#!/bin/sh # # Copyright 1999-2006 University of Chicago # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # Change the pass phrase on a user's private key # openssl="/cvmfs/dirac.egi.eu/dirac/v8.0.57/Linux-aarch64/bin/openssl" prefix="${GLOBUS_LOCATION-/cvmfs/dirac.egi.eu/dirac/v8.0.57/Linux-aarch64}" exec_prefix="${prefix}" bindir="${exec_prefix}/bin" sbindir="${exec_prefix}/sbin" sysconfdir="${prefix}/etc" PATH="${bindir}:${sbindir}:${PATH}" PROGRAM_NAME=`echo $0 | sed -e 's|.*/||g'` PROGRAM_VERSION="10.8" VERSION="10.8" PACKAGE="globus_gsi_cert_utils" DIRT_TIMESTAMP="1629915172" DIRT_BRANCH_ID="0" short_usage="$PROGRAM_NAME [-help] [-version] [-file private_key_file]" long_usage () { cat >&2 < /dev/null 2> /dev/null; then echo "Unable to locate $openssl binary in $bindir or PATH" 1>&2 exit 1 fi # See https://gridcf.org/gct-docs/latest/gsic/pi/index.html#gsic-pi-env find_default_key() { if [ -n "$X509_USER_KEY" ]; then echo "$X509_USER_KEY" elif [ -r "${HOME}/.globus/userkey.pem" ]; then echo "${HOME}/.globus/userkey.pem" elif [ -r "${HOME}/.globus/usercred.p12" ]; then echo "${HOME}/.globus/usercred.p12" else echo "" fi } key_format() { testfile="$1" _format='' if test "$testfile" = ""; then : elif echo "$testfile" | grep '\.p12$' > /dev/null 2>&1 ; then _format=pkcs12 elif echo "$testfile" | grep '\.pem$' > /dev/null 2>&1 ; then _format=x509 elif grep -- '-----BEGIN' "$testfile" > /dev/null 2>&1 ; then _format="x509" else : fi echo $_format } private_key="" globus_args_short_usage() { cat 1>&2 <&2 < /dev/null ;; *) globus_args_unrecognized_option "$1" ;; esac fi if [ "$private_key" = "" ]; then private_key=`find_default_key` fi if [ "$private_key" = "" ]; then echo "Unable to determine private key location. Use -file KEYFILE option" exit 1 fi keyform="`key_format \"$private_key\"`" if [ "$keyform" = "" ]; then echo "Unable to determine format of private key \"$private_key\"." exit 1 fi umask 077 if [ "$keyform" = pkcs12 ]; then rm -f ${private_key}.new "$openssl" pkcs12 -in "${private_key}" -nodes | \ openssl pkcs12 -export -out ${private_key}.new else rm -f ${private_key}.new "$openssl" rsa -des3 -in ${private_key} -out ${private_key}.new fi if [ $? -eq 0 ]; then rm -f ${private_key}.old cp -p ${private_key} ${private_key}.old mv -f ${private_key}.new ${private_key} else echo "Failed to change passphrase" >&2 exit 1 fi