160 lines
4.4 KiB
Bash
Executable File
160 lines
4.4 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
#
|
|
## generate SRI checksums
|
|
#
|
|
|
|
### text formatting presets
|
|
if command -v tput > /dev/null; then
|
|
cyan=$(tput setaf 6)
|
|
err=$(tput bold)$(tput setaf 1)
|
|
magenta=$(tput setaf 5)
|
|
norm=$(tput sgr0)
|
|
ok=$(tput setaf 2)
|
|
else
|
|
cyan=''
|
|
err=''
|
|
magenta=''
|
|
norm=''
|
|
ok=''
|
|
fi
|
|
|
|
### trap
|
|
trap trapExit 1 2 3 6
|
|
|
|
### functions
|
|
displayError (){
|
|
printf "\n%sERROR: %s\n" "$err" "$2"
|
|
printf "Exiting now.%s\n\n" "$norm"
|
|
exit "$1"
|
|
}
|
|
|
|
scriptHelp (){
|
|
printf "\n%sUsage: %s%s %s[--help] [--sha256|--sha384|--sha512] --file /file/to/hash%s\n\n" "$magenta" "$norm" "$scriptName" "$cyan" "$norm"
|
|
printf "%s---parameters---%s\n" "$magenta" "$norm"
|
|
printf "%s-h|-?|--help%s: show this help page\n" "$cyan" "$norm"
|
|
printf "%s-2|--sha256%s: generate SHA256 SRI hash\n" "$cyan" "$norm"
|
|
printf "%s-3|--sha384%s: generate SHA384 SRI hash (default)\n" "$cyan" "$norm"
|
|
printf "%s-5|--sha512%s: generate SHA512 SRI hash\n" "$cyan" "$norm"
|
|
printf "%s-f|--file%s: full path to the file for which you wish the SRI hash generated (required)\n\n" "$cyan" "$norm"
|
|
printf "%s---examples---%s\n" "$magenta" "$norm"
|
|
printf "Generate default SHA384 hash for styles.css located in the current directory:\n"
|
|
printf "%s%s -f styles.css%s\n\n" "$cyan" "$scriptName" "$norm"
|
|
printf "Generate SHA512 hash for /var/www/js/script.js:\n"
|
|
printf "%s%s -5 --file /var/www/js/script.js%s\n\n" "$cyan" "$scriptName" "$norm"
|
|
exit 0;
|
|
}
|
|
|
|
trapExit (){
|
|
printf "\n%sERROR: Caught signal. Exiting.%s\n\n" "$err" "$norm"
|
|
exit 99
|
|
}
|
|
|
|
### default variables
|
|
scriptName="$( basename "$0" )"
|
|
doDir=0
|
|
doFiles=0
|
|
unset hashDir
|
|
unset hashFiles
|
|
filter='*'
|
|
algo='sha384'
|
|
|
|
### check pre-requisites
|
|
if ! command -v openssl > /dev/null; then
|
|
displayError 2 'openSSL is not installed'
|
|
fi
|
|
|
|
### process startup parameters
|
|
if [ -z "$1" ]; then scriptHelp; fi
|
|
while [ $# -gt 0 ]; do
|
|
case "$1" in
|
|
-h|-\?|--help)
|
|
# display script help
|
|
scriptHelp
|
|
exit 0
|
|
;;
|
|
-2|--sha256)
|
|
# generate SRI using sha256
|
|
algo='sha256'
|
|
;;
|
|
-3|--sha384)
|
|
# generate SRI using sha384 (default)
|
|
algo='sha384'
|
|
;;
|
|
-5|--sha512)
|
|
# generate SRI using sha512
|
|
algo='sha512'
|
|
;;
|
|
-d|--dir*)
|
|
# verify directory exists
|
|
if [ -d "$2" ]; then
|
|
doDir=1
|
|
hashDir="${2%/}"
|
|
elif [ -z "$2" ]; then
|
|
displayError 1 "No directory specified."
|
|
else
|
|
displayError 1 "Directory '$2' does not exist."
|
|
fi
|
|
shift
|
|
;;
|
|
-f|--file)
|
|
# has supplied list of files
|
|
if [ -z "$2" ]; then
|
|
displayError 1 'No filename(s) specified.'
|
|
else
|
|
doFiles=1
|
|
hashFiles="$2"
|
|
fi
|
|
shift
|
|
;;
|
|
*)
|
|
# unknown option
|
|
printf "\n%sUnknown option: %s.\n" "$err" "$1"
|
|
printf "%sUse '--help' for valid options.%s\n\n" "$cyan" "$norm"
|
|
exit 1
|
|
;;
|
|
esac
|
|
shift
|
|
done
|
|
printf "\n"
|
|
|
|
### do SRI generation
|
|
if [ "$doDir" -eq 1 ]; then
|
|
for file in "$hashDir"/*; do
|
|
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
|
|
if [ -z "$hash" ]; then
|
|
printf "%s --> unable to generate SRI hash\n" "$file"
|
|
else
|
|
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
if [ "$doFiles" -eq 1 ]; then
|
|
for file in $hashFiles; do
|
|
# verify file exists, then hash it
|
|
if [ -f "$file" ]; then
|
|
hash=$( openssl dgst -${algo} -binary "$file" | openssl base64 -A) > /dev/null 2>&1
|
|
if [ -z "$hash" ]; then
|
|
printf "%s --> unable to generate SRI hash\n" "$file"
|
|
else
|
|
printf "%s%s --> %s%s-%s%s\n" "$magenta" "$file" "$ok" "$algo" "$hash" "$norm"
|
|
fi
|
|
else
|
|
printf "%s%s --> does not exist\n" "$err" "$file"
|
|
fi
|
|
done
|
|
fi
|
|
|
|
printf "\n"
|
|
exit 0
|
|
|
|
|
|
### error codes
|
|
# 0: no errors, normal execution
|
|
# 1: parameter error
|
|
# 2: cannot find openSSL binary
|
|
# 3: cannot find specified file for which to generate hash
|
|
# 4: error occured while executing openssl
|
|
|
|
#EOF |