summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorU-Z690-A\user <jrayhawk@omgwallhack.org>2022-06-28 18:55:37 -0700
committerU-Z690-A\user <jrayhawk@omgwallhack.org>2022-06-28 18:55:37 -0700
commit40e0db376ea51384fc2dbb7feb86d6d83408fe9f (patch)
tree72a612d9520ff3bc7b530cf8585aa00eadf299ae
parent537cb1c3cf10ba3552b03c43fb053bde9cca2440 (diff)
downloadcash-40e0db376ea51384fc2dbb7feb86d6d83408fe9f.tar.gz
cash-40e0db376ea51384fc2dbb7feb86d6d83408fe9f.zip
ekusub.sh: new extended key usage configuration substitution script
Needed to support previous commit.
-rwxr-xr-xekusub.sh32
1 files changed, 32 insertions, 0 deletions
diff --git a/ekusub.sh b/ekusub.sh
new file mode 100755
index 0000000..bf1546d
--- /dev/null
+++ b/ekusub.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Dynamically substitutes extendedKeyUsage in usr_cert in an openssl config file
+# ./ekusub.sh "clientAuth, serverAuth"
+#requires bash 4.0 regexes
+
+set -e
+[ -n "$1" ] || cat # pass through
+
+IFS=$'\n'
+CA_STANZA=0
+EKU_MODIFIED=0
+while read line; do
+ if [[ "$line" =~ ^\ *\[\ *usr_cert\ *\] ]]; then
+ CA_STANZA=1
+ echo "$line"
+ elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *extendedKeyUsage\ *= ]]; then
+ echo -n "$line"
+ echo ", $1"
+ EKU_MODIFIED=1
+ elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *\[\ .+\ \] ]]; then
+ if [ $EKU_MODIFIED == 0 ]; then
+ echo "extendedKeyUsage = $1"
+ echo
+ EKU_MODIFIED=1
+ fi
+ CA_STANZA=0
+ echo "$line"
+ else
+ echo "$line"
+ fi
+
+done