the script checks and verifiies all server and client certificates (#279

)
toniebox-reverse-engineering · Dec 29, 2024 · c28092b · c28092b
1 parent 99b4a94
commit c28092b
Showing 1 changed file with 33 additions and 19 deletions.
diff --git a/contrib/verify-tc-certificates.sh b/contrib/verify-tc-certificates.sh
@@ -3,43 +3,57 @@ echo "-----------------------------------"
 echo "Checking teddyCloud certificates..."
 echo "-----------------------------------"
 
-# check server and default client certs
-files=( "server/ca.der" "server/ca-key.pem" "server/ca-root.pem" "client/ca.der" "client/client.der" "client/private.der" )
+# check server certificates
+files=( "ca.der" "ca-key.pem" "ca-root.pem" "ca-root.srl" "teddy-cert.pem" "teddy-key.csr" "teddy-key.pem" )
+echo -e "\nServer:"
+echo "-------"
 for file in "${files[@]}"
 do
   filename=$(echo -en "$file: ")
-  status=$([ -f "$certs_path/$file" ] && echo -e "\e[32mOK\e[0m" || echo -e "\e[31mFile not found!\e[0m")
+  status=$([ -f "$certs_path/server/$file" ] && echo -e "\e[32mOK\e[0m" || echo -e "\e[31mFile not found!\e[0m")
   # TeddyCloud CA validation
-  if [[ $file == "server/ca.der" ]]; then
+  if [[ $file == "ca.der" ]]; then
     if [ -f "$certs_path/$file" ] && [ $(cat "$certs_path/$file" | grep -c "Teddy.* CA") -eq 0 ]; then
       status=$(echo -e "\e[31mWrong server CA, not from Teddycloud!\e[0m")
     fi
   fi
+  printf "%-26s %-10s\n" "$filename" "$status"
+done
+
+# check default client certificates
+files=( "ca.der" "client.der" "private.der" )
+echo -e "\nClient (default):"
+echo "-----------------"
+for file in "${files[@]}"
+do
+  filename=$(echo -en "$file: ")
+  status=$([ -f "$certs_path/client/$file" ] && echo -e "\e[32mOK\e[0m" || echo -e "\e[31mFile not found!\e[0m")
   # Boxine CA validation
-  if [[ $file == "client/ca.der" ]]; then
-    if [ -f "$certs_path/$file" ] && [ $(cat "$certs_path/$file" | grep -c "Boxine CA") -eq 0 ]; then
+  if [[ $file == "ca.der" ]]; then
+    if [ -f "$certs_path/client/$file" ] && [ $(cat "$certs_path/client/$file" | grep -c "Boxine CA") -eq 0 ]; then
       status=$(echo -e "\e[31mWrong client CA, not from Boxine!\e[0m")
     fi
   fi
   printf "%-26s %-10s\n" "$filename" "$status"
 done
 
-# check client certs for each box
-client_files=( "ca.der" "client.der" "private.der" )
+# check client certificates for each box id
+echo -e "\nClient per box:"
+echo "---------------"
 for dir in $certs_path/client/*/ 
 do
     box_path=${dir%*/} 
-    box_id=${box_path##*/}
-    for file in "${client_files[@]}" 
+    box_id=${box_path##*/}  
+    for file in "${files[@]}" 
     do
-	filename=$(echo -en "$box_id/$file: ")
-	status=$([ -f "$box_path/$file" ] && echo -e "\e[32mOK\e[0m" || echo -e "\e[31mFile not found!\e[0m")
-	# Boxine CA validation
-	if [[ $file == "ca.der" ]]; then
-	  if [ -f "$box_path/$file" ] && [ $(cat "$box_path/$file" | grep -c "Boxine CA") -eq 0 ]; then
-            status=$(echo -e "\e[31mWrong client CA, not from Boxine!\e[0m")
-          fi
-	fi
-	printf "%-26s %-10s\n" "$filename" "$status"
+      filename=$(echo -en "$box_id/$file: ")
+      status=$([ -f "$box_path/$file" ] && echo -e "\e[32mOK\e[0m" || echo -e "\e[31mFile not found!\e[0m")
+      # Boxine CA validation
+      if [[ $file == "ca.der" ]]; then
+        if [ -f "$box_path/$file" ] && [ $(cat "$box_path/$file" | grep -c "Boxine CA") -eq 0 ]; then
+                status=$(echo -e "\e[31mWrong client CA, not from Boxine!\e[0m")
+              fi
+      fi
+      printf "%-26s %-10s\n" "$filename" "$status"
     done
 done