This repository has been archived by the owner on Jun 26, 2018. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tool
executable file
·90 lines (83 loc) · 2.92 KB
/
tool
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
#!/bin/bash
#Default variables. Change as necessary
rootcert=certs/rootcert.pem
output=sigtag.xml
SCRIPT=`basename ${BASH_SOURCE[0]}`
BOLD='\e[1;31m' # Bold Red
REV='\e[1;32m' # Bold Green
OFF='\e[0m'
verify=false
encrypt=false
#Usage function
function HELP {
echo -e "${REV}Basic usage:${OFF} ${BOLD}$SCRIPT [-o <Output File>] [-s <PKCS#12 Certificate>] [-v] XMLfile ${OFF}"\\n
echo -e "${REV}The following switches are recognized. $OFF "
echo -e "${REV}-o <Output File>${OFF} --Specifies the output file. If not supplied, will output stdout."
echo -e "${REV}-s <PKCS#12 Certificate>${OFF} --Adds Signature to input XML file using given ${BOLD}.p12${OFF} cert. The cert password will be requested."
#echo -e "${REV}-e <Params?>${OFF} --Encrypts the input XML file${OFF}"
echo -e "${REV}-v ${OFF} --Verifies a signed XML file. If combined with ${REV}-s${OFF} option, verifies newly signed XML."
echo -e "${REV}-h ${OFF} --Displays this help message. No further functions are performed."\\n
echo -e "Example: ${BOLD}$SCRIPT -s certs/usercert.p12 -v sample.xml${OFF}"\\n
exit 1
}
while getopts :hvs:o: FLAG; do #Use getopts to parse arguments
case $FLAG in
o)
output=$OPTARG
;;
s)
cert=$OPTARG
;;
v)
verify=true
;;
e)
encrypt=true
;;
h)
HELP
;;
:)
echo -e "Option ${BOLD}-$OPTARG ${OFF}requires an argument." >&2
exit 1
;;
\?) #unrecognized option - show help
echo -e \\n"Option ${BOLD}-$OPTARG ${OFF}not allowed."\\n
HELP
;;
esac
done
shift $((OPTIND -1)) #Cleanup arguments after getopts
xml=$1
if [[ !-f "$xml" ]]; then #Ensure that input file exists
echo -e \\n"Missing ${BOLD}XMLFile${OFF}."\\n
HELP
fi
if [[ -f $cert ]]; then #If Certificate is a file
if ! grep -Fq "<Signature" "$xml"; then #If "<Signature" exists within XML input
xsltproc -o "$output" templates/signed.xsl "$xml"
else #Start using output file
cp "$xml" "$output"
fi
xml=$output
read -s -p "Certificate Password: " certpass #Request password to sign can be scripted in manually if needed
echo
#Sign the file using the given the certificate. Shove any errors into variable for later processing
errors=$(xmlsec1 --sign --pkcs12 $cert --trusted-pem $rootcert --crypto openssl --pwd "$certpass" --output "$output" "$output" 2>&1)
if [ $output != "sigtag.xml" ]; then
cat "$xml"
fi
elif [[ -n $cert ]]; then #If certificate is not a file
echo -e "Certificate file ${BOLD}$cert ${OFF}not found." >&2
exit 1
fi
if [ -n "$errors" ]; then #If Errors exist, print them, and don't continue
echo "$errors"
else
if $verify; then #Verify file against root certificate
xmlsec1 --verify --trusted-pem "$rootcert" "$xml"
fi
fi
if [ $output = "sigtag.xml" ]; then #If the output variable is same as default, delete file
rm "$output"
fi