Browse code

Introduce x509_prop_ext.

Xavier G authored on 17/03/2021 19:28:26
Showing 1 changed files

... ...
@@ -47,6 +47,12 @@ function x509_prop {
47 47
 	openssl x509 -in "${cert_file}" -noout "$@"
48 48
 }
49 49
 
50
+function x509_prop_ext {
51
+	local cert_file="${1}"; shift
52
+	local extension="${1}"; shift
53
+	x509_prop "${cert_file}" -ext "${extension}"
54
+}
55
+
50 56
 function x509_prop_val {
51 57
 	x509_prop "$@" | perl -ple 's/^[^=]+=//'
52 58
 }
... ...
@@ -60,9 +66,9 @@ function pem_show_properties {
60 66
 
61 67
 	echo 'Properties:'
62 68
 	{
63
-		x509_prop "${pem}" -ext subjectKeyIdentifier
69
+		x509_prop_ext "${pem}" subjectKeyIdentifier
64 70
 		x509_prop "${pem}" -serial -subject
65
-		x509_prop "${pem}" -ext subjectAltName
71
+		x509_prop_ext "${pem}" subjectAltName
66 72
 		x509_prop "${pem}" -dates -fingerprint
67 73
 	} | indent
68 74
 }
... ...
@@ -84,7 +90,7 @@ function pem_check_chain {
84 90
 		fi
85 91
 
86 92
 		local serial prev_auth_serial
87
-		prev_auth_serial=$(x509_prop "${prev_pem}" -ext authorityKeyIdentifier | grep 'serial:' | extract_identifier)
93
+		prev_auth_serial=$(x509_prop_ext "${prev_pem}" authorityKeyIdentifier | grep 'serial:' | extract_identifier)
88 94
 		if [ -n "${prev_auth_serial}" ]; then
89 95
 			serial=$(x509_prop_val "${pem}" -serial)
90 96
 			if [ "${prev_auth_serial//:/}" == "${serial}" ]; then
... ...
@@ -95,8 +101,8 @@ function pem_check_chain {
95 101
 		fi
96 102
 
97 103
 		local subj_key_id prev_auth_key_id
98
-		subj_key_id=$(x509_prop "${pem}" -ext subjectKeyIdentifier | extract_identifier)
99
-		prev_auth_key_id=$(x509_prop "${prev_pem}" -ext authorityKeyIdentifier | grep 'keyid:' | extract_identifier)
104
+		subj_key_id=$(x509_prop_ext "${pem}" subjectKeyIdentifier | extract_identifier)
105
+		prev_auth_key_id=$(x509_prop_ext "${prev_pem}" authorityKeyIdentifier | grep 'keyid:' | extract_identifier)
100 106
 		if [ "${prev_auth_key_id}" == "${subj_key_id}" ]; then
101 107
 			echo "[ok] This certificate's subject key identifier matches the previous certificate's authority key identifier."
102 108
 		else
... ...
@@ -120,7 +126,7 @@ function pem_show_issuer {
120 126
 	echo 'Issuer:'
121 127
 	{
122 128
 		x509_prop "${pem}" -issuer
123
-		x509_prop "${pem}" -ext authorityKeyIdentifier
129
+		x509_prop_ext "${pem}" authorityKeyIdentifier
124 130
 	} | indent
125 131
 }
126 132