Skip to content

Commit

Permalink
Merge branch 'v321-final' of ssh://github.com/TinCanTech/easy-rsa int…
Browse files Browse the repository at this point in the history
…o TinCanTech-v321-final

Signed-off-by: Richard T Bonhomme <[email protected]>
  • Loading branch information
TinCanTech committed Aug 23, 2024
2 parents 500b738 + 432d42f commit ac0e307
Show file tree
Hide file tree
Showing 2 changed files with 99 additions and 387 deletions.
220 changes: 11 additions & 209 deletions dev/easyrsa-tools.lib
Original file line number Diff line number Diff line change
@@ -1,6 +1,14 @@
#!/bin/sh

# Easy-RSA tools library v1.0
# Easy-RSA 3 Tools library
#
# Copyright (C) 2024 - The Open-Source OpenVPN development community.
# A full list of contributors can be found on Github at:
# https://github.com/OpenVPN/easy-rsa/graphs/contributors
#
# This code released under version 2 of the GNU GPL; see COPYING
# and the Licensing/ directory of this project for full licensing
# details.

# Easy-RSA 3.x does not source into the environment directly.
# Complain if a user tries to do this:
Expand Down Expand Up @@ -189,136 +197,6 @@ iso_8601_cert_enddate: failed to set var '$*'"
unset -v fn_ssl_out
} # => iso_8601_cert_enddate()

# iso_8601_timestamp_to_seconds since epoch
iso_8601_timestamp_to_seconds() {
verbose "NEW: iso_8601_timestamp_to_seconds"
# check input
[ "$#" = 2 ] || die "\
iso_8601_timestamp_to_seconds: input error"

in_date="$1"
verbose "\
NEW: iso_8601_timestamp_to_seconds: in_date=$in_date"

# Consume $in_date string
yyyy="${in_date%%-*}"

# When yyyy is only two digits prepend century
if [ "${#yyyy}" = 2 ]; then
yyyy="${yyyy#0}"
if [ "$yyyy" -lt 70 ]; then
if [ "${#yyyy}" = 2 ]; then
yyyy="20${yyyy}"
else
yyyy="200${yyyy}"
fi
else
yyyy="19${yyyy}"
fi
fi
verbose "\
NEW: iso_8601_timestamp_to_seconds: yyyy: $yyyy"

# yyyy must be four digits now
# Caller MUST assess this error
if [ "${#yyyy}" = 4 ]; then
: # ok
else
verbose "\
NEW: iso_8601_timestamp_to_seconds: GENERATED ERROR (yyyy=$yyyy)"
return 1
fi

# Leap years
leap_years="$(( (yyyy - 1970 + 2 ) / 4 ))"
is_leap_year="$(( (yyyy - 1970 + 2 ) % 4 ))"
if [ "$is_leap_year" = 0 ]; then
leap_years="$(( leap_years - 1 ))"
leap_day=1
verbose "\
NEW: iso_8601_timestamp_to_seconds: is_leap_year=TRUE"
else
leap_day=0
verbose "\
NEW: iso_8601_timestamp_to_seconds: is_leap_year=FALSE"
fi
unset -v is_leap_year

in_date="${in_date#*-}"
mm="${in_date%%-*}"
in_date="${in_date#*-}"
dd="${in_date%% *}"
in_date="${in_date#* }"
HH="${in_date%%:*}"
in_date="${in_date#*:}"
MM="${in_date%%:*}"
in_date="${in_date#*:}"
SS="${in_date%?}"
in_date="${in_date#??}"
TZ="$in_date"
unset -v in_date

# Check that TZ is a single character
if [ "${#TZ}" = 1 ]; then
: # ok
else
# Caller MUST assess this error
verbose "\
NEW: iso_8601_timestamp_to_seconds: GENERATED ERROR (TZ=$TZ)"
return 1
fi

# number of days per month
case "$mm" in
01) mdays="$(( 0 ))" ;;
02) mdays="$(( 31 ))" ;;
03) mdays="$(( 31+28+leap_day ))" ;;
04) mdays="$(( 31+28+leap_day+31 ))" ;;
05) mdays="$(( 31+28+leap_day+31+30 ))" ;;
06) mdays="$(( 31+28+leap_day+31+30+31 ))" ;;
07) mdays="$(( 31+28+leap_day+31+30+31+30 ))" ;;
08) mdays="$(( 31+28+leap_day+31+30+31+30+31 ))" ;;
09) mdays="$(( 31+28+leap_day+31+30+31+30+31+31 ))" ;;
10) mdays="$(( 31+28+leap_day+31+30+31+30+31+31+30 ))" ;;
11) mdays="$(( 31+28+leap_day+31+30+31+30+31+31+30+31 ))" ;;
12) mdays="$(( 31+28+leap_day+31+30+31+30+31+31+30+31+30 ))" ;;
# This means the input date was not iso_8601
*)
# Caller MUST assess this error
verbose "\
NEW: iso_8601_timestamp_to_seconds: GENERATED ERROR (mm=$mm)"
return 1
esac

