src/acl/external/kerberos_ldap_group/cert_tool

   1 #!/bin/sh
   2 #
   3 ## Copyright (C) 1996-2018 The Squid Software Foundation and contributors
   4 ##
   5 ## Squid software is distributed under GPLv2+ license and includes
   6 ## contributions from numerous individuals and organizations.
   7 ## Please see the COPYING and CONTRIBUTORS files for details.
   8 ##
   9 #  -----------------------------------------------------------------------------
  10 #
  11 #  Author: Markus Moeller (markus_moeller at compuserve.com)
  12 #
  13 #  Copyright (C) 2007 Markus Moeller. All rights reserved.
  14 #
  15 #    This program is free software; you can redistribute it and/or modify
  16 #    it under the terms of the GNU General Public License as published by
  17 #    the Free Software Foundation; either version 2 of the License, or
  18 #    (at your option) any later version.
  19 #
  20 #    This program is distributed in the hope that it will be useful,
  21 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
  22 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  23 #    GNU General Public License for more details.
  24 #
  25 #    You should have received a copy of the GNU General Public License
  26 #    along with this program; if not, write to the Free Software
  27 #    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307, USA.
  28 #
  29 #  -----------------------------------------------------------------------------
  30 #
  31 #
  32 # creates the following files:
  33 # <server>.cert
  34 # secmod.db
  35 # key3.db
  36 # cert8.db
  37 #
  38 #
  39 if [ -z "$1" ]; then
  40   echo "Usage: `basename $0` ldap-server port"
  41   exit 0
  42 fi
  43 if [ -z "$2" ]; then
  44   port=636
  45 else
  46   port=$2
  47 fi
  48
  49 server=$1
  50
  51 #
  52 # Remove old files
  53 #
  54 rm  ${server}_[0-9]*.cert 2>/dev/null
  55 #
  56 # Get certs and store in .cert file
  57 #
  58 ( openssl s_client -showcerts -connect $server:$port 2>/dev/null <<!
  59 QUIT
  60 !
  61 ) | awk 'BEGIN{start=0;ostart=0}{if ( $0 ~ /BEGIN CERTIFICATE/ ) { start=start+1 };
  62       if  ( start > ostart ) {print $0 >>"'$server'_"start".cert"};
  63       if ( $0 ~ /END CERTIFICATE/) { ostart=start } }'
  64
  65 #
  66 # from mozilla-nss-tools
  67 # /usr/sfw/bin on Solaris
  68 #
  69 #
  70 # Create database for Sun ldap and pem file for Openldap
  71 #
  72 rm ${server}_[0-9]*.pem 2>/dev/null
  73 i=0
  74 ls ${server}_[0-9]*.cert | while read file; do
  75  i=$(($i+1))
  76  cat  $file  >> ${server}_$i.pem
  77  CA=`openssl x509 -noout -text -in  ${server}_$i.pem | grep -i "CA:.*true"`
  78  if [ -n "$CA" ]; then
  79    echo "CA is in ${server}_$i.pem"
  80    certutil -A -a -n "${server}_$i" -i $file -t "C,," -d .
  81  else
  82    certutil -A -a -n "${server}_$i" -i $file -t "P,," -d .
  83  fi
  84  rm $file
  85 done
  86 echo "Certs:"
  87 certutil -d . -L
  88 echo "are in"
  89 ls *.db