首頁 探索 說明
登入
rajven
/
openvpn-status-page
镜像来自 https://github.com/rajven/openvpn-status-page
1
0
複刻 0
Files 問題管理 0 Wiki
目錄樹: 4a85bd2ea4
分支列表 標籤列表
openvpn-status-...
/
addons
/
cmd
/
show_client_crt.sh

show_client_crt.sh 2.2 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293 
  1. #!/bin/bash
    2. 

  2. 

  3. set -o errexit
    4. 

  4. set -o nounset
    5. 

  5. set -o pipefail
    6. 

  6. 

  7. show_usage() {
    8. 

  8.     echo "Usage: $0 <login> [pki_dir]"
    9. 

  9.     echo "Default pki_dir: /etc/openvpn/server/server/rsa/pki"
    10. 

  10.     exit 1
    11. 

  11. }
    12. 

  12. 

  13. validate_pki_dir() {
    14. 

  14.     local pki_dir=$1
    15. 

  15.     if [[ ! -d "${pki_dir}" || ! -f "${pki_dir}/index.txt" ]]; then
    16. 

  16.         echo "Error: Invalid PKI directory - missing index.txt" >&2
    17. 

  17.         exit 2
    18. 

  18.     fi
    19. 

  19. }
    20. 

  20. 

  21. find_cert_file() {
    22. 

  22.     local cn=$1 pki_dir=$2
    23. 

  23.     local cert_file
    24. 

  24.     
    25. 

  25.     # Try standard location first
    26. 

  26.     cert_file="${pki_dir}/issued/${cn}.crt"
    27. 

  27.     [[ -f "${cert_file}" ]] && echo "${cert_file}" && return 0
    28. 

  28.     
    29. 

  29.     # Fallback to serial-based lookup
    30. 

  30.     local serial
    31. 

  31.     serial=$(awk -v cn="${cn}" '$0 ~ "/CN=" cn "/" && $1 == "V" {print $3}' "${pki_dir}/index.txt")
    32. 

  32.     [[ -z "${serial}" ]] && return 1
    33. 

  33.     
    34. 

  34.     cert_file="${pki_dir}/certs_by_serial/${serial}.pem"
    35. 

  35.     [[ -f "${cert_file}" ]] && echo "${cert_file}" && return 0
    36. 

  36.     
    37. 

  37.     return 1
    38. 

  38. }
    39. 

  39. 

  40. find_key_file() {
    41. 

  41.     local cn=$1 pki_dir=$2 serial=$3
    42. 

  42.     local key_file
    43. 

  43.     
    44. 

  44.     # Try standard locations
    45. 

  45.     for candidate in "${pki_dir}/private/${cn}.key" "${pki_dir}/private/${serial}.key"; do
    46. 

  46.         if [[ -f "${candidate}" ]]; then
    47. 

  47.             echo "${candidate}"
    48. 

  48.             return 0
    49. 

  49.         fi
    50. 

  50.     done
    51. 

  51.     
    52. 

  52.     return 1
    53. 

  53. }
    54. 

  54. 

  55. main() {
    56. 

  56.     # Argument handling
    57. 

  57.     [[ $# -lt 1 ]] && show_usage
    58. 

  58.     
    59. 

  59.     local CN=$1
    60. 

  60.     local PKI_DIR=${2:-/etc/openvpn/server/server/rsa/pki}
    61. 

  61.     
    62. 

  62.     validate_pki_dir "${PKI_DIR}"
    63. 

  63.     
    64. 

  64.     # Find certificate
    65. 

  65.     local CERT_FILE
    66. 

  66.     CERT_FILE=$(find_cert_file "${CN}" "${PKI_DIR}") || {
    67. 

  67.         echo "Error: Certificate for CN=${CN} not found" >&2
    68. 

  68.         exit 3
    69. 

  69.     }
    70. 

  70.     
    71. 

  71.     # Find serial number for key lookup
    72. 

  72.     local SERIAL
    73. 

  73.     SERIAL=$(openssl x509 -in "${CERT_FILE}" -noout -serial | cut -d= -f2)
    74. 

  74.     
    75. 

  75.     # Find private key
    76. 

  76.     local KEY_FILE
    77. 

  77.     KEY_FILE=$(find_key_file "${CN}" "${PKI_DIR}" "${SERIAL}") || {
    78. 

  78.         echo "Error: Private key for CN=${CN} not found" >&2
    79. 

  79.         exit 4
    80. 

  80.     }
    81. 

  81.     
    82. 

  82.     # Output results
    83. 

  83.     echo "<cert>"
    84. 

  84. #    openssl x509 -in "${CERT_FILE}" -notext
    85. 

  85.     openssl x509 -in "${CERT_FILE}"
    86. 

  86.     echo "</cert>"
    87. 

  87.     echo
    88. 

  88.     echo "<key>"
    89. 

  89.     cat "${KEY_FILE}"
    90. 

  90.     echo "</key>"
    91. 

  91. }
    92. 

  92. 

  93. main "$@"
    94.