Browse Source

[ssl_mgmt] Sign email sent to notifiedUsers

master
Thomas Preud'homme 5 years ago
parent
commit
72c930a8b8

+ 18
- 2
ssl_mgmt/ssl_mgmt View File

@@ -152,6 +152,12 @@ set_variables ()
152 152
 	fi
153 153
 	managedCerts=${managedCerts:-}
154 154
 	notifiedUsers=${notifiedUsers:-}
155
+	if [ -n "${notifiedUsers}" -a -z "${keyId:-}" ]
156
+	then
157
+		echo -n "You must set keyId to the ID of the key to sign" >&2
158
+		echo " the message sent to users to be" >&2
159
+		echo "notified of new certificate." >&2
160
+	fi
155 161
 	notifySubject=${notifySubject:-'New fingerprint for service $service'}
156 162
 	if [ -z "${notifyTemplate:-}" ]
157 163
 	then
@@ -355,11 +361,21 @@ generate_cert ()
355 361
 		mv $keySubdir/$keycertFile $keyDestDir
356 362
 		fingerprint="$(openssl x509 -in "$certPath" -noout -fingerprint)"
357 363
 		fingerprint=${fingerprint#*=}
358
-		if [ -n "$notifiedUsers" ]
364
+		if [ -n "$notifiedUsers" -a -n "$keyId" ]
359 365
 		then
360 366
 			eval notifySubject="\"$notifySubject\""
361 367
 			eval notifyTemplate="\"$notifyTemplate\""
362
-			mail -s "$notifySubject" $notifiedUsers <<EOF
368
+			if [ -z "${keyPwdPath:-}" ]
369
+			then
370
+				pwdOpt="--passphrase-fd 3"
371
+				pwdRedir='3<&0'
372
+			else
373
+				pwdOpt="--passphrase-file $keyPwdPath"
374
+				pwdRedir=""
375
+			fi
376
+			{ gpg -u $keyId --clearsign -a $pwdOpt \
377
+				| mail -s "$notifySubject" $notifiedUsers ; } \
378
+				3<&0 <<EOF
363 379
 $notifyTemplate
364 380
 EOF
365 381
 		fi

+ 10
- 0
ssl_mgmt/ssl_mgmt.conf View File

@@ -29,6 +29,16 @@
29 29
 # DEFAULT: <none>
30 30
 #managedCerts=
31 31
 
32
+# ID of the key to use to sign the message sent to $notifiedUsers when a
33
+# certificate is created or renewed.
34
+# DEFAULT: <none>
35
+#keyId=
36
+
37
+# File containing the password to unlock the key to sign the message sent to
38
+# $notifiedUsers when a certificate is created or renewed.
39
+# DEFAULT: read from STDIN
40
+#keyPwdPath=
41
+
32 42
 # List of users to be notified when a certificate is created or renewed.
33 43
 # DEFAULT: <none>
34 44
 #notifiedUsers=

+ 1
- 1
ssl_mgmt/tests/1/cmdline View File

@@ -1 +1 @@
1
-cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo
1
+GNUPGHOME=../gnupg keyId=CAF0A71C keyPwdPath=../gpg_pwd cnfFilePath=./ssl_mgmt.conf ../ssl_mgmt renew foo

BIN
ssl_mgmt/tests/gnupg/pubring.gpg View File


BIN
ssl_mgmt/tests/gnupg/secring.gpg View File


BIN
ssl_mgmt/tests/gnupg/trustdb.gpg View File


+ 1
- 0
ssl_mgmt/tests/gpg_pwd View File

@@ -0,0 +1 @@
1
+toto42

+ 2
- 0
ssl_mgmt/tests/restore_foo_fini View File

@@ -16,3 +16,5 @@ for file in foo-key.pem foo-keycert.pem
16 16
 do
17 17
 	mv ./destdir/private/${file}.backup ./destdir/private/$file
18 18
 done
19
+
20
+rm -f ./gnupg/random_seed

Loading…
Cancel
Save