From f1552833c3ca241bd636a8d03eb9bd949fef764c Mon Sep 17 00:00:00 2001 From: B Stack Date: Mon, 30 Jul 2018 15:53:59 -0400 Subject: add error checking for "Denied" message --- files/certreq.sh | 31 +++++++++++++++++++++++++++---- 1 file changed, 27 insertions(+), 4 deletions(-) diff --git a/files/certreq.sh b/files/certreq.sh index 5093f5d..bacdf75 100755 --- a/files/certreq.sh +++ b/files/certreq.sh @@ -11,13 +11,14 @@ # 2018-04-16 Add --list and --csr options # 2018-05-07 Add actions for using a CA with manually-approved certs # 2018-06-19 Fix get number of ca cert +# 2018-07-30 add error check for "Denied" messages # Usage: in ansible role certreq # Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template. # Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a # fundamental curl statements https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl/39722983#39722983 # Improve: fiversion="2017-10-10x" -certreqversion="2018-06-19a" +certreqversion="2018-07-30a" usage() { less -F >&2 </dev/null )" @@ -614,6 +631,7 @@ debuglev 5 && { grep -qE -- '--END CERTIFICATE--' "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" || failed=$(( failed + 8 )) #echo "${openssloutput}" | grep -qE "subject.*${CERTREQ_SUBJECT}" || failed=$(( failed + 16 )) echo "${openssloutput}" | grep -qE "issuer.*" || failed=$(( failed + 16 )) + echo "${DISPOSITION}" | grep -qiE 'denied' && failed=$(( failed + 32 )) ;; esac @@ -632,6 +650,8 @@ case "${CERTREQ_ACTION}" in echo "csr: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.csr" echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key" echo "reqid: ${REQUESTID}" + echo "disposition: ${DISPOSITION}" + echo "rc: ${failed}" ;; fetch) @@ -639,6 +659,7 @@ case "${CERTREQ_ACTION}" in echo "logfile: ${logfile}" echo "certificate: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" ! fistruthy "${CERTREQ_SKIP_CACERTS}" && echo "chain: ${CERTREQ_WORKDIR}/${CHAIN_FILE}" + echo "rc: ${failed}" ;; generate*) @@ -649,6 +670,8 @@ case "${CERTREQ_ACTION}" in echo "certificate: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" echo "key: ${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.key" ! fistruthy "${CERTREQ_SKIP_CACERTS}" && echo "chain: ${CERTREQ_WORKDIR}/${CHAIN_FILE}" + echo "disposition: ${DISPOSITION}" + echo "rc: ${failed}" ;; -- cgit