From 99b982a589ca0a608cb0845638567e278da9084b Mon Sep 17 00:00:00 2001
From: Sergey Matveev <stargrave@stargrave.org>
Date: Thu, 17 Mar 2022 17:14:14 +0300
Subject: [PATCH] More pure zsh, simplify code

---
 zeasypki | 73 +++++++++++++++++++++++++++-----------------------------
 1 file changed, 35 insertions(+), 38 deletions(-)

diff --git a/zeasypki b/zeasypki
index ba52090..d6e8fce 100755
--- a/zeasypki
+++ b/zeasypki
@@ -4,23 +4,20 @@
 
 set -e
 
-CERTTOOL=${CERTTOOL:-certtool}
-GPG=${GPG:-gpg}
 KEY_ENCRYPT_RECIPIENT=${KEY_ENCRYPT_RECIPIENT:-CF60E89A59231E76E2636422AE1A8109E49857EF}
 COUNTRY=${COUNTRY:-RU}
 
-goston() {
-    path=(~/local/stow/py310/bin ~/work/pygost/pygost/asn1schemas $path)
-    export -TU PYTHONPATH pythonpath
-    pythonpath=(~/work/pygost ~/work/pyderasn)
-}
+# Turn on PyGOST utilities
+path=(~/local/stow/py310/bin ~/work/pygost/pygost/asn1schemas $path)
+export -TU PYTHONPATH pythonpath
+pythonpath=(~/work/pygost ~/work/pyderasn)
 
 key_encrypt() {
-    ${=GPG} --encrypt --recipient $KEY_ENCRYPT_RECIPIENT
+    gpg --encrypt --recipient $KEY_ENCRYPT_RECIPIENT
 }
 
 key_decrypt() {
-    ${=GPG} --decrypt
+    gpg --decrypt
 }
 
 # ------------------------ >8 ------------------------
@@ -51,8 +48,7 @@ key_get() {
 }
 
 certtool_genkey() {
-    local bits=$1
-    ${=CERTTOOL} --generate-privkey --ecc --bits $bits --no-text
+    certtool --generate-privkey --ecc --bits $1 --no-text
 }
 
 ca_new_ecdsa() {
@@ -69,7 +65,7 @@ ca
 cert_signing_key
 EOF
     certtool_genkey 512 > $key
-    ${=CERTTOOL} \
+    certtool \
         --generate-self-signed \
         --load-privkey $key \
         --template $tmpl \
@@ -82,7 +78,6 @@ ee_key_new_ecdsa() {
 }
 
 ee_key_new_gost() {
-    goston
     cert-selfsigned-example.py --cn does-not-matter --ai 256A --only-key
 }
 
@@ -104,7 +99,7 @@ expiration_days = 365
 signing_key
 dns_name = "$domain"
 EOF
-    ${=CERTTOOL} \
+    certtool \
         --load-ca-certificate ca/ecdsa/$ca/cer.pem \
         --load-ca-privkey $cakey \
         --generate-certificate \
@@ -115,7 +110,6 @@ EOF
 ee_renew_gost() {
     local ca=$1
     local domain=$2
-    goston
     local cakey=`mktemp`
     local key=`mktemp`
     local cert=`mktemp`
@@ -133,7 +127,6 @@ ee_renew_gost() {
 
 ca_new_gost() {
     local domain=$1
-    goston
     local key=`mktemp`
     local cert=`mktemp`
     trap "rm -f $key $cert" HUP PIPE INT QUIT TERM EXIT
@@ -149,27 +142,26 @@ ca_new_gost() {
 }
 
 dane_ecdsa() {
-    ${=CERTTOOL} --key-id --hash=sha256
+    certtool --key-id --hash=sha256
 }
 
 dane_gost() {
-    goston
     cert-dane-hash.py
 }
 
 case $1 in
 (ca)
     [[ $# -eq 3 ]] || usage
-    local algo=$2
-    local domain=$3
-    local dst=ca/$algo/$domain
+    algo=$2
+    domain=$3
+    dst=ca/$algo/$domain
     zf_mkdir -p $dst
     [[ -s $dst/key.pem ]] && {
         print $dst/key.pem already exists >&2
         exit 1
     }
     ca_new_${algo} $domain
-    local _umask=`umask`
+    _umask=`umask`
     umask 077
     mapfile[${dst}/key.pem]=${reply[1]}
     umask $_umask
@@ -178,7 +170,7 @@ case $1 in
     ;;
 (encrypt)
     [[ $# -eq 2 ]] || usage
-    local key=$2/key.pem
+    key=$2/key.pem
     [[ -s $key ]] || {
         print no $key found >&2
         exit 1
@@ -189,18 +181,18 @@ case $1 in
     ;;
 (new)
     [[ $# -eq 2 ]] || usage
-    local cols=(${(s:/:)2})
-    local algo=${cols[2]}
-    local ca=${cols[3]}
-    local domain=${cols[4]}
-    local dst=ee/$algo/$ca/$domain
+    cols=(${(s:/:)2})
+    algo=${cols[2]}
+    ca=${cols[3]}
+    domain=${cols[4]}
+    dst=ee/$algo/$ca/$domain
     [[ $dst = $2 ]]
     zf_mkdir -p $dst
     [[ -s $dst/key.pem ]] && {
         print $dst/key.pem already exists >&2
         exit 1
     }
-    local _umask=`umask`
+    _umask=`umask`
     umask 077
     ee_key_new_${algo} > $dst/key.pem
     umask $_umask
@@ -208,10 +200,10 @@ case $1 in
     ;;
 (renew)
     [[ $# -eq 2 ]] || usage
-    local cols=(${(s:/:)2})
-    local algo=${cols[2]}
-    local ca=${cols[3]}
-    local domain=${cols[4]}
+    cols=(${(s:/:)2})
+    algo=${cols[2]}
+    ca=${cols[3]}
+    domain=${cols[4]}
     ee_renew_${algo} $ca $domain > ee/$algo/$ca/$domain/cer.pem
     ;;
 (dane)
@@ -225,13 +217,18 @@ case $1 in
     cat $2/cer.pem
     ;;
 (rem)
-    setopt GLOB_STAR_SHORT
+    zmodload -F zsh/datetime b:strftime
     export LC_ALL=C
     for cer (**/cer.pem) {
-        date_bad_format=`certtool -i < $cer |
-        perl -ne '/Not After: \w+ (\w+ \d+ \d+:\d+):\d+ UTC (\d+)/ && print "$1 $2"'`
-        date_good_format=`date -j -f "%b %d %H:%M %Y" "$date_bad_format" +"%Y-%m-%d"`
-        print REM $date_good_format +30 MSG $cer
+        certtool --certificate-info < $cer | while read line ; do
+            [[ $line =~ "^\s*Not After: .*" ]] && break
+        done
+        [[ $MATCH ]]
+        # Not After: Sat Jul 02 10:02:29 UTC 2022
+        cols=(${=MATCH})
+        strftime -s ts_ugly -r "%b %d %H:%M:%S UTC %Y" ${(j: :)cols[4,-1]}
+        strftime -s ts_good %F $ts_ugly
+        print REM $ts_good +30 MSG $cer
     }
     ;;
 (list) print -C1 ee/*/*/*(/on) ;;
-- 
2.44.0