Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
A
Acme Downloader
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Container Registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
Geant DevOps
Acme Downloader
Commits
2851507e
Unverified
Commit
2851507e
authored
3 years ago
by
Massimiliano Adamo
Browse files
Options
Downloads
Patches
Plain Diff
minor
parent
602e3c03
No related branches found
No related tags found
No related merge requests found
Changes
1
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
acme-downloader.sh
+9
-10
9 additions, 10 deletions
acme-downloader.sh
with
9 additions
and
10 deletions
acme-downloader.sh
+
9
−
10
View file @
2851507e
...
...
@@ -28,7 +28,7 @@ stty -echoctl # hide ^C
# function called by trap
clean_up
()
{
rm
-f
$TMP_CERT
$TMP_FULLCHAIN
$TMP_CA
$TMP_KEY
exit
2
exit
$1
}
trap
'clean_up'
SIGINT
...
...
@@ -76,7 +76,6 @@ usage() {
echo
" --wildcard [OPTIONAL if the certificate is wildcard]"
echo
" --update [OPTIONAL self-updates the script and exit]"
echo
""
clean_up
}
OPTS
=
$(
getopt
-o
"h"
--longoptions
"help,redis-token:,vault-token:,cert-name:,team-name:,days:,type:,cert-destination:,fullchain-destination:,key-destination:,ca-destination:,wildcard"
--
"
$@
"
)
...
...
@@ -86,7 +85,7 @@ while true; do
case
"
$1
"
in
-h
|
--help
)
usage
clean_up
clean_up
2
;;
--redis-token
)
shift
...
...
@@ -153,7 +152,7 @@ if [ -n $UPDATE ]; then
echo
-e
"
\n
failed to update
$0
"
echo
-e
"Please download the script manually from this URL:
${
SCRIPT_URL
}
\n
"
fi
exit
$UPDATE_STATUS
clean_up
$UPDATE_STATUS
fi
if
[[
-z
$REDIS_TOKEN
]]
||
[[
-z
$VAULT_TOKEN
]]
||
[[
-z
$CERT_NAME
]]
||
[[
-z
$TEAM_NAME
]]
;
then
...
...
@@ -200,15 +199,15 @@ fi
# checking if certificates are valid
if
!
openssl x509
-checkend
$MINUTES
-noout
-in
$TMP_CERT
&>/dev/null
;
then
echo
"the Certificate is malformed or is expiring. Giving up"
clean_up
clean_up
2
fi
if
!
openssl x509
-checkend
$MINUTES
-noout
-in
$TMP_FULLCHAIN
&>/dev/null
;
then
echo
"the Full Chain is malformed or is expiring. Giving up"
clean_up
clean_up
2
fi
if
!
openssl x509
-in
$TMP_CA
-text
-noout
&>/dev/null
;
then
echo
"the CA is malformed. Giving up"
clean_up
clean_up
2
fi
# checking if key matches the certificate and the full-chain
...
...
@@ -217,17 +216,17 @@ FULLCHAIN_MD5=$(openssl x509 -noout -modulus -in $TMP_FULLCHAIN | openssl md5 |
CRT_MD5
=
$(
openssl x509
-noout
-modulus
-in
$TMP_CERT
| openssl md5 |
awk
'{print $NF}'
)
if
[[
$KEY_MD5
!=
$CRT_MD5
]]
||
[[
$KEY_MD5
!=
$FULLCHAIN_MD5
]]
;
then
echo
"the Key
$TMP_KEY
is either malformed or it does not match the certificate. Giving up"
clean_up
clean_up
2
fi
# checking if the certificate contains at least our cert_name
if
!
openssl x509
-noout
-text
-in
$TMP_CERT
|
grep
-qw
$CERT_NAME
;
then
echo
"the certificate does not match your CN
$CERT_NAME
"
clean_up
clean_up
2
fi
if
!
openssl x509
-noout
-text
-in
$TMP_FULLCHAIN
|
grep
-qw
$CERT_NAME
;
then
echo
"the full chain certificate does not match your CN
$CERT_NAME
"
clean_up
clean_up
2
fi
# let's install the certificates
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment
