1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#!/bin/bash
. $(dirname $0)/settings.sh
print_help() {
cat <<EOH
Usage: $0 [-i] [-t] [-c] [-h] [REQEUST...]
-i Print the id of the request, too.
-c
-h Show this message.
REQUEST Only display the specified request. You could specify
a request id, a FQDN or a hostname. If you only supply
a hostname, ".spline.inf.fu-berlin.de" is added
automatically.
EOH
}
select_string() {
local cond=$1; shift
[[ "$cond" -ne 0 ]] && echo -n "$1" || echo -n "$2"
}
ID=0
CRON=0
while getopts :itch FLAG; do
case "$FLAG" in
i)
ID=1
;;
c)
CRON=1
;;
h)
print_help
exit
;;
*)
echo "Unknown option: -$OPTARG"
print_help
exit 1
;;
esac
done
shift $((OPTIND-1))
declare -a OUTPUT
while read serial; do
dir="$(dirname "$serial")"
host="$(basename "$dir")"
basename="$(basename "$serial" .serial)"
id="$(cat "$serial")"
[[ -f "$REPO/SSL/$host/$basename.crt" ]] && continue
[[ -f "/var/cache/spline-ssl/$basename.crt" ]] && continue
for REQUEST in "$@"; do
[[ -n "$REQUEST" ]] || continue
if [[ -n "${REQUEST%%*[!0-9]*}" ]]; then
[[ "$REQUEST" == "$id" ]] || continue 2
else
if [[ "$REQUEST" == "${REQUEST%.de}" ]]; then
REQUEST="$REQUEST.spline.inf.fu-berlin.de"
fi
[[ "$REQUEST" == "$host" ]] || continue 2
fi
done
if [[ ${#OUTPUT[@]} -eq 0 ]]; then
OUTPUT+=("$(select_string "$ID" "Antrag Host Fingerprint" "Host Fingerprint")")
fi
OUTPUT+=("$(
select_string "$ID" "$id $host " "$host "
pubkey "$dir/$basename.key" "$dir/$basename.passphrase" | \
sha1sum - | \
perl -ne 's/([a-f0-9]{2})(?! *-$)/\1:/g;s/ *-$//; print uc'
)")
done < <(find "$REPO/SSL/private/" -name '*.serial')
[[ ${#OUTPUT[@]} -gt 0 ]] || exit 0
TABLE="$(
printf "%s\n%s\n" "${OUTPUT[@]:0:1}" "$(printf "%s\n" "${OUTPUT[@]:1}" | sort)" |
column -t |
awk '{
gsub(/ [^ ]/, "|&", $0)
a[NR]=$0
if (length>x) x=length
}
END {
if (x==0) exit 0
fstr="| %-"x"s |"
header=sprintf(fstr, a[1]); print header
gsub(/[^|\n]/, "-", header); print header
for(i=2;i<=NR;i++) printf(fstr"\n", a[i])
}'
)"
if [[ "$CRON" -eq 0 ]]; then
echo "$TABLE"
else
echo "To: ra@spline.de
Subject: Neue Zertifikatsanträge gefunden
Hallo,
es wurden neue Zertifikatsanträge gefunden:
$TABLE
Diese Nachricht wird täglich verschickt bis die Zertifikate ausgestellt
wurden. Sobald die Zertifikate verfügbar sind, werden sie innerhalb
der nächsten Stunde automatisch auf den Servern installiert.
Gruß,
bcfg2" | sendmail -t
fi
|