From 30b6b6f7834704c43971b0c9cc78ccd8b70c4088 Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Mon, 8 Feb 2021 17:08:39 +0100
Subject: [cert] New module for doing stuff with certificates

Add cert_to_nssdb: Add one or more certificates to an
nssdb database.
---
 modules/cert.inc | 29 +++++++++++++++++++++++++++++
 1 file changed, 29 insertions(+)
 create mode 100644 modules/cert.inc

(limited to 'modules/cert.inc')

diff --git a/modules/cert.inc b/modules/cert.inc
new file mode 100644
index 0000000..3b4a222
--- /dev/null
+++ b/modules/cert.inc
@@ -0,0 +1,29 @@
+#!/bin/bash
+
+# Convert .pem certificates from <src> to an sqlite
+# nssdb at <dest>. The destination DB will be created
+# if it does not exist, otherwise the certificates will
+# be added to the existing nssdb.
+# cert_to_db <src> <dst>
+cert_to_nssdb() {
+	local db="$2"
+	local src="$1"
+	if ! [ -f "$db/cert9.db" ] && ! [ -f "$db/key4.db" ]; then
+		mkdir -p "$db" || return 1
+		certutil -N --empty-password -d sql:"$db" || return 1
+	fi
+	if [ -f "$src" ]; then
+		certutil -A -d sql:"$db" -n "$( basename "$src" )" -t C,C,C -i "$src"
+		return # pass exit code
+	fi
+	if [ -d "$src" ]; then
+		find "$src" \( -type f -o -type l \) -name "*.pem" | while read -r file; do
+			file="$( readlink -f "$file" )"
+			# Make sure there's nothing after this call so the exit code survives the loop end
+			certutil -A -d sql:"$db" -n "$( basename "$file" )" -t C,C,C -i "$file"
+		done
+		return # pass exit code from within loop
+	fi
+	echo "Source is not a file or directory" >&2
+	return 1
+}
-- 
cgit v1.2.3-55-g7522