make-ca: remove workarounds and use certdata.txt values first, remove trailing spaces from x509 Subject derived p11label.

2021-08-08 00:26:59 -05:00 · 2021-08-08 00:26:59 -05:00 · 53ac95f8fd
commit 53ac95f8fd
parent 2c1da33970
1 changed files with 21 additions and 15 deletions
--- a/36
+++ b/36
@ -462,30 +462,36 @@ function get_p11_label() {
  # $1 == individual nss certificate extracted from certdata.txt
  #       or x509 certificate with OpenSSL text values

-  # Get the subject line for any certs and do some early normalization
-  subjectline=$(grep -m1 "Subject:" ${1} | sed -e 's@\s*=\s*@=@g' \
-                     -e "s@(@ - @g" -e "s@)@ - @g" -e 's@\\@-@g' )
+  # Start with the label assigned by Mozilla
+  p11label=$(grep -m1 "^CKA_LABEL" ${1} | cut -d '"' -f 2 | sed 's@"@@g')

-  # Try for CN first (and further normalize)
-  p11label="$(echo ${subjectline} | grep -o "CN=.*$" | cut -d '=' -f 2 | \
-              sed -e 's@[A-Z]*$@@g' -e 's@, $@@' -e 's@"@@g' -e 's@,@@g')"
+  # If not coming from certdata.txt, get from x509 Subject line
+  if [ "${p11label}" == "" ]; then
+    # Get the subject line for any certs and do some early normalization
+    subjectline=$(grep -m1 "Subject:" ${1} | sed -e 's@\s*=\s*@=@g' \
+                       -e "s@(@ - @g" -e "s@)@ - @g" -e 's@\\@-@g' )

-  # Special case for NetLock Arany certs
-  echo ${p11label} | grep -q "^NetLock" && p11label="NetLock Arany - Class Gold"
+    # Try for CN Next (and further normalize) if not from certdata.txt
+    p11label="$(echo ${subjectline} | grep -o "CN=.*$" | cut -d '=' -f 2 | \
+                sed -e 's@[A-Z]*$@@g' -e 's@, $@@' -e 's@"@@g' \
+                    -e 's@,@@g' -e 's@ $@@')"

-  # Fallback to the last OU value if CN does not exeist in Subject string
-  ## Special case for GlobalSign certs
-  if [ "${p11label}" == "" -o "${p11label}" == "GlobalSign" ]; then
-      p11label="$(echo ${subjectline} | grep -o "OU=.*$" | \
-                  sed 's@OU=.*, OU=@OU=@g'| cut -d '=' -f 2 | \
-                  sed -e 's@[A-Z]*$@@' -e 's@, $@@' -e 's@"@@g' -e 's@,@@g')"
+    # Fallback to the last OU value if CN does not exeist in Subject string
+    ## Special case for GlobalSign certs
+    if [ "${p11label}" == "" ]; then
+        p11label="$(echo ${subjectline} | grep -o "OU=.*$" | \
+                    sed 's@OU=.*, OU=@OU=@g'| cut -d '=' -f 2 | \
+                    sed -e 's@[A-Z]*$@@' -e 's@, $@@' -e 's@"@@g' \
+                        -e 's@,@@g' -e 's@ $@@')"

      # If still empty, fall back to Object value as a last resort
      if [ "${p11label}" == "" ]; then
          p11label="$(echo ${subjectline} | grep -o "O=.*$" | \
                      cut -d '=' -f 2 | sed -e 's@[A-Z]*$@@g' \
-                      -e 's@, $@@' -e 's@"@@g' -e 's@,@@g')"
+                          -e 's@, $@@' -e 's@"@@g' \
+                          -e 's@,@@g' -e 's@ $@@')"
      fi
+    fi
  fi
 }