Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add new line if not present in the clients.yml file #145

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
85 changes: 45 additions & 40 deletions DAPS/register_connector.sh
Original file line number Diff line number Diff line change
@@ -1,54 +1,59 @@
#!/bin/sh

if [ ! $# -ge 1 ] || [ ! $# -le 3 ]; then
echo "Usage: $0 NAME (SECURITY_PROFILE) (CERTFILE)"
exit 1
# Validate the number of arguments (1 to 3)
if [ "$#" -lt 1 ] || [ "$#" -gt 3 ]; then
echo "Usage: $0 NAME (SECURITY_PROFILE) (CERTFILE)"
exit 1
fi

CLIENT_NAME=$1

CLIENT_SECURITY_PROFILE=$2
[ -z "$CLIENT_SECURITY_PROFILE" ] && CLIENT_SECURITY_PROFILE="idsc:BASE_SECURITY_PROFILE"

CLIENT_CERT="keys/$CLIENT_NAME.cert"

SKI="$(openssl x509 -in "keys/${CLIENT_NAME}.cert" -noout -text | grep -A1 "Subject Key Identifier" | tail -n 1 | tr -d ' ')"
AKI="$(openssl x509 -in "keys/${CLIENT_NAME}.cert" -noout -text | grep -A1 "Authority Key Identifier" | tail -n 1 | tr -d ' ')"
# Extract SKI and AKI using openssl
SKI="$(openssl x509 -in "$CLIENT_CERT" -noout -text | grep -A1 "Subject Key Identifier" | tail -n 1 | tr -d ' ')"
AKI="$(openssl x509 -in "$CLIENT_CERT" -noout -text | grep -A1 "Authority Key Identifier" | tail -n 1 | tr -d ' ')"
SUB='keyid'

contains() {
string="$AKI"
substring="$SUB"
if test "${string#*$substring}" != "$string"
then
CLIENT_ID="$SKI:$AKI" # $substring is in $string
else
CLIENT_ID="$SKI:keyid:$AKI" # $substring is not in $string
fi
}

contains "$AKI" "$SUB"
# Determine CLIENT_ID based on presence of 'keyid' in AKI
if echo "$AKI" | grep -q "$SUB"; then
CLIENT_ID="$SKI:$AKI"
else
CLIENT_ID="$SKI:keyid:$AKI"
fi

CLIENT_CERT_SHA="$(openssl x509 -in "$CLIENT_CERT" -