From eae33f69d6063b435bec8664ea5e37858e7b1cf9 Mon Sep 17 00:00:00 2001 From: Bob Mottram Date: Tue, 9 Aug 2016 12:02:51 +0100 Subject: [PATCH] Option to remove pinning for a domain --- src/freedombone-pin-cert | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/src/freedombone-pin-cert b/src/freedombone-pin-cert index bb3f38f6..78b21dad 100755 --- a/src/freedombone-pin-cert +++ b/src/freedombone-pin-cert @@ -54,7 +54,7 @@ function pin_all_certs { PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';" sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file - echo "Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH" + echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH" fi fi fi @@ -69,14 +69,28 @@ if [[ $1 == "all" ]]; then fi DOMAIN_NAME=$1 +REMOVE=$2 KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME} +if [ ! ${DOMAIN_NAME} ]; then + exit 0 +fi + if [ ! -f "$SITE_FILENAME" ]; then exit 0 fi +if [[ $REMOVE == "remove" ]]; then + if grep -q "Public-Key-Pins" $SITE_FILENAME; then + sed -i "/Public-Key-Pins/d" $SITE_FILENAME + echo $"Removed pinning for ${DOMAIN_NAME}" + systemctl restart nginx + fi + exit 0 +fi + if [ ! -f "$KEY_FILENAME" ]; then echo $"No private key certificate found for $DOMAIN_NAME" exit 1