[Ciotoflow] [FYI][SCRIPT] update_autistici_ca.sh

Delete this message

Reply to this message
Autor: Rocco Folino
Data:  
A: Flussi di ciotia.
Assumpte: [Ciotoflow] [FYI][SCRIPT] update_autistici_ca.sh
Salve ciotoni,

ho scritto un piccolo script comodo per aggiornare il certificato di autistici.

-zen

PS: lanciatelo con sudo o inserite il vostro utente nel gruppo staff (per debian)

====================

#!/bin/bash

CA_TMP_PATH=/tmp/ca
CA_TMP_FILE=$CA_TMP_PATH/autistici.crt

CA_SYS_FILE=/usr/local/share/ca-certificates/autistici-ca.crt

[ -d "/usr/local/share/ca-certificates" ] || {
    echo "ERR: please install ca-certificates"
    exit 1
}


# For Google Chrome
[ -z "$(which certutil)" ] && {
    echo "ERR: please install libnss3-tool"
    exit 1
}


echo -n "Downloading certificate: "

[ -d $CA_TMP_PATH ] || mkdir $CA_TMP_PATH
wget -q -O $CA_TMP_FILE http://www.autistici.org/static/certs/ca.crt || {
    echo "FAIL"
    rm -rf $CA_TMP_PATH
    exit 1
}


echo "OK"

echo -n "Verifying certificate: "

CERT_FINGER=$(openssl x509 -in $CA_TMP_FILE -fingerprint -sha256 -noout | cut -d= -f2 | tr -d :)
DNS_FINGER=$(dig +short +dnssec tlsa _443._tcp.autistici.org @8.8.8.8 | awk '/^0/ {print $4 $5}')

[ "$CERT_FINGER" == "$DNS_FINGER" ] || {
    echo "FAIL"
    rm -rf $CA_TMP_PATH
    exit 1
}


echo "OK"

echo -n "Installing certificate: "

cp $CA_TMP_FILE $CA_SYS_FILE
certutil -d sql:$HOME/.pki/nssdb -A -t TC -n "autistici/inventati CA" -i $CA_TMP_FILE

echo "OK"

rm -rf $CA_TMP_PATH