27 Zeilen
789 B
Bash
Ausführbare Datei
27 Zeilen
789 B
Bash
Ausführbare Datei
#!/bin/bash
|
|
set -e -o pipefail
|
|
|
|
if [ -z "$VAULT_TOKEN" -o -z "$VAULT_ADDR" ] ; then
|
|
echo No Vault server or token set
|
|
exit 1
|
|
fi
|
|
set -u
|
|
|
|
download_certs() {
|
|
ca="$1"
|
|
subdir="$2"
|
|
trust="$3"
|
|
mkdir -p "${subdir}"
|
|
for uuid in $(bao list -format=json "${ca}/issuers" | jq -r '.[]'); do
|
|
name=$(bao read -field=issuer_name "${ca}/issuer/${uuid}")
|
|
args=
|
|
if [ -n "$trust" ] ; then
|
|
args+=" -addtrust ${trust}"
|
|
fi
|
|
bao read -field=certificate "${ca}/issuer/${uuid}" | openssl x509 -out "${subdir}/${name}.pem" -setalias "${uuid}" ${args}
|
|
done
|
|
}
|
|
|
|
download_certs "root_ca" "certs" "anyExtendedKeyUsage"
|
|
download_certs "acme_ca" "certs" "anyExtendedKeyUsage"
|
|
download_certs "secureboot_ca" "certs/secureboot" "codeSigning"
|