summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2021-02-08 17:08:39 +0100
committerSimon Rettberg2021-02-08 17:08:39 +0100
commit30b6b6f7834704c43971b0c9cc78ccd8b70c4088 (patch)
tree9219fbf48f378197bb1ff60d7ccf8f7fdef15227
parent[ini] New module (diff)
downloadslx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.tar.gz
slx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.tar.xz
slx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.zip
[cert] New module for doing stuff with certificates
Add cert_to_nssdb: Add one or more certificates to an nssdb database.
-rw-r--r--modules/cert.inc29
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/cert.inc b/modules/cert.inc
new file mode 100644
index 0000000..3b4a222
--- /dev/null
+++ b/modules/cert.inc
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Convert .pem certificates from <src> to an sqlite
+# nssdb at <dest>. The destination DB will be created
+# if it does not exist, otherwise the certificates will
+# be added to the existing nssdb.
+# cert_to_db <src> <dst>
+cert_to_nssdb() {
+ local db="$2"
+ local src="$1"
+ if ! [ -f "$db/cert9.db" ] && ! [ -f "$db/key4.db" ]; then
+ mkdir -p "$db" || return 1
+ certutil -N --empty-password -d sql:"$db" || return 1
+ fi
+ if [ -f "$src" ]; then
+ certutil -A -d sql:"$db" -n "$( basename "$src" )" -t C,C,C -i "$src"
+ return # pass exit code
+ fi
+ if [ -d "$src" ]; then
+ find "$src" \( -type f -o -type l \) -name "*.pem" | while read -r file; do
+ file="$( readlink -f "$file" )"
+ # Make sure there's nothing after this call so the exit code survives the loop end
+ certutil -A -d sql:"$db" -n "$( basename "$file" )" -t C,C,C -i "$file"
+ done
+ return # pass exit code from within loop
+ fi
+ echo "Source is not a file or directory" >&2
+ return 1
+}