Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
C
caucase
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Labels
Merge Requests
2
Merge Requests
2
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Analytics
Analytics
CI / CD
Repository
Value Stream
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Jobs
Commits
Open sidebar
nexedi
caucase
Commits
34113c92
Commit
34113c92
authored
Jun 25, 2020
by
Vincent Pelletier
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
shell/caucase.sh: Make function "Usage:" consistent.
Avoid repeating function name in these.
parent
74540bdc
Pipeline
#10114
passed with stage
in 0 seconds
Changes
1
Pipelines
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
16 additions
and
16 deletions
+16
-16
shell/caucase.sh
shell/caucase.sh
+16
-16
No files found.
shell/caucase.sh
View file @
34113c92
...
@@ -22,7 +22,7 @@ set -u
...
@@ -22,7 +22,7 @@ set -u
str2json
()
{
str2json
()
{
# Convert some text into a json string.
# Convert some text into a json string.
# Usage:
str2json
< str
# Usage: < str
# Note: using $() to strip the trailing newline added by jq.
# Note: using $() to strip the trailing newline added by jq.
printf
'%s'
"
$(
jq
--raw-input
--slurp
.
)
"
printf
'%s'
"
$(
jq
--raw-input
--slurp
.
)
"
...
@@ -30,7 +30,7 @@ str2json () {
...
@@ -30,7 +30,7 @@ str2json () {
pairs2obj
()
{
pairs2obj
()
{
# Convert pairs of arguments into keys & values of a json objet.
# Convert pairs of arguments into keys & values of a json objet.
# Usage:
pairs2obj
<key0> <value0> [...]
# Usage: <key0> <value0> [...]
# Outputs: {"key0":value0}
# Outputs: {"key0":value0}
# No sanity checks on keys nor values.
# No sanity checks on keys nor values.
# Keys are expected unquoted, as they must be strings anyway.
# Keys are expected unquoted, as they must be strings anyway.
...
@@ -65,7 +65,7 @@ forEachJSONListItem () {
...
@@ -65,7 +65,7 @@ forEachJSONListItem () {
wrap
()
{
wrap
()
{
# Wrap payload in a format suitable for caucase and sign it
# Wrap payload in a format suitable for caucase and sign it
# Usage:
wrap
<key file> <digest> < payload > wrapped
# Usage: <key file> <digest> < payload > wrapped
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
digest
=
"
$2
"
payload
local
digest
=
"
$2
"
payload
payload
=
"
$(
cat
)
"
payload
=
"
$(
cat
)
"
...
@@ -90,12 +90,12 @@ wrap () {
...
@@ -90,12 +90,12 @@ wrap () {
nullWrap
()
{
nullWrap
()
{
# Wrap payload in a format suitable for caucase without signing it
# Wrap payload in a format suitable for caucase without signing it
# Usage:
nullWrap
< payload > wrapped
# Usage: < payload > wrapped
pairs2obj digest null payload
"
$(
str2json
)
"
pairs2obj digest null payload
"
$(
str2json
)
"
}
}
unwrap
()
{
unwrap
()
{
# Usage:
unwrap
<command> [...] < wrapped > payload
# Usage: <command> [...] < wrapped > payload
# <command> must output the x509 certificate to use to verify the signature.
# <command> must output the x509 certificate to use to verify the signature.
# It receives the payload being unwrapped.
# It receives the payload being unwrapped.
# shellcheck disable=SC2039
# shellcheck disable=SC2039
...
@@ -144,7 +144,7 @@ unwrap () {
...
@@ -144,7 +144,7 @@ unwrap () {
}
}
nullUnwrap
()
{
nullUnwrap
()
{
# Usage:
nullUnwrap
< wrapped > payload
# Usage: < wrapped > payload
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
wrapped
local
wrapped
wrapped
=
"
$(
cat
)
"
wrapped
=
"
$(
cat
)
"
...
@@ -156,7 +156,7 @@ nullUnwrap () {
...
@@ -156,7 +156,7 @@ nullUnwrap () {
writeCertKey
()
{
writeCertKey
()
{
# Write given certificate and key to file(s).
# Write given certificate and key to file(s).
# Usage:
writeCertKey
<crt data> <crt path> <key data> <key path>
# Usage: <crt data> <crt path> <key data> <key path>
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
crt_path
=
"
$1
"
crt_data
=
"
$2
"
key_path
=
"
$3
"
key_data
=
"
$4
"
need_chmod
local
crt_path
=
"
$1
"
crt_data
=
"
$2
"
key_path
=
"
$3
"
key_data
=
"
$4
"
need_chmod
test
!
-e
"
$key_path
"
test
!
-e
"
$key_path
"
...
@@ -230,7 +230,7 @@ _matchPrivateKeyBoundary () {
...
