From 40e0db376ea51384fc2dbb7feb86d6d83408fe9f Mon Sep 17 00:00:00 2001
From: "U-Z690-A\\user" <jrayhawk@omgwallhack.org>
Date: Tue, 28 Jun 2022 18:55:37 -0700
Subject: ekusub.sh: new extended key usage configuration substitution script

Needed to support previous commit.
---
 ekusub.sh | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 create mode 100755 ekusub.sh

(limited to 'ekusub.sh')

diff --git a/ekusub.sh b/ekusub.sh
new file mode 100755
index 0000000..bf1546d
--- /dev/null
+++ b/ekusub.sh
@@ -0,0 +1,32 @@
+#!/bin/bash
+# Dynamically substitutes extendedKeyUsage in usr_cert in an openssl config file
+# ./ekusub.sh "clientAuth, serverAuth"
+#requires bash 4.0 regexes
+
+set -e
+[ -n "$1" ] || cat # pass through
+
+IFS=$'\n'
+CA_STANZA=0
+EKU_MODIFIED=0
+while read line; do
+  if [[ "$line" =~ ^\ *\[\ *usr_cert\ *\] ]]; then
+    CA_STANZA=1
+    echo "$line"
+  elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *extendedKeyUsage\ *= ]]; then
+    echo -n "$line"
+    echo ", $1"
+    EKU_MODIFIED=1
+  elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *\[\ .+\ \] ]]; then
+    if [ $EKU_MODIFIED == 0 ]; then
+      echo "extendedKeyUsage = $1"
+      echo
+      EKU_MODIFIED=1
+    fi
+    CA_STANZA=0
+    echo "$line"
+  else
+    echo "$line"
+  fi
+
+done
-- 
cgit v1.2.3