifikate verfügbar sind, werden sie innerhalb +der nächsten Stunde automatisch auf den Servern installiert. + +Gruß, +bcfg2" | sendmail -t +fi |