From a879ddbb53b8e9eff877f715180f8ea47c47a548 Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Thu, 25 Jul 2019 14:16:30 -0400
Subject: fix chain_file name if DN is in a certain format

---
 files/certreq.sh | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'files')

diff --git a/files/certreq.sh b/files/certreq.sh
index e1638d4..8751b39 100755
--- a/files/certreq.sh
+++ b/files/certreq.sh
@@ -14,6 +14,7 @@
 #    2018-07-30 add error checking on the request and authorization
 #    2018-08-16 update error checking and exit codes
 #    2018-09-10 add CERTREQ_OPENSSL_BIN and CERTREQ_OPENSSL_CONF values, and SAN support
+#    2019-07-25 fix chain_file name if DN is a particular format
 # Usage: in ansible role certreq
 #    Microsoft CA cert templates have permissions on them. A user must be able to "enroll" on the template.
 # Reference: ftemplate.sh 2017-10-10x; framework.sh 2017-10-09a
@@ -21,7 +22,7 @@
 #    subjectaltname in openssl.cnf https://bgstack15.wordpress.com/2017/05/21/generate-certificate-with-subjectaltname-attributes-in-freeipa/
 # Improve:
 fiversion="2017-10-10x"
-certreqversion="2018-09-10b"
+certreqversion="2019-07-25a"
 
 usage() {
    less -F >&2 <<ENDUSAGE
@@ -259,6 +260,8 @@ get_latest_ca_cert_chain() {
    # RENAME TO PROPER FILENAME
    # will read only the first cert, so get domain of issuer of it.
    CA_DOMAIN="$( "${CERTREQ_OPENSSL_BIN}" x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>/dev/null | sed -r -e 's/^.*CN=[A-Za-z0-9]+\.//;' )"
+   # parse the ldap DN for the DCs, if the hostname used in the previous step was not fully qualified
+   echo "${CA_DOMAIN}" | grep -qiE "\/dc=" && CA_DOMAIN="$( "${CERTREQ_OPENSSL_BIN}" x509 -in "${CERTREQ_TEMPFILE}" -noout -issuer 2>/dev/null | tr '/' '\n' | tac | awk -F'=' 'tolower($1) ~ /dc/{printf $2"."}' | sed -r -e 's/\.\s*$//;' )"
    CHAIN_FILE="chain-${CA_DOMAIN}.crt"
    mv -f "${CERTREQ_TEMPFILE}" "${CERTREQ_WORKDIR}/${CHAIN_FILE}" 1>/dev/null 2>&1
 
-- 
cgit