free
/
freedomboneeee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Option to remove pinning for a domain

This commit is contained in:
Bob Mottram 2016-08-09 12:02:51 +01:00
parent 09678bda25
commit eae33f69d6
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/freedombone-pin-cert
View File

@ -54,7 +54,7 @@ function pin_all_certs {
PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';" PIN_HEADER="Public-Key-Pins 'pin-sha256=\"${KEY_HASH}\"; pin-sha256=\"${BACKUP_KEY_HASH}\"; max-age=5184000; includeSubDomains';"
sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file sed -i "s|Public-Key-Pins.*|${PIN_HEADER}|g" $file
echo "Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH" echo $"Pinned $DOMAIN_NAME with keys $KEY_HASH $BACKUP_KEY_HASH"
fi fi
fi fi
fi fi
@ -69,14 +69,28 @@ if [[ $1 == "all" ]]; then
fi fi
DOMAIN_NAME=$1 DOMAIN_NAME=$1
REMOVE=$2
KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key KEY_FILENAME=/etc/ssl/private/${DOMAIN_NAME}.key
BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem BACKUP_KEY_FILENAME=/etc/ssl/certs/${DOMAIN_NAME}.pem
SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME} SITE_FILENAME=$WEBSITES_DIRECTORY/${DOMAIN_NAME}
if [ ! ${DOMAIN_NAME} ]; then
exit 0
fi
if [ ! -f "$SITE_FILENAME" ]; then if [ ! -f "$SITE_FILENAME" ]; then
exit 0 exit 0
fi fi
if [[ $REMOVE == "remove" ]]; then
if grep -q "Public-Key-Pins" $SITE_FILENAME; then
sed -i "/Public-Key-Pins/d" $SITE_FILENAME
echo $"Removed pinning for ${DOMAIN_NAME}"
systemctl restart nginx
fi
exit 0
fi
if [ ! -f "$KEY_FILENAME" ]; then if [ ! -f "$KEY_FILENAME" ]; then
echo $"No private key certificate found for $DOMAIN_NAME" echo $"No private key certificate found for $DOMAIN_NAME"
exit 1 exit 1