38 lines
1.4 KiB
Bash
Executable File
38 lines
1.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -euo pipefail
|
|
|
|
export PGHOST=${BOUNCA_DB_HOST}
|
|
export PGPORT=${BOUNCA_DB_PORT}
|
|
export PGUSER=${BOUNCA_DB_USER}
|
|
export PGPASSWORD=${BOUNCA_DB_PASSWORD}
|
|
export PGDATABASE=${BOUNCA_DB_NAME}
|
|
|
|
mkdir -p ${BOUNCA_PUBLIC_DIR}
|
|
|
|
extract_pub(){
|
|
echo "Exporting public keys and CRL"
|
|
for CERT_ID in $(psql -A -q -t -c "SELECT id FROM x509_pki_certificate WHERE type IN ('R', 'I') AND revoked_at IS NULL;"); do
|
|
CERT_NAME=$(psql -A -q -t -c "SELECT name FROM x509_pki_certificate WHERE id='${CERT_ID}'")
|
|
echo "Exporting for certificate ${CERT_ID} (${CERT_NAME})"
|
|
psql -A -q -t -c "SELECT crt FROM x509_pki_keystore WHERE id='${CERT_ID}';" > ${BOUNCA_PUBLIC_DIR}/${CERT_ID}.crt
|
|
ln -sf ${BOUNCA_PUBLIC_DIR}/${CERT_ID}.crt "${BOUNCA_PUBLIC_DIR}/${CERT_NAME}.crt"
|
|
if [ "$(psql -A -q -t -c "SELECT COUNT(crl) from x509_pki_crlstore WHERE id='${CERT_ID}'")" != "0" ]; then
|
|
psql -A -q -t -c "SELECT crl FROM x509_pki_crlstore WHERE id='${CERT_ID}';" > ${BOUNCA_PUBLIC_DIR}/${CERT_ID}.crl
|
|
ln -sf ${BOUNCA_PUBLIC_DIR}/${CERT_ID}.crl ${BOUNCA_PUBLIC_DIR}/${CERT_NAME}.crl
|
|
fi
|
|
done
|
|
}
|
|
|
|
# Extract once when we start
|
|
extract_pub
|
|
|
|
# First arg of the script is an optional delay between exports.
|
|
# If set, the script keeps running and export certs and crl every X seconds
|
|
if [ ${1:-0} -gt 0 ]; then
|
|
while true; do
|
|
sleep ${1}
|
|
extract_pub;
|
|
done
|
|
fi
|