diff options
Diffstat (limited to 'certs')
| -rwxr-xr-x | certs/gencerts.sh | 29 |
1 files changed, 15 insertions, 14 deletions
diff --git a/certs/gencerts.sh b/certs/gencerts.sh index 181767e..9c25f6c 100755 --- a/certs/gencerts.sh +++ b/certs/gencerts.sh @@ -2,93 +2,94 @@ set -ue PATH=/usr/bin:/bin if [ -n "${GNUPGBIN:-}" ]; then GPG="$GNUPGBIN" elif [ -x /usr/bin/gpg2 ]; then GPG=/usr/bin/gpg2 else GPG=gpg fi GPG_OPTS='--no-auto-check-trustdb --batch --no-verbose --yes' usage() { echo "Usage: $0 /path/to/certs.asc" >&2 exit 1 } x509fpr() { local msg="$1" host cert h spki - host="${msg%%,*}"; host="${msg%% *}" + host="${msg%%,*}"; host="${host%% *}"; host="${host#\`}" cert="$DIR/${host%%:*}.pem" spki=$(openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -sha1 | sed -nr 's/^[^=]+=\s*//p') [ "$typ" = mdwn ] && printf '\n [[%s|https://crt.sh/?spkisha1=%s&iCAID=16418]]\n\n' "$msg" "$spki" \ - || printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=16418\n SPKI:\n' "$msg" "$spki" + || printf ' %s\n X.509: https://crt.sh/?spkisha1=%s&iCAID=16418\n SPKI:\n' \ + "$( echo "$msg" | tr -d '`' )" "$spki" for h in sha1 sha256; do [ "$typ" = mdwn ] || echo -n ' ' echo -n "$h" | tr '[a-z]' '[A-Z]' for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done openssl x509 -noout -pubkey<"$cert" | openssl pkey -pubin -outform DER | openssl dgst -"$h" -c | sed -nr 's/^[^=]+=\s*//p' done | sed -r "s/(\S+)(.*)/$indent\1\U\2/" } sshfpr() { local msg="$1" host t h fpr - host="${msg%%,*}"; host="${msg%% *}"; host="${host#*@}" - [ "$typ" = mdwn ] && { echo; echo " $msg"; echo; } || echo " $msg" + host="${msg%%,*}"; host="${host%% *}"; host="${host#*@}"; host="${host#\`}"; host="${host%\`}" + [ "$typ" = mdwn ] && { echo; echo " $msg"; echo; } || { echo " $msg" | tr -d '`'; } [ "${host#*:}" != 22 ] || host="${host%%:*}" for h in MD5 SHA256; do ssh-keygen -E "$h" -f "$DIR/../ssh_known_hosts" -lF "${host#*@}" done | sed -nr 's/^[^ #]+\s+//p' | sed -r 's/^(\S+)\s+(MD5|SHA256):/\1 \2 /' | while read t h fpr; do echo -n "$indent$t" for i in $(seq 1 $((7 - ${#h}))); do echo -n ' '; done echo "$h:$fpr" done } allfpr() { local typ="$1" [ "$typ" = mdwn ] && indent=' ' || indent=' ' cat <<- EOF * IMAP server - $(x509fpr 'imap.fripost.org:993 (IMAP over SSL), sieve.fripost.org:4190 (ManageSieve, STARTTLS)') + $(x509fpr '`imap.fripost.org:993` (IMAP over SSL), `sieve.fripost.org:4190` (ManageSieve, `STARTTLS`)') - * SMTP servers (STARTTLS) - $(x509fpr 'smtp.fripost.org:587 (Mail Submission Agent)') + * SMTP servers + $(x509fpr '`smtp.fripost.org:587` (Mail Submission Agent, `STARTTLS`)') - $(x509fpr 'mx1.fripost.org:25 (1st Mail eXchange)') + $(x509fpr '`mx1.fripost.org:25` (1st Mail eXchange, `STARTTLS`)') - $(x509fpr 'mx2.fripost.org:25 (2nd Mail eXchange)') + $(x509fpr '`mx2.fripost.org:25` (2nd Mail eXchange, `STARTTLS`)') * Web servers - $(x509fpr 'fripost.org:443 (website), wiki.fripost.org:443 (wiki)') + $(x509fpr '`fripost.org:443` (website), `wiki.fripost.org:443` (wiki)') - $(x509fpr 'mail.fripost.org:443 (webmail)') + $(x509fpr '`mail.fripost.org:443` (webmail)') - $(x509fpr 'lists.fripost.org:443 (list manager)') + $(x509fpr '`lists.fripost.org:443` (list manager)') - $(x509fpr 'git.fripost.org:443 (git server and its web interface)') + $(x509fpr '`git.fripost.org:443` (git server and its web interface)') * SSH server - $(sshfpr 'gitolite@git.fripost.org:22') + $(sshfpr '`gitolite@git.fripost.org:22`') EOF } [ $# -eq 1 ] || usage asc="$1" asc2=$(mktemp --tmpdir) src=$(mktemp --tmpdir) src2=$(mktemp --tmpdir) mdwn="${asc%.asc}.mdwn" mdwn2=$(mktemp --tmpdir) DIR="$(dirname "$0")/public" VCS_BROWSER='https://git.fripost.org/fripost-ansible' trap 'rm -f "$src" "$src2" "$asc2" "$mdwn2"' EXIT if [ -s "$asc" ]; then "$GPG" $GPG_OPTS --logger-file=/dev/null --output="$src" -- "$asc" fi |