2020-06-20 00:51:54 -06:00
#!/bin/sh
#
## generate SRI checksums
#
### text formatting presets
if command -v tput > /dev/null; then
cyan=$(tput setaf 6)
err=$(tput bold)$(tput setaf 1)
magenta=$(tput setaf 5)
norm=$(tput sgr0)
ok=$(tput setaf 2)
else
cyan=''
err=''
magenta=''
norm=''
ok=''
fi
### trap
trap trapExit 1 2 3 6
### functions
displayError (){
printf "\n%sERROR: %s\n" "$err" "$2"
printf "Exiting now.%s\n\n" "$norm"
exit "$1"
}
scriptHelp (){
2020-06-20 04:48:17 -06:00
printf "\n%sUsage: %s%s %s[--help] [--sha256|--sha384|--sha512] %s--file /path/to/file1 %s[/path/to/file2 ...]%s --directory /directory/to/hash %s[--filter 'filter']%s\n\n" "$magenta" "$norm" "$scriptName" "$cyan" "$norm" "$cyan" "$norm" "$cyan" "$norm"
printf "If both '--file' and '--directory' are specified, *both* will be processed.\n\n"
2020-06-20 01:18:52 -06:00
printf "%s---parameters---%s\n" "$magenta" "$norm"
2020-06-20 04:48:17 -06:00
printf "%s-h|-?|--help%s: Show this help page\n" "$cyan" "$norm"
printf "%s-2|--sha256%s: Generate SHA256 SRI hash\n" "$cyan" "$norm"
printf "%s-3|--sha384%s: Generate SHA384 SRI hash (default)\n" "$cyan" "$norm"
printf "%s-5|--sha512%s: Generate SHA512 SRI hash\n" "$cyan" "$norm"
printf "%s-f|--file%s: Full path of the file(s) to hash. Space delimited list accepted.\n" "$cyan" "$norm"
printf "%s-d|--dir|--directory%s: Hash each file within specified directory.\n" "$cyan" "$norm"
printf "%s--filter%s: Only considered when processing a directory (-d flag). Will only hash files matching this filter. Eg: '*.css', 'file*.ext'\n\n" "$cyan" "$norm"
2020-06-20 01:18:52 -06:00
printf "%s---examples---%s\n" "$magenta" "$norm"
printf "Generate default SHA384 hash for styles.css located in the current directory:\n"
2020-06-20 04:48:17 -06:00
printf "%s./%s -f styles.css%s\n\n" "$cyan" "$scriptName" "$norm"
2020-06-20 01:18:52 -06:00
printf "Generate SHA512 hash for /var/www/js/script.js:\n"
2020-06-20 04:48:17 -06:00
printf "%s./%s -5 --file /var/www/js/script.js%s\n\n" "$cyan" "$scriptName" "$norm"
printf "Generate default SHA384 hashes for all files in ~/webpage/css/\n"
printf "%s./%s --directory ~/webpage/css%s\n\n" "$cyan" "$scriptName" "$norm"
printf "Generate default SHA384 hashes for all files with names starting with 'foo' within /var/www/includes/\n"
printf "%s./%s -d /var/www/includes --filter 'foo*'%s\n\n" "$cyan" "$scriptName" "$norm"
printf "Generate SHA256 hashes for all '.css' files in /var/www/css and 'script.js' in /var/www/js/\n"
printf "%s./%s -2 -f /var/www/js/script.js -d /var/www/css --filter '*.css'%s\n\n" "$cyan" "$scriptName" "$norm"
2020-06-20 00:51:54 -06:00
exit 0;
}
trapExit (){
printf "\n%sERROR: Caught signal. Exiting.%s\n\n" "$err" "$norm"
exit 99
}
### default variables
2020-06-20 01:18:52 -06:00
scriptName="$( basename "$0" )"
2020-06-20 03:09:11 -06:00
doDir=0
doFiles=0
2020-06-20 04:18:03 -06:00
unset hashDir
unset hashFiles
filter='*'
2020-06-20 00:51:54 -06:00
algo='sha384'
### check pre-requisites
if ! command -v openssl > /dev/null; then
displayError 2 'openSSL is not installed'
fi
### process startup parameters
if [ -z "$1" ]; then scriptHelp; fi
while [ $# -gt 0 ]; do
case "$1" in
-h|-\?|--help)
# display script help
scriptHelp
exit 0
;;
-2|--sha256)
# generate SRI using sha256
algo='sha256'
;;
-3|--sha384)
# generate SRI using sha384 (default)
algo='sha384'
;;
-5|--sha512)
# generate SRI using sha512
algo='sha512'
;;
2020-06-20 04:13:39 -06:00
-d|--dir*)
2020-06-20 03:09:11 -06:00
# verify directory exists
if [ -d "$2" ]; then
doDir=1
2020-06-20 04:13:24 -06:00
hashDir="${2%/}"
2020-06-20 03:39:03 -06:00
elif [ -z "$2" ]; then
displayError 1 "No directory specified."
2020-06-20 03:09:11 -06:00
else
displayError 1 "Directory '$2' does not exist."
fi
shift
;;
2020-06-20 00:51:54 -06:00
-f|--file)
2020-06-20 03:09:11 -06:00
# has supplied list of files
if [ -z "$2" ]; then
displayError 1 'No filename(s) specified.'
2020-06-20 00:51:54 -06:00
else
2020-06-20 03:09:11 -06:00
doFiles=1
hashFiles="$2"
2020-06-20 00:51:54 -06:00
fi
2020-06-20 03:09:11 -06:00
shift
2020-06-20 00:51:54 -06:00
;;
2020-06-20 04:19:08 -06:00
--filter)
if [ -z "$2" ]; then
displayError 1 'Filter cannot be blank.'
else
filter="$2"
fi
shift
;;
2020-06-20 00:51:54 -06:00
*)
# unknown option
printf "\n%sUnknown option: %s.\n" "$err" "$1"
printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
exit 1
;;
esac
shift
done
2020-06-20 03:09:11 -06:00
printf "\n"
2020-06-20 00:51:54 -06:00
### do SRI generation
2020-06-20 03:09:11 -06:00
if [ "$doDir" -eq 1 ]; then
2020-06-20 04:19:08 -06:00
for file in "$hashDir"/${filter}; do
2020-06-20 03:09:11 -06:00
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
if [ -z "$hash" ]; then
printf "%s --> unable to generate SRI hash\n" "$file"
else
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
fi
done
fi
if [ "$doFiles" -eq 1 ]; then
for file in $hashFiles; do
# verify file exists, then hash it
if [ -f "$file" ]; then
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
if [ -z "$hash" ]; then
printf "%s --> unable to generate SRI hash\n" "$file"
else
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
fi
else
printf "%s%s --> does not exist\n" "$err" "$file"
fi
done
2020-06-20 00:51:54 -06:00
fi
2020-06-20 03:09:11 -06:00
printf "\n"
2020-06-20 00:51:54 -06:00
exit 0
### error codes
# 0: no errors, normal execution
# 1: parameter error
# 2: cannot find openSSL binary
#EOF