diff options
Diffstat (limited to 'hash-cert-dir.sh')
| -rw-r--r-- | hash-cert-dir.sh/description | 1 | ||||
| -rw-r--r-- | hash-cert-dir.sh/hash-cert-dir.sh | 58 |
2 files changed, 59 insertions, 0 deletions
diff --git a/hash-cert-dir.sh/description b/hash-cert-dir.sh/description new file mode 100644 index 0000000..a54f279 --- /dev/null +++ b/hash-cert-dir.sh/description @@ -0,0 +1 @@ +Hash certificate directory in another directory
\ No newline at end of file diff --git a/hash-cert-dir.sh/hash-cert-dir.sh b/hash-cert-dir.sh/hash-cert-dir.sh new file mode 100644 index 0000000..375e737 --- /dev/null +++ b/hash-cert-dir.sh/hash-cert-dir.sh @@ -0,0 +1,58 @@ +#!/bin/sh +# File: hash-cert-dir.sh +# Location: /etc/ansible/roles/general_conf/files/hash-cert-dir.sh +# Author: bgstack15@gmail.com +# Startdate: 2017-12-18 +# Title: Script that Makes Symlinks for Certs in a Directory +# Purpose: Make a directory suitable for openldap to use as TLS_CACERTDIR +# History: +# Usage: +# HCD_SOURCEDIR=/etc/pki/ca-trust/source/anchors HCD_LINKDIR=/etc/openldap/cacerts hash-cert-dir.sh +# Reference: +# Improve: +# # Ansible task +# - name: hash trusted certs for ldap to trust +# script: hash-cert-dir.sh +# environment: +# HCD_SOURCEDIR: /etc/pki/ca-trust/source/anchors +# HCD_LINKDIR: /etc/openldap/cacerts +# register: hcd +# changed_when: '"changed" in hcd.stdout' + +# Declare variables +test -z "${HCD_SOURCEDIR}" && export HCD_SOURCEDIR=/etc/pki/ca-trust/source/anchors +test -z "${HCD_LINKDIR}" && export HCD_LINKDIR=/etc/openldap/cacerts + +# Check dependencies +OPENSSL="$( which openssl 2>/dev/null )" ; test ! -x "${OPENSSL}" && { echo "${0} needs openssl. Aborted." 1>&2 ; exit 1; } + +# Make directory +mkdir -p "${HCD_LINKDIR}" + +# Loop over ca certificates +__changed=0 +for infile in $( find "${HCD_SOURCEDIR}" -type f 2>/dev/null ) ; +do + + # Get hash of certificate + hash="$( ${OPENSSL} x509 -hash -noout -in "${infile}" 2>/dev/null )" + + # Get new filename + count="$( find "${HCD_LINKDIR}" -type l -regex "${HCD_LINKDIR}/${hash}.*" 2>/dev/null | wc -l )" + __used=0 + + # Check if any symlinks exist for this target cert + for outfile in $( find "${HCD_LINKDIR}" -type l -regex "${HCD_LINKDIR}/${hash}.*" 2>/dev/null ) ; + do + test "$( readlink -f "${outfile}" )" = "${infile}" && __used=1 + done + + # If no symlinks point to this target cert, make the symlink + test ${__used} -eq 0 && { ln -s "${infile}" "${HCD_LINKDIR}/${hash}.${count}" ; __changed=$(( __changed + 1 )) ; } +done + +# Report to ansible if any changes occurred +test ${__changed} -gt 0 && echo "changed" + +# Exit cleanly +exit 0
\ No newline at end of file |