Skip to content
Snippets Groups Projects
Unverified Commit 2851507e authored by Massimiliano Adamo's avatar Massimiliano Adamo
Browse files

minor

parent 602e3c03
Branches
Tags
No related merge requests found
...@@ -28,7 +28,7 @@ stty -echoctl # hide ^C ...@@ -28,7 +28,7 @@ stty -echoctl # hide ^C
# function called by trap # function called by trap
clean_up() { clean_up() {
rm -f $TMP_CERT $TMP_FULLCHAIN $TMP_CA $TMP_KEY rm -f $TMP_CERT $TMP_FULLCHAIN $TMP_CA $TMP_KEY
exit 2 exit $1
} }
trap 'clean_up' SIGINT trap 'clean_up' SIGINT
...@@ -76,7 +76,6 @@ usage() { ...@@ -76,7 +76,6 @@ usage() {
echo " --wildcard [OPTIONAL if the certificate is wildcard]" echo " --wildcard [OPTIONAL if the certificate is wildcard]"
echo " --update [OPTIONAL self-updates the script and exit]" echo " --update [OPTIONAL self-updates the script and exit]"
echo "" echo ""
clean_up
} }
OPTS=$(getopt -o "h" --longoptions "help,redis-token:,vault-token:,cert-name:,team-name:,days:,type:,cert-destination:,fullchain-destination:,key-destination:,ca-destination:,wildcard" -- "$@") OPTS=$(getopt -o "h" --longoptions "help,redis-token:,vault-token:,cert-name:,team-name:,days:,type:,cert-destination:,fullchain-destination:,key-destination:,ca-destination:,wildcard" -- "$@")
...@@ -86,7 +85,7 @@ while true; do ...@@ -86,7 +85,7 @@ while true; do
case "$1" in case "$1" in
-h | --help) -h | --help)
usage usage
clean_up clean_up 2
;; ;;
--redis-token) --redis-token)
shift shift
...@@ -153,7 +152,7 @@ if [ -n $UPDATE ]; then ...@@ -153,7 +152,7 @@ if [ -n $UPDATE ]; then
echo -e "\nfailed to update $0" echo -e "\nfailed to update $0"
echo -e "Please download the script manually from this URL: ${SCRIPT_URL}\n" echo -e "Please download the script manually from this URL: ${SCRIPT_URL}\n"
fi fi
exit $UPDATE_STATUS clean_up $UPDATE_STATUS
fi fi
if [[ -z $REDIS_TOKEN ]] || [[ -z $VAULT_TOKEN ]] || [[ -z $CERT_NAME ]] || [[ -z $TEAM_NAME ]]; then if [[ -z $REDIS_TOKEN ]] || [[ -z $VAULT_TOKEN ]] || [[ -z $CERT_NAME ]] || [[ -z $TEAM_NAME ]]; then
...@@ -200,15 +199,15 @@ fi ...@@ -200,15 +199,15 @@ fi
# checking if certificates are valid # checking if certificates are valid
if ! openssl x509 -checkend $MINUTES -noout -in $TMP_CERT &>/dev/null; then if ! openssl x509 -checkend $MINUTES -noout -in $TMP_CERT &>/dev/null; then
echo "the Certificate is malformed or is expiring. Giving up" echo "the Certificate is malformed or is expiring. Giving up"
clean_up clean_up 2
fi fi
if ! openssl x509 -checkend $MINUTES -noout -in $TMP_FULLCHAIN &>/dev/null; then if ! openssl x509 -checkend $MINUTES -noout -in $TMP_FULLCHAIN &>/dev/null; then
echo "the Full Chain is malformed or is expiring. Giving up" echo "the Full Chain is malformed or is expiring. Giving up"
clean_up clean_up 2
fi fi
if ! openssl x509 -in $TMP_CA -text -noout &>/dev/null; then if ! openssl x509 -in $TMP_CA -text -noout &>/dev/null; then
echo "the CA is malformed. Giving up" echo "the CA is malformed. Giving up"
clean_up clean_up 2
fi fi
# checking if key matches the certificate and the full-chain # checking if key matches the certificate and the full-chain
...@@ -217,17 +216,17 @@ FULLCHAIN_MD5=$(openssl x509 -noout -modulus -in $TMP_FULLCHAIN | openssl md5 | ...@@ -217,17 +216,17 @@ FULLCHAIN_MD5=$(openssl x509 -noout -modulus -in $TMP_FULLCHAIN | openssl md5 |
CRT_MD5=$(openssl x509 -noout -modulus -in $TMP_CERT | openssl md5 | awk '{print $NF}') CRT_MD5=$(openssl x509 -noout -modulus -in $TMP_CERT | openssl md5 | awk '{print $NF}')
if [[ $KEY_MD5 != $CRT_MD5 ]] || [[ $KEY_MD5 != $FULLCHAIN_MD5 ]]; then if [[ $KEY_MD5 != $CRT_MD5 ]] || [[ $KEY_MD5 != $FULLCHAIN_MD5 ]]; then
echo "the Key $TMP_KEY is either malformed or it does not match the certificate. Giving up" echo "the Key $TMP_KEY is either malformed or it does not match the certificate. Giving up"
clean_up clean_up 2
fi fi
# checking if the certificate contains at least our cert_name # checking if the certificate contains at least our cert_name
if ! openssl x509 -noout -text -in $TMP_CERT | grep -qw $CERT_NAME; then if ! openssl x509 -noout -text -in $TMP_CERT | grep -qw $CERT_NAME; then
echo "the certificate does not match your CN $CERT_NAME" echo "the certificate does not match your CN $CERT_NAME"
clean_up clean_up 2
fi fi
if ! openssl x509 -noout -text -in $TMP_FULLCHAIN | grep -qw $CERT_NAME; then if ! openssl x509 -noout -text -in $TMP_FULLCHAIN | grep -qw $CERT_NAME; then
echo "the full chain certificate does not match your CN $CERT_NAME" echo "the full chain certificate does not match your CN $CERT_NAME"
clean_up clean_up 2
fi fi
# let's install the certificates # let's install the certificates
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment