Style fixes

[zeasypki.git] / zeasypki

diff --git a/zeasypki b/zeasypki
index 911a0427acb944918aeca78ec6e29a7cf622530f..230acf7ed796c01b710a73ddd8fba1977d711063 100755 (executable)
--- a/zeasypki
+++ b/zeasypki
@@ -1,23 +1,23 @@
 #!/usr/bin/env zsh
 # zeasypki -- easy PKI
-# Copyright (C) 2022 Sergey Matveev <stargrave@stargrave.org>
+# Copyright (C) 2022-2024 Sergey Matveev <stargrave@stargrave.org>
 
-set -e
+setopt ERR_EXIT PIPE_FAIL
 
-KEY_ENCRYPT_RECIPIENT=${KEY_ENCRYPT_RECIPIENT:-12AD32689C660D426967FD75CB8205632107AD8A}
 COUNTRY=${COUNTRY:-RU}
 
-# Turn on PyGOST utilities
-path=(~/local/stow/py310/bin ~/work/pygost/pygost/asn1schemas $path)
-export -TU PYTHONPATH pythonpath
-pythonpath=(~/work/pygost ~/work/pyderasn)
+path=(
+    ~/work/gogost/cmd/cer-selfsigned-example
+    ~/work/gogost/cmd/cer-dane-hash
+    $path
+)
 
 key_encrypt() {
-    gpg --encrypt --recipient $KEY_ENCRYPT_RECIPIENT
+    age -R ~/.age/general.pub
 }
 
 key_decrypt() {
-    gpg --decrypt
+    age -d -i ~/.age/general.age
 }
 
 # ------------------------ >8 ------------------------
@@ -42,9 +42,11 @@ zmodload -F zsh/files b:zf_mkdir
 zmodload zsh/mapfile
 
 key_get() {
-    [[ -s $1/key.pem ]] &&
-        REPLY=`< ${1}/key.pem` ||
+    if [[ -s $1/key.pem ]] ; then
+        REPLY=`< ${1}/key.pem`
+    else
         REPLY=`key_decrypt < ${1}/key.pem.enc`
+    fi
 }
 
 certtool_genkey() {
@@ -60,7 +62,6 @@ ca_new_xdsa() {
     trap "rm -f $key $tmpl $cert" HUP PIPE INT QUIT TERM EXIT
     cat > $tmpl <<EOF
 dn = "cn=$domain,c=$COUNTRY"
-serial = 1
 expiration_days = 3650
 ca
 cert_signing_key
@@ -91,7 +92,7 @@ ee_key_new_eddsa() {
 }
 
 ee_key_new_gost() {
-    cert-selfsigned-example.py --cn does-not-matter --ai 256A --only-key
+    cer-selfsigned-example -cn does-not-matter -ai 256A -only-key
 }
 
 ee_renew_xdsa() {
@@ -138,13 +139,14 @@ ee_renew_gost() {
     trap "rm -f $cakey $key $cert" HUP PIPE INT QUIT TERM EXIT
     key_get ca/gost/$ca
     mapfile[$cakey]=$REPLY
+    print >> $cakey
     cat >> $cakey < ca/gost/$ca/cer.pem
     key_get ee/gost/$ca/$domain
     mapfile[$key]=$REPLY
-    cert-selfsigned-example.py \
-        --issue-with $cakey \
-        --reuse-key $key \
-        --cn $domain --country $COUNTRY --ai 256A
+    cer-selfsigned-example \
+        -issue-with $cakey \
+        -reuse-key $key \
+        -cn $domain -country $COUNTRY -ai 256A
 }
 
 ca_new_gost() {
@@ -152,14 +154,13 @@ ca_new_gost() {
     local key=`mktemp`
     local cert=`mktemp`
     trap "rm -f $key $cert" HUP PIPE INT QUIT TERM EXIT
-    cert-selfsigned-example.py \
-        --ca \
-        --cn $domain \
-        --country $COUNTRY \
-        --serial 1 \
-        --ai 512C \
-        --out-key $key \
-        --out-cert $cert
+    cer-selfsigned-example \
+        -ca \
+        -cn $domain \
+        -country $COUNTRY \
+        -ai 512C \
+        -out-key $key \
+        -out-cert $cert
     reply=(${mapfile[$key]} ${mapfile[$cert]})
 }
 
@@ -172,7 +173,7 @@ dane_eddsa() {
 }
 
 dane_gost() {
-    cert-dane-hash.py
+    cer-dane-hash
 }
 
 case $1 in
@@ -182,7 +183,7 @@ case $1 in
     domain=$3
     dst=ca/$algo/$domain
     zf_mkdir -p $dst
-    [[ -s $dst/key.pem ]] && {
+    [[ ! -s $dst/key.pem ]] || {
         print $dst/key.pem already exists >&2
         exit 1
     }
@@ -214,7 +215,7 @@ case $1 in
     dst=ee/$algo/$ca/$domain
     [[ $dst = $2 ]]
     zf_mkdir -p $dst
-    [[ -s $dst/key.pem ]] && {
+    [[ ! -s $dst/key.pem ]] || {
         print $dst/key.pem already exists >&2
         exit 1
     }
@@ -247,7 +248,7 @@ case $1 in
     export LC_ALL=C
     for cer (**/cer.pem) {
         certtool --certificate-info < $cer | while read line ; do
-            [[ $line =~ "^\s*Not After: .*" ]] && break
+            [[ ! $line =~ "^Not After: .*" ]] || break
         done
         [[ $MATCH ]]
         # Not After: Sat Jul 02 10:02:29 UTC 2022