diff options
| author | Simon Rettberg | 2021-02-08 17:08:39 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2021-02-08 17:08:39 +0100 |
| commit | 30b6b6f7834704c43971b0c9cc78ccd8b70c4088 (patch) | |
| tree | 9219fbf48f378197bb1ff60d7ccf8f7fdef15227 | |
| parent | [ini] New module (diff) | |
| download | slx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.tar.gz slx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.tar.xz slx-tools-30b6b6f7834704c43971b0c9cc78ccd8b70c4088.zip | |
[cert] New module for doing stuff with certificates
Add cert_to_nssdb: Add one or more certificates to an
nssdb database.
| -rw-r--r-- | modules/cert.inc | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/modules/cert.inc b/modules/cert.inc new file mode 100644 index 0000000..3b4a222 --- /dev/null +++ b/modules/cert.inc @@ -0,0 +1,29 @@ +#!/bin/bash + +# Convert .pem certificates from <src> to an sqlite +# nssdb at <dest>. The destination DB will be created +# if it does not exist, otherwise the certificates will +# be added to the existing nssdb. +# cert_to_db <src> <dst> +cert_to_nssdb() { + local db="$2" + local src="$1" + if ! [ -f "$db/cert9.db" ] && ! [ -f "$db/key4.db" ]; then + mkdir -p "$db" || return 1 + certutil -N --empty-password -d sql:"$db" || return 1 + fi + if [ -f "$src" ]; then + certutil -A -d sql:"$db" -n "$( basename "$src" )" -t C,C,C -i "$src" + return # pass exit code + fi + if [ -d "$src" ]; then + find "$src" \( -type f -o -type l \) -name "*.pem" | while read -r file; do + file="$( readlink -f "$file" )" + # Make sure there's nothing after this call so the exit code survives the loop end + certutil -A -d sql:"$db" -n "$( basename "$file" )" -t C,C,C -i "$file" + done + return # pass exit code from within loop + fi + echo "Source is not a file or directory" >&2 + return 1 +} |