1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
#!/bin/bash
. $(dirname $0)/settings.sh
print_help() {
cat <<EOH
Usage: $0 [-i] [-t] [-c] [-h] [REQEUST...]
-i Print the id of the request, too.
-c
-h Show this message.
REQUEST Only display the specified request. You could specify
a request id, a FQDN or a hostname. If you only supply
a hostname, ".spline.inf.fu-berlin.de" is added
automatically.
EOH
}
select_string() {
local cond=$1; shift
[[ "$cond" -ne 0 ]] && echo -n "$1" || echo -n "$2"
}
ID=0
CRON=0
while getopts :itch FLAG; do
case "$FLAG" in
i)
ID=1
;;
c)
CRON=1
;;
h)
print_help
exit
;;
*)
echo "Unknown option: -$OPTARG"
print_help
exit 1
;;
esac
done
shift $((OPTIND-1))
declare -a OUTPUT
while read serial; do
dir="$(dirname "$serial")"
host="$(basename "$dir")"
basename="$(basename "$serial" .serial)"
id="$(cat "$serial")"
[[ -f "$REPO/SSL/$host/$basename.crt" ]] && continue
[[ -f "/var/cache/spline-ssl/$basename.crt" ]] && continue
for REQUEST in "$@"; do
[[ -n "$REQUEST" ]] || continue
if [[ -n "${REQUEST%%*[!0-9]*}" ]]; then
[[ "$REQUEST" == "$id" ]] || continue 2
else
if [[ "$REQUEST" == "${REQUEST%.de}" ]]; then
REQUEST="$REQUEST.spline.inf.fu-berlin.de"
fi
[[ "$REQUEST" == "$host" ]] || continue 2
fi
done
if [[ ${#OUTPUT[@]} -eq 0 ]]; then
OUTPUT+=("$(select_string "$ID" "Antrag Host Fingerprint" "Host Fingerprint")")
fi
OUTPUT+=("$(
select_string "$ID" "$id $host " "$host "
pubkey "$dir/$basename.key" "$dir/$basename.passphrase" | \
sha1sum - | \
perl -ne 's/([a-f0-9]{2})(?! *-$)/\1:/g;s/ *-$//; print uc'
)")
done < <(find "$REPO/SSL/private/" -name '*.serial')
[[ ${#OUTPUT[@]} -gt 0 ]] || exit 0
TABLE="$(
printf "%s\n%s\n" "${OUTPUT[@]:0:1}" "$(printf "%s\n" "${OUTPUT[@]:1}" | sort)" |
column -t |
awk '{
gsub(/ [^ ]/, "|&", $0)
a[NR]=$0
if (length>x) x=length
}
END {
if (x==0) exit 0
fstr="| %-"x"s |"
header=sprintf(fstr, a[1]); print header
gsub(/[^|\n]/, "-", header); print header
for(i=2;i<=NR;i++) printf(fstr"\n", a[i])
}'
)"
if [[ "$CRON" -eq 0 ]]; then
echo "$TABLE"
else
/usr/sbin/sendmail -t <<EOM
To: ra@spline.de
Subject: Neue Zertifikatsantraege gefunden
Content-Type: text/plain; charset="utf-8"
Hallo,
es wurden neue Zertifikatsanträge gefunden:
$TABLE
Diese Nachricht wird täglich verschickt bis die Zertifikate ausgestellt
wurden. Sobald die Zertifikate verfügbar sind, werden sie innerhalb
der nächsten Stunde automatisch auf den Servern installiert.
Gruß,
bcfg2
EOM
fi
|