bug fixes in sign-ca

1 files changed, 16 insertions, 10 deletions

diff --git a/sign-ca.in b/sign-ca.in
index ff0e0c5..cae09f2 100755
--- a/sign-ca.in
+++ b/sign-ca.in
@@ -10,14 +10,19 @@ if [ -r '#ETCDIR#/simple-pki/ca.conf' ]; then
   . '#ETCDIR#/simple-pki/ca.conf'
 fi
 
+if [ -n "${ca_user}" ] \
+&& [ "$(whoami)" != "${ca_user}" ]; then
+  exec su "${ca_user}" -c "$0"
+fi
+
 if [ -f "${key_dir}/${ca_name}.key.new" ] \
 && [ -f "${key_dir}/${ca_name}.crt.new" ]; then
   if [ "$(stat -c%Y "${key_dir}/${ca_name}.key.new")" -lt "$(($(date +%s)-60*60*24*30))" ] \
   || [ ! -f "${key_dir}/${ca_name}.key" ] \
   || [ "$(stat -c%Y "${key_dir}/${ca_name}.crt.new")" -lt "$(($(date +%s)-60*60*24*30))" ] \
   || [ ! -f "${key_dir}/${ca_name}.crt" ]; then
-    mv "${key_dir}/${host_key_file}.key"{.new,}
-    mv "${key_dir}/${host_key_file}.crt"{.new,}
+    mv "${key_dir}/${ca_name}.key"{.new,}
+    mv "${key_dir}/${ca_name}.crt"{.new,}
   fi
 fi
 
@@ -33,7 +38,7 @@ if [ ! -f "${key_dir}/${ca_name}.key.new" ] \
     -addext 'authorityKeyIdentifier = keyid:always, issuer' \
     -addext 'basicConstraints       = critical, CA:true' \
     -addext 'keyUsage               = keyCertSign, cRLSign'
-done
+fi
 
 rsync --ignore-missing-args \
   "${key_dir}/${ca_name}.crt"{.new,} \
@@ -41,13 +46,14 @@ rsync --ignore-missing-args \
 
 (
   cd "${key_dir}"
-  printf '%s %s\n' "$(
-    date -u --iso-8601=seconds -d@$(stat -c%Y "${ca_name}.key") \
-    | cut -d+ -f1
-  )" "$(
-    sha512sum "${ca_name}.key" \
-    | sed 's/\s\+/ /'
-  )"
+  find . -maxdepth 1 \
+    -type f \( -name "${ca_name}"'.crt' -o -name "${ca_name}"'.crt.new' \) \
+    -printf '%TY-%Tm-%TdT%TT ' \
+    -exec sha512sum {} \; \
+  | sed '
+    s/\.[0-9]\+ / /
+    s@\s\s\+\(\S\+/\)\?@ @
+  '
 ) \
 | ssh "${remote_host}" '
   cd "'"${remote_dir}"'"