@@ -230,7 +230,7 @@ _matchPrivateKeyBoundary () {
_forEachPEM
()
{
_forEachPEM
()
{
# Iterate over components of a PEM file, piping each to <command>
# Iterate over components of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<type tester> <command> [<arg> ...] < pem
# Usage: <type tester> <command> [<arg> ...] < pem
# <type tester> is called with the end boundary as argument
# <type tester> is called with the end boundary as argument
# <command> receives each matching PEM element as input.
# <command> receives each matching PEM element as input.
# If <command> exit status is non-zero, enumeration stops.
# If <command> exit status is non-zero, enumeration stops.
...
@@ -256,23 +256,23 @@ _forEachPEM () {
...
@@ -256,23 +256,23 @@ _forEachPEM () {
alias
forEachCertificate
=
'_forEachPEM _matchCertificateBoundary'
alias
forEachCertificate
=
'_forEachPEM _matchCertificateBoundary'
# Iterate over certificate of a PEM file, piping each to <command>
# Iterate over certificate of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<command> [<arg> ...] < pem
# Usage: <command> [<arg> ...] < pem
alias
forEachPrivateKey
=
'_forEachPEM _matchPrivateKeyBoundary'
alias
forEachPrivateKey
=
'_forEachPEM _matchPrivateKeyBoundary'
# Iterate over private key of a PEM file, piping each to <command>
# Iterate over private key of a PEM file, piping each to <command>
# Usage:
_forEachPEM
<command> [<arg> ...] < pem
# Usage: <command> [<arg> ...] < pem
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
alias
pem2fingerprint
=
'openssl x509 -fingerprint -noout'
pemFingerprintIs
()
{
pemFingerprintIs
()
{
# Usage:
pemFingerprintIs
<fingerprint> < certificate
# Usage: <fingerprint> < certificate
# Return 1 when certificate's fingerprint matches argument
# Return 1 when certificate's fingerprint matches argument
test
"
$1
"
=
"
$(
pem2fingerprint
)
"
&&
return
1
test
"
$1
"
=
"
$(
pem2fingerprint
)
"
&&
return
1
}
}
expiresBefore
()
{
expiresBefore
()
{
# Tests whether certificate is expired at given date
# Tests whether certificate is expired at given date
# Usage:
expiresBefore
<date> < certificate > certificate
# Usage: <date> < certificate > certificate
# <date> must be a unix timestamp (date +%s)
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
enddate
local
enddate
...
@@ -283,7 +283,7 @@ expiresBefore () {
...
@@ -283,7 +283,7 @@ expiresBefore () {
printIfExpiresAfter
()
{
printIfExpiresAfter
()
{
# Print certificate if it expires after given date
# Print certificate if it expires after given date
# Usage:
printIfExpiresAfter
<date> < certificate > certificate
# Usage: <date> < certificate > certificate
# <date> must be a unix timestamp (date +%s)
# <date> must be a unix timestamp (date +%s)
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
crt
local
crt
...
@@ -294,7 +294,7 @@ printIfExpiresAfter () {
...
@@ -294,7 +294,7 @@ printIfExpiresAfter () {
appendValidCA
()
{
appendValidCA
()
{
# TODO: test
# TODO: test
# Append CA to given file if it is signed by a CA we know of already.
# Append CA to given file if it is signed by a CA we know of already.
# Usage:
_appendValidCA
<ca path> < json
# Usage: <ca path> < json
# Appends valid certificates to the file at <ca path>
# Appends valid certificates to the file at <ca path>
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
ca
=
"
$1
"
payload cert
local
ca
=
"
$1
"
payload cert
...
@@ -314,7 +314,7 @@ appendValidCA () {
...
@@ -314,7 +314,7 @@ appendValidCA () {
}
}
checkCertificateMatchesKey
()
{
checkCertificateMatchesKey
()
{
# Usage:
checkCertificateMatchesKey
<crt> <key>
# Usage: <crt> <key>
# Returns 0 if certificate's public key matches private key's public key,
# Returns 0 if certificate's public key matches private key's public key,
# 1 otherwise.
# 1 otherwise.
test
"
$(
test
"
$(
...
@@ -707,7 +707,7 @@ EOF
...
@@ -707,7 +707,7 @@ EOF
}
}
_matchOneKeyAndPrintOneMatchingCert
()
{
_matchOneKeyAndPrintOneMatchingCert
()
{
# Usage:
_matchOneKeyAndPrintOneMatchingCert
<crt path> <key path>
# Usage: <crt path> <key path>
# Sets globals "crt_found" and "key_found"
# Sets globals "crt_found" and "key_found"
# shellcheck disable=SC2039
# shellcheck disable=SC2039
local
crt
local
crt
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment