[ssl_mgmt] Sign email sent to notifiedUsers

master
Thomas Preud'homme 9 years ago
parent de8cb3e014
commit 72c930a8b8
  1. 20
      ssl_mgmt/ssl_mgmt
  2. 10
      ssl_mgmt/ssl_mgmt.conf
  3. 2
      ssl_mgmt/tests/1/cmdline
  4. BIN
      ssl_mgmt/tests/gnupg/pubring.gpg
  5. BIN
      ssl_mgmt/tests/gnupg/secring.gpg
  6. BIN
      ssl_mgmt/tests/gnupg/trustdb.gpg
  7. 1
      ssl_mgmt/tests/gpg_pwd
  8. 2
      ssl_mgmt/tests/restore_foo_fini

@ -152,6 +152,12 @@ set_variables ()
fi
managedCerts=${managedCerts:-}
notifiedUsers=${notifiedUsers:-}
if [ -n "${notifiedUsers}" -a -z "${keyId:-}" ]
then
echo -n "You must set keyId to the ID of the key to sign" >&2
echo " the message sent to users to be" >&2
echo "notified of new certificate." >&2
fi
notifySubject=${notifySubject:-'New fingerprint for service $service'}
if [ -z "${notifyTemplate:-}" ]
then
@ -355,11 +361,21 @@ generate_cert ()
mv $keySubdir/$keycertFile $keyDestDir
fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
fingerprint=${fingerprint#*=}
if [ -n "$notifiedUsers" ]
if [ -n "$notifiedUsers" -a -n "$keyId" ]
then
eval notifySubject="\"$notifySubject\""
eval notifyTemplate="\"$notifyTemplate\""
mail -s "$notifySubject" $notifiedUsers <<EOF
if [ -z "${keyPwdPath:-}" ]
then
pwdOpt="--passphrase-fd 3"
pwdRedir='3<&0'
else
pwdOpt="--passphrase-file $keyPwdPath"
pwdRedir=""
fi
{ gpg -u $keyId --clearsign -a $pwdOpt \
| mail -s "$notifySubject" $notifiedUsers ; } \
3<&0 <<EOF
$notifyTemplate
EOF
fi

@ -29,6 +29,16 @@
# DEFAULT: <none>
#managedCerts=
# ID of the key to use to sign the message sent to $notifiedUsers when a
# certificate is created or renewed.
# DEFAULT: <none>
#keyId=
# File containing the password to unlock the key to sign the message sent to
# $notifiedUsers when a certificate is created or renewed.
# DEFAULT: read from STDIN
#keyPwdPath=
# List of users to be notified when a certificate is created or renewed.
# DEFAULT: <none>
#notifiedUsers=

@ -1 +1 @@
cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
GNUPGHOME=../gnupg keyId=CAF0A71C keyPwdPath=../gpg_pwd cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo

Binary file not shown.

Binary file not shown.

Binary file not shown.

@ -16,3 +16,5 @@ for file in foo-key.pem foo-keycert.pem
do
mv ./destdir/private/${file}.backup ./destdir/private/$file
done
rm -f ./gnupg/random_seed

Loading…
Cancel
Save