Mirrors/dokku
1
0
Fork 0
mirror of https://github.com/dokku/dokku.git synced 2025-12-16 03:57:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
master
dokku/plugins/certs/internal-functions
Jose Diaz-Gonzalez 62a3eff5bb refactor: move apps listing from common plugin to apps plugin 
This helps centralize app-related listing fetching.
2022-02-26 00:37:51 -05:00

149 lines
4.1 KiB
Bash
Executable File
Raw Permalink Blame History

#!/usr/bin/env bash
source "$PLUGIN_CORE_AVAILABLE_PATH/common/functions"
source "$PLUGIN_AVAILABLE_PATH/certs/functions"
set -eo pipefail
[[ $DOKKU_TRACE ]] && set -x
cmd-certs-report() {
declare desc="displays an ssl report for one or more apps"
declare cmd="certs:report"
[[ "$1" == "$cmd" ]] && shift 1
declare APP="$1" INFO_FLAG="$2"
if [[ -n "$APP" ]] && [[ "$APP" == --* ]]; then
INFO_FLAG="$APP"
APP=""
fi
if [[ -z "$APP" ]] && [[ -z "$INFO_FLAG" ]]; then
INFO_FLAG="true"
fi
if [[ -z "$APP" ]]; then
for app in $(dokku_apps); do
cmd-certs-report-single "$app" "$INFO_FLAG" | tee || true
done
else
cmd-certs-report-single "$APP" "$INFO_FLAG"
fi
}
cmd-certs-report-single() {
declare APP="$1" INFO_FLAG="$2"
if [[ "$INFO_FLAG" == "true" ]]; then
INFO_FLAG=""
fi
verify_app_name "$APP"
local flag_map=(
"--ssl-dir: $DOKKU_ROOT/$APP/tls"
"--ssl-enabled: $(fn-ssl-enabled "$APP")"
"--ssl-hostnames: $(fn-ssl-hostnames "$APP")"
"--ssl-expires-at: $(fn-ssl-expires-at "$APP")"
"--ssl-issuer: $(fn-ssl-issuer "$APP")"
"--ssl-starts-at: $(fn-ssl-starts-at "$APP")"
"--ssl-subject: $(fn-ssl-subject "$APP")"
"--ssl-verified: $(fn-ssl-verified "$APP")"
)
if [[ -z "$INFO_FLAG" ]]; then
dokku_log_info2_quiet "$APP ssl information"
for flag in "${flag_map[@]}"; do
key="$(echo "${flag#--}" | cut -f1 -d' ' | tr - ' ')"
dokku_log_verbose "$(printf "%-30s %-25s" "${key^}" "${flag#*: }")"
done
else
local match=false
local value_exists=false
for flag in "${flag_map[@]}"; do
valid_flags="${valid_flags} $(echo "$flag" | cut -d':' -f1)"
if [[ "$flag" == "${INFO_FLAG}:"* ]]; then
value=${flag#*: }
size="${#value}"
if [[ "$size" -ne 0 ]]; then
echo "$value" && match=true && value_exists=true
else
match=true
fi
fi
done
[[ "$match" == "true" ]] || dokku_log_fail "Invalid flag passed, valid flags:${valid_flags}"
[[ "$value_exists" == "true" ]] || dokku_log_fail "not deployed"
fi
}
fn-ssl-enabled() {
declare APP="$1"
local SSL_ENABLED=false
if is_ssl_enabled "$APP"; then
SSL_ENABLED=true
fi
echo "$SSL_ENABLED"
}
fn-ssl-expires-at() {
declare APP="$1"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
if is_ssl_enabled "$APP"; then
openssl x509 -in "$APP_SSL_PATH/server.crt" -noout -text | grep "Not After :" | awk -F " : " '{ print $2 }'
fi
}
fn-ssl-hostnames() {
declare APP="$1"
if is_ssl_enabled "$APP"; then
get_ssl_hostnames "$APP" | xargs
fi
}
fn-ssl-issuer() {
declare APP="$1"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
if is_ssl_enabled "$APP"; then
openssl x509 -in "$APP_SSL_PATH/server.crt" -noout -text | grep "Issuer:" | head -n1 | sed -e 's/Issuer: //g' -e 's/^[[:space:]]*//'
fi
}
fn-ssl-starts-at() {
declare APP="$1"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
if is_ssl_enabled "$APP"; then
openssl x509 -in "$APP_SSL_PATH/server.crt" -noout -text | grep "Not Before:" | awk -F ": " '{ print $2 }'
fi
}
fn-ssl-subject() {
declare APP="$1"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
if is_ssl_enabled "$APP"; then
openssl x509 -in "$APP_SSL_PATH/server.crt" -noout -subject | sed -e "s:subject= ::g" | sed -e "s:^/::g" | sed -e "s:/:; :g"
fi
}
fn-ssl-verified() {
declare APP="$1"
local APP_SSL_PATH="$DOKKU_ROOT/$APP/tls"
local SSL_VERIFY_OUTPUT=false SSL_SELF_SIGNED="self signed"
if ! is_ssl_enabled "$APP"; then
return
fi
if [[ -f "$APP_SSL_PATH/server.letsencrypt.crt" ]]; then
SSL_VERIFY_OUTPUT="$(openssl verify -verbose -purpose sslserver -CAfile "$APP_SSL_PATH/server.crt" "$APP_SSL_PATH/server.letsencrypt.crt" 2>/dev/null | awk -F ':' '{ print $2 }' | tail -1 | xargs || true)"
else
SSL_VERIFY_OUTPUT="$(openssl verify -verbose -purpose sslserver "$APP_SSL_PATH/server.crt" 2>/dev/null | awk -F ':' '{ print $2 }' | tail -1 | xargs || true)"
fi
if [[ "$SSL_VERIFY_OUTPUT" == "OK" ]]; then
SSL_SELF_SIGNED="verified by a certificate authority"
fi
echo "$SSL_SELF_SIGNED"
}
Reference in New Issue View Git Blame Copy Permalink