48 lines
856 B
Bash
48 lines
856 B
Bash
#!/bin/bash
|
|
|
|
KEY=$1
|
|
CRT=$2
|
|
IMM=$3
|
|
|
|
if [ "`cat $KEY | grep ENCRYPTED`" ]; then
|
|
echo >&2 "Key is password-protected"
|
|
exit 1
|
|
fi
|
|
|
|
KEYMOD=`openssl rsa -noout -modulus -in $KEY`
|
|
CRTMOD=`openssl x509 -noout -modulus -in $CRT`
|
|
|
|
if [ "$KEYMOD" != "$CRTMOD" ]; then
|
|
echo >&2 "Key doesn't match the certificate"
|
|
exit 1
|
|
fi
|
|
|
|
if [ -n "$IMM" ]; then
|
|
cat $CRT $IMM > bundle.crt
|
|
|
|
if [ "`openssl verify bundle.crt`" == "$CRT: OK" ]; then
|
|
echo "Done (bundle ok)"
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
while true; do
|
|
|
|
if [ "`openssl verify $CRT`" == "$CRT: OK" ]; then
|
|
echo "Done"
|
|
exit 0
|
|
fi
|
|
|
|
NEXT=`openssl x509 -noout -issuer_hash -in $CRT`
|
|
|
|
if [ ! -f $NEXT ]; then
|
|
echo >&2 "Could not generate trusted bundle"
|
|
exit 1
|
|
fi
|
|
|
|
cat $CRT $NEXT > tmp.crt
|
|
mv tmp.crt bundle.crt
|
|
CRT="bundle.crt"
|
|
|
|
done
|