-
Notifications
You must be signed in to change notification settings - Fork 20
/
Copy pathgit-remote-install-cert.sh
executable file
·119 lines (93 loc) · 2.51 KB
/
git-remote-install-cert.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
#!/bin/bash
# Copyright (C) 2014 Craig Phillips. All rights reserved.
git_remote_install_cert_sh=$(readlink -f "$BASH_SOURCE")
function usage() {
cat <<USAGE
Usage: ${git_remote_install_cert_sh##*/} [<name>]
Summary:
Installs the SSL certificate of the HTTPS connection defined by the remote
with the name <name> or 'origin' if omitted. The certificates are placed
under ~/.gitcerts/<remote>.crt, where <remote> is the full qualified
hostname of the remote URL.
Global Git configuration is also updated, setting http.sslCAPath to the
directory ~/.gitcerts, under which the certficate is installed.
Options:
-v --verbose Verbose output.
Example:
${git_remote_install_cert_sh##*/} origin
USAGE
}
function err() {
echo >&2 "${git_remote_install_cert_sh##*/}: $*"
exit 1
}
function get_remote() {
local name= url= path=
while read name url x ; do
if [[ $name == $1 ]] ; then
echo "$url"
return 0
fi
done < <(git remote -v)
return 1
}
exec 3>/dev/null
while (( $# > 0 )) ; do
case $1 in
(-v|--verbose)
exec 3>&2
;;
(-\?|--help)
usage
exit 0
;;
(*)
break
;;
esac
shift
done
name=${1:-origin}
url=$(get_remote "$name") ||
err "Remote '$name' not found"
if [[ $url =~ ^https://([^/]+) ]] ; then
server=${BASH_REMATCH[1]}
name=${server%%@*}
server=${server##*@}
url=${BASH_REMATCH[0]}/
url=${url/$name@/}
[[ $server ]] || err "No match"
if [[ ! $server =~ :[0-9]+$ ]] ; then
server+=:443
fi
else
err "Remote '$name' url is not HTTPS: $url"
fi
certtmp=$(UMASK=0077 mktemp)
trap "rm -f $certtmp" EXIT
echo "Requesting certificate from the server..."
openssl 2>&3 s_client -connect $server </dev/null | \
awk >$certtmp '
BEGIN {
f = 0;
}
f == 1 || /^-----BEGIN CERTIFICATE-----/ {
f = 1;
print;
}
/^-----END CERTIFICATE-----/ {
exit;
}
'
if (( $? != 0 )) ; then
err "Failed to get certificate from: $server"
fi
[[ -s $certtmp ]] || err "Failed to obtain certificate"
cert="$HOME/.gitcerts/${server%:*}.crt"
mkdir -m 0700 -p ${cert%/*} ||
err "Failed to create Git certificate store"
mv $certtmp $cert ||
err "Failed to import certificate"
echo "Certificate installed to: $cert"
git config --global http.sslCAPath "$HOME/.gitcerts" ||
err "Failed to set 'http.sslCAPath' configuration setting"