#!/bin/sh # # Copyright 1999-2006 University of Chicago # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # globus-cert-info # # Easily extract information from a user's cert. # openssl="/usr/bin/openssl" prefix="${GLOBUS_LOCATION-/usr}" exec_prefix="/usr" bindir="/usr/bin" sbindir="/usr/sbin" sysconfdir="/etc" PATH=${bindir}:${sbindir}:${PATH} PROGRAM_NAME=`echo $0 | sed 's|.*/||g'` PROGRAM_VERSION="9.16" VERSION="9.16" PACKAGE="globus_gsi_cert_utils" DIRT_TIMESTAMP="1483727772" DIRT_BRANCH_ID="85" short_usage="$PROGRAM_NAME [-help] [-file certfile] [-all] [-subject] [...]" long_usage () { cat >&2 < /dev/null 2>&1 ; then _format=pkcs12 elif echo "$certfile" | grep '\.pem$' > /dev/null 2>&1 ; then _format=x509 elif grep -- '-----BEGIN' "$testfile" > /dev/null 2>&1 ; then _format="x509" else : fi echo $_format } if ! "$openssl" version > /dev/null 2> /dev/null; then echo "Unable to locate openssl binary in PATH" 1>&2 exit 1 fi # Default Generated Files cert_format=x509 openssl_options="" toprint="" # set default location of certificate (may be overridden by --file) # certfile=`find_default_credential` globus_args_short_usage() { cat 1>&2 <&2 <&2 exit 1; fi if [ "X$toprint" = "X" ]; then toprint="-text" fi if [ ! \( -f "${certfile}" -a -r "${certfile}" \) ]; then echo "ERROR: Cannot read certificate file ${certfile}" >&2 exit 1 fi if [ "$cert_format" = pkcs12 ]; then echo "Credentials are in pkcs12 format, OpenSSL will prompt for p12 password" cert_data="`"$openssl" pkcs12 -nokeys -clcerts -nomacver -in ${certfile}`" command_stub="\"$openssl\" x509 -noout $openssl_options" else command_stub="\"$openssl\" x509 -noout -in ${certfile} $openssl_options" fi # Will probably need this... if [ "$cert_format" = pkcs12 ]; then subject=`echo "$cert_data" | eval ${command_stub} -subject` else subject=`eval ${command_stub} -subject` fi if test $? -ne 0 ; then exit 1 fi subject=`echo ${subject} | sed 's%^subject=\ *%%'` if [ "${rfc2253:-0}" != 1 ]; then subject=$(echo "${subject}" | sed -e 's|^|/|' -e 's|,|/|g') fi eval set -- "$toprint" for i in "$@"; do case "$i" in -*) echo "$cert_data" | eval "{ ${command_stub} $i || exit $?; } | sed 's/^[a-zA-Z]*=[ ]*//'" ;; SUBJECT) # Do not show the proxy levels echo "${subject}" | sed -e 's%/CN=proxy%%g' -e 's%/CN=limited proxy%%g' ;; esac done