#!/bin/sh # # Copyright 1999-2006 University of Chicago # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. # # # globus-cert-info # # Easily extract information from a user's cert. # openssl="/cvmfs/dirac.egi.eu/dirac/v8.0.48/Linux-x86_64/bin/openssl" prefix="${GLOBUS_LOCATION-/cvmfs/dirac.egi.eu/dirac/v8.0.48/Linux-x86_64}" exec_prefix="${prefix}" bindir="${exec_prefix}/bin" sbindir="${exec_prefix}/sbin" sysconfdir="${prefix}/etc" PATH=${bindir}:${sbindir}:${PATH} PROGRAM_NAME=`echo $0 | sed 's|.*/||g'` PROGRAM_VERSION="10.8" VERSION="10.8" PACKAGE="globus_gsi_cert_utils" DIRT_TIMESTAMP="1629915172" DIRT_BRANCH_ID="0" short_usage="$PROGRAM_NAME [-help] [-file certfile] [-all] [-subject] [...]" long_usage () { cat >&2 < /dev/null 2>&1 ; then _format=pkcs12 elif echo "$testfile" | grep '\.pem$' > /dev/null 2>&1 ; then _format=x509 elif grep -- '-----BEGIN' "$testfile" > /dev/null 2>&1 ; then _format=x509 else : fi echo $_format } if ! "$openssl" version > /dev/null 2> /dev/null; then echo "Unable to locate openssl binary in PATH" 1>&2 exit 1 fi # Default Generated Files cert_format=x509 openssl_options="" toprint="" # set default location of certificate (may be overridden by --file) # certfile=`find_default_credential` globus_args_short_usage() { cat 1>&2 <&2 <&2 exit 1 fi if [ "X$toprint" = "X" ]; then # If no specific information requested - print all toprint="-text" fi if [ ! -r "${certfile}" ]; then echo "ERROR: Cannot read certificate file ${certfile}" >&2 exit 1 fi if [ "$cert_format" = pkcs12 ]; then echo "Credentials are in pkcs12 format, OpenSSL will prompt for p12 password" cert_data=`"$openssl" pkcs12 -nokeys -clcerts -nomacver -in "$certfile"` command_stub="\"$openssl\" x509 -noout $openssl_options" else cert_data="" command_stub="\"$openssl\" x509 -noout -in \"$certfile\" $openssl_options" fi echo "$cert_data" | eval ${command_stub} || exit $? eval set -- "$toprint" for i in "$@"; do case "$i" in -*) echo "$cert_data" | eval ${command_stub} $i | sed 's/^[a-zA-Z]*= *//' ;; SUBJECT) if [ "${rfc2253:-0}" != 1 ]; then subject=`echo "$cert_data" | \ eval ${command_stub} -subject -nameopt sep_multiline | \ sed -e '/^subject=/d' -e 's!^\s*!/!' | tr -d '\n'` else subject=`echo "$cert_data" | eval ${command_stub} -subject | \ sed 's/^subject= *//'` fi # Do not show the proxy levels echo "${subject}" | sed -e 's%/CN=proxy%%g' -e 's%/CN=limited proxy%%g' ;; ISSUER) if [ "${rfc2253:-0}" != 1 ]; then issuer=`echo "$cert_data" | \ eval ${command_stub} -issuer -nameopt sep_multiline | \ sed -e '/^issuer=/d' -e 's!^\s*!/!' | tr -d '\n'` else issuer=`echo "$cert_data" | eval ${command_stub} -issuer | \ sed 's/^issuer= *//'` fi # Do not show the proxy levels echo "${issuer}" | sed -e 's%/CN=proxy%%g' -e 's%/CN=limited proxy%%g' ;; esac done