# Remove leading ZERO. eg: SS = 09
[ "$yyyy" = "${yyyy#0}" ] || die "Leading zero: yyyy: $yyyy"
mm="${mm#0}"
dd="${dd#0}"
HH="${HH#0}"
MM="${MM#0}"
SS="${SS#0}"

# Calculate seconds since epoch
out_seconds="$((
(( yyyy - 1970 ) * ( 60 * 60 * 24 * 365 ))
+ (( leap_years ) * ( 60 * 60 * 24 ))
+ (( mdays ) * ( 60 * 60 * 24 ))
+ (( dd - 1 ) * ( 60 * 60 * 24 ))
+ (( HH ) * ( 60 * 60 ))
+ (( MM ) * ( 60 ))
+ SS
))" || die "\
iso_8601_timestamp_to_seconds: out_seconds=$out_seconds"

# Return out_seconds
force_set_var "$2" "$out_seconds" || die "\
iso_8601_timestamp_to_seconds: \
- force_set_var - $2 - $out_seconds"

unset -v in_date out_seconds leap_years \
yyyy mm dd HH MM SS TZ
} # => iso_8601_timestamp_to_seconds()

# Number of days from NOW@today as timestamp seconds
days_to_timestamp_s() {
verbose "REQUIRED: days_to_timestamp_s: uses date"
Expand Down Expand Up @@ -476,77 +354,6 @@ db_date_to_iso_8601_date: force_set_var - $2 - $out_date"
unset -v in_date out_date yyyy mm dd HH MM SS TZ
} # => db_date_to_iso_8601_date()

# Convert default SSL date to iso_8601 date
# This may not be feasible, due to different languages
# Allow the caller to assess those errors (eg. Fall-back)
# shellcheck disable=2317 # Unreach - cert_date_to_iso_8601_date()
cert_date_to_iso_8601_date() {
verbose "iso_8601-WIP: cert_date_to_iso_8601_date"
die "BLOCKED: cert_date_to_iso_8601_date"

# check input
[ "$#" = 2 ] || die "\
cert_date_to_iso_8601_date: input error"

# Expected format: 'Mar 21 18:25:01 2023 GMT'
in_date="$1"

# Consume in_date string
mmm="${in_date%% *}"
in_date="${in_date#"$mmm" }"
dd="${in_date%% *}"
in_date="${in_date#"$dd" }"
HH="${in_date%%:*}"
in_date="${in_date#"$HH":}"
MM="${in_date%%:*}"
in_date="${in_date#"$MM":}"
SS="${in_date%% *}"
in_date="${in_date#"$SS" }"
yyyy="${in_date%% *}"
in_date="${in_date#"$yyyy" }"
TZ="$in_date"

# Assign month number by abbreviation
case "$mmm" in
Jan) mm="01" ;;
Feb) mm="02" ;;
Mar) mm="03" ;;
Apr) mm="04" ;;
May) mm="05" ;;
Jun) mm="06" ;;
Jul) mm="07" ;;
Aug) mm="08" ;;
Sep) mm="09" ;;
Oct) mm="10" ;;
Nov) mm="11" ;;
Dec) mm="12" ;;
*)
information "Only english dates are currently supported."
warn "cert_date_to_iso_8601_date - Unknown month: '$mmm'"
# The caller is REQUIRED to assess this error
return 1
esac

# Assign single letter timezone from abbreviation
case "$TZ" in
GMT) TZ=Z ;;
*)
information "Only english dates are currently supported."
warn "cert_date_to_iso_8601_date - Unknown timezone: '$TZ'"
# The caller is REQUIRED to assess this error
return 1
esac

# Assign iso_8601 date
out_date="${yyyy}-${mm}-${dd} ${HH}:${MM}:${SS}${TZ}"

# Return iso_8601 date
force_set_var "$2" "$out_date" || die "\
cert_date_to_iso_8601: force_set_var - $2 - $out_date"

unset -v in_date out_date yyyy mmm mm dd HH MM SS TZ
} # => cert_date_to_iso_8601()

# Certificate expiry
will_cert_be_valid() {
[ -f "$1" ] || die "will_cert_be_valid - Missing file"
Expand Down Expand Up @@ -851,7 +658,6 @@ before they can be revoked."

# Create report
read_db

} # => status()

# renew backend
Expand Down Expand Up @@ -1060,8 +866,6 @@ Renew has created a new certificate, to replace the old one.
To revoke the old certificate, once the new one has been deployed,
use command 'revoke-renewed $file_name_base'"

return 0
} # => renew()

# Restore files on failure to renew
Expand All @@ -1082,8 +886,6 @@ renew_restore_move() {
notice "\
Renew FAILED but files have been successfully restored."
fi

return 0
} # => renew_restore_move()

# renew_move
Expand Down Expand Up @@ -1123,8 +925,6 @@ Failed to remove credentials file:
Failed to remove inline file:
* $inline_in"
fi

return 0
} # => renew_move()

# Verify certificate against CA
Expand Down Expand Up @@ -1203,3 +1003,5 @@ Input is not a valid certificate:
fi
fi
} # => verify_cert()

# vim: ft=sh nu ai sw=8 ts=8 noet
Loading

0 comments on commit ac0e307

Please sign in to comment.