ekusub.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32

#!/bin/bash
# Dynamically substitutes extendedKeyUsage in usr_cert in an openssl config file
# ./ekusub.sh "clientAuth, serverAuth"
#requires bash 4.0 regexes

set -e
[ -n "$1" ] || cat # pass through

IFS=$'\n'
CA_STANZA=0
EKU_MODIFIED=0
while read line; do
  if [[ "$line" =~ ^\ *\[\ *usr_cert\ *\] ]]; then
    CA_STANZA=1
    echo "$line"
  elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *extendedKeyUsage\ *= ]]; then
    echo -n "$line"
    echo ", $1"
    EKU_MODIFIED=1
  elif [ $CA_STANZA == 1 ] && [[ "$line" =~ ^\ *\[\ .+\ \] ]]; then
    if [ $EKU_MODIFIED == 0 ]; then
      echo "extendedKeyUsage = $1"
      echo
      EKU_MODIFIED=1
    fi
    CA_STANZA=0
    echo "$line"
  else
    echo "$line"
  fi

done