#!/usr/bin/sh #---------------------------------------------------------------------------------- # /var/install/bin/certs-show-index-file - show content of index file # # Copyright (c) 2001-2025 The Eisfair Team, team(at)eisfair(dot)org # # Creation: 2002-12-01 jed # Last Update: $Id$ # # Usage: ./certs-show-index-file [--help] # ./certs-show-index-file [--nogui][--noheader] # [--onlyexpired][--onlyrevoked][--onlyvalid] # [--noexpired][--norevoked][--novalid] # [--sort|--sortrev] # # --help - show a help page # --nogui - don't use the ECE GUI # --noheader - don't show file and sorting header lines # # --onlyexpired - show only expired certificates # --onlyrevoked - show only revoked certificates # --onlyvalid - show only valid certificates # # --noexpired - show all except expired # --norevoked - show all except revoked # --novalid - show all except valid # # --shortlable - show short lables instead of long ones # --sort - sort in chronological order # --sortrev - sort in reverse chronological order # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. #---------------------------------------------------------------------------------- # include eislib etc. . /var/install/include/eislib # activate debug output #debug_certs=true if ${debug_certs:-false} then exec 2> /tmp/$(basename ${0})-trace$$.log set -x ask_debug=true export ask_debug fi #---------------------------------------------------------------------------------- # convert asn1 date string to date # input: $1 - date string, e.g. '121004182753Z' #---------------------------------------------------------------------------------- asn1date_to_date () { if [ -n "$1" ] then # read date in UTC format (..Z) from index.txt _atd_crt_raw_valdate=`echo "$1" | sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\)\(..\)Z/20\1-\2-\3 \4:\5:\6 UTC/'` # convert date to local format date -d "TZ=\"${TIME_ZONE}\" ${_atd_crt_raw_valdate}" +'%d.%m.%Y %T %Z' else echo fi } #---------------------------------------------------------------------------------- # split certificate subject into parts #---------------------------------------------------------------------------------- split_subject () { # /C=DE/ST=Nordrhein Westfalen/L=Koeln/O=private/OU=eisfair/ # CN=server.local.lan/emailAddress=postmaster@local.lan _ss_subj=`echo "$1" | tr -d '"' | sed 's#^/##'` if [ -n "${_ss_subj}" ] then _ss_c=` echo "${_ss_subj}" | cut -d'/' -f1 | sed 's/C *=//'` _ss_st=`echo "${_ss_subj}" | cut -d'/' -f2 | sed 's/ST *=//'` _ss_l=` echo "${_ss_subj}" | cut -d'/' -f3 | sed 's/L *=//'` _ss_o=` echo "${_ss_subj}" | cut -d'/' -f4 | sed 's/O *=//'` _ss_ou=`echo "${_ss_subj}" | cut -d'/' -f5 | sed 's/OU *=//'` _ss_cn=`echo "${_ss_subj}" | cut -d'/' -f6 | sed 's/CN *=//'` _ss_email=`echo "${_ss_subj}" | cut -d'/' -f7 | sed 's/emailAddress *=//'` if [ ${shortlable} -eq 1 ] then _ss_lable_cn='CN' _ss_lable_c='C ' _ss_lable_st='ST' _ss_lable_l='L ' _ss_lable_o='O ' _ss_lable_ou='OU' _ss_lable_email='EM' else _ss_lable_cn='Common name .....' _ss_lable_c='Country .........' _ss_lable_st='State ...........' _ss_lable_l='Location ........' _ss_lable_o='Organization ....' _ss_lable_ou='Organization unit' _ss_lable_email='Email address ...' fi if [ -n "${_ss_cn}" ] then if [ ${nogui} -eq 0 ] then echo "${_ss_lable_cn}: ${_ss_cn}" else echo -n "${_ss_lable_cn}: "; mecho --info "${_ss_cn}" fi fi if [ -n "${_ss_c}" ] then echo "${_ss_lable_c}: ${_ss_c}" fi if [ -n "${_ss_st}" ] then echo "${_ss_lable_st}: ${_ss_st}" fi if [ -n "${_ss_l}" ] then echo "${_ss_lable_l}: ${_ss_l}" fi if [ -n "${_ss_o}" ] then echo "${_ss_lable_o}: ${_ss_o}" fi if [ -n "${_ss_ou}" ] then echo "${_ss_lable_ou}: ${_ss_ou}" fi if [ -n "${_ss_email}" ] then echo "${_ss_lable_email}: ${_ss_email}" fi else echo fi } #---------------------------------------------------------------------------------- # process index.txt #---------------------------------------------------------------------------------- process_file () { # sort output if [ ${noheader} -eq 0 ] then echo -n "sort order: " fi case ${sorttype} in date ) # chronological order if [ ${noheader} -eq 0 ] then echo "date" fi sort ${index_file} > ${work_file} ;; revdate ) # reverse chronological order if [ ${noheader} -eq 0 ] then echo "reverse date" fi sort -r ${index_file} > ${work_file} ;; * ) # default: serial number sorting if [ ${noheader} -eq 0 ] then echo "serial number" fi cp ${index_file} ${work_file} ;; esac if [ ${noheader} -eq 0 ] then echo fi # loop through index.txt records while read line do # TAB separated fields # # Folgende Felder sind bekannt: # 1 - TYPE ..........: E-expired, R-revoked, V-valid # 2 - EXPDATE .......: 121004182753Z # 3 - REVDATE+REASON : 120926180715Z,superseded # 4 - SERIAL ........: 22 # 5 - unknown .......: unknown # 6 - SUBJECT .......: /C=DE/ST=Nordrhein Westfalen/L=Koeln/O=private/ # OU=eisfair/CN=server.local.lan c_type="`echo "${line}" | cut -f1`" if [ -n "`echo "${showtype}" | grep "${c_type}"`" ] then # requested type (E-expired, R-revoked, V-valid) should be printed c_expdate="`echo "${line}" | cut -f2`" c_tmp="`echo "${line}" | cut -f3`" echo "${c_tmp}" | grep -q "," if [ $? -eq 0 ] then c_revdate="`echo "${c_tmp}" | cut -d, -f1`" c_revreason="`echo "${c_tmp}" | cut -d, -f2`" else c_revdate="${c_tmp}" c_revreason='' fi c_serial="`echo "${line}" | cut -f4`" # c_unknown="`echo "${line}" | cut -f5`" c_subject="`echo "${line}" | cut -f6`" split_subject "${c_subject}" if [ ${shortlable} -eq 1 ] then c_lable_serial='NO' c_lable_expdate='EX' c_lable_revdate='RV' c_lable_revreason='RR' else c_lable_serial='Serial number ...' c_lable_expdate='Expiry date .....' c_lable_revdate='Revokation date .' c_lable_revreason='Revokation reason' fi echo "${c_lable_serial}: ${c_serial}" case ${c_type} in E ) # expire if [ ${nogui} -eq 0 ] then echo "${c_lable_expdate}: `asn1date_to_date "${c_expdate}"` (expired)" else echo -n "${c_lable_expdate}: `asn1date_to_date "${c_expdate}"` ("; mecho -n --warn "expired"; echo ")" fi ;; R ) # revoke echo "${c_lable_expdate}: `asn1date_to_date "${c_expdate}"`" if [ ${nogui} -eq 0 ] then echo "${c_lable_revdate}: `asn1date_to_date "${c_revdate}"` (revoked)" else echo -n "${c_lable_revdate}: `asn1date_to_date "${c_revdate}"` ("; mecho -n --error "revoked"; echo ")" fi if [ -n "${c_revreason}" ] then echo "${c_lable_revreason}: ${c_revreason}" fi ;; V ) # valid if [ ${nogui} -eq 0 ] then echo "${c_lable_expdate}: `asn1date_to_date "${c_expdate}"` (valid)" else echo -n "${c_lable_expdate}: `asn1date_to_date "${c_expdate}"` ("; mecho -n --info "valid"; echo ")" fi ;; esac echo fi done < ${work_file} } #================================================================================== # main #================================================================================== ssldir=/usr/local/ssl tmpdir=/tmp basefile=/etc/config.d/base localesfile=/etc/config.d/locales setupfile=/etc/config.d/setup index_file=${ssldir}/index.txt output_file=`mktemp -p ${tmpdir}` work_file=`mktemp -p ${tmpdir}` color='' frame='' if [ -f ${setupfile} ] then if $(grep -qE "^MENU=['\"]/var/install/bin/show-menu['\"]" ${setupfile}) then color='--nocolor' frame='--noframe' fi fi # command line parameter EXEC_CMD="$*" su_options='' nogui=0 noheader=0 shortlable=0 showtype='ERV' sorttype='' # read parameter(s) while [ $# -gt 0 ] do case $1 in *-help|*-?|/? ) show_help exit 1 ;; *-nogui ) # don't show result in GUI nogui=1 shift ;; *-noheader ) noheader=1 shift ;; *-noexpired ) if [ `echo -n "${showtype}" | wc -m` -ge 2 ] then showtype="`echo "${showtype}" | sed 's/E//'`" fi shift ;; *-norevoked ) if [ `echo -n "${showtype}" | wc -m` -ge 2 ] then showtype="`echo "${showtype}" | sed 's/R//'`" fi shift ;; *-novalid ) if [ `echo -n "${showtype}" | wc -m` -ge 2 ] then showtype="`echo "${showtype}" | sed 's/V//'`" fi shift ;; *-onlyexpired ) showtype='E' shift ;; *-onlyrevoked ) showtype='R' shift ;; *-onlyvalid ) showtype='V' shift ;; *-shortlable ) shortlable=1 shift ;; *-sort ) sorttype='date' shift ;; *-sortrev ) sorttype='revdate' shift ;; -* ) # skip unknown parameters shift ;; esac done if [ -z "${TIME_ZONE}" ] then # time zone not set if [ -f ${localesfile} ] then # read time zone from locales configuration . ${localesfile} TIME_ZONE=${LOCALES_TIME_ZONE} elif [ -f ${basefile} ] then # read time zone from base configuration . ${basefile} # TIME_ZONE=${TIME_ZONE} else # set default time zone TIME_ZONE=CET fi # time zone not set if [ -f ${basefile} ] then # read time zone from base configuration . ${basefile} else # set default time zone TIME_ZONE=CET fi fi if [ ${noheader} -eq 0 ] then echo "reading ${index_file} file ..." fi process_file > ${output_file} if [ ${nogui} -eq 0 ] then # show GUI /var/install/bin/show-doc.cui ${color} ${frame} --title "${certs_title}" ${output_file} else cat ${output_file} fi rm -f ${output_file} ${work_file} #================================================================================== # end #================================================================================== exit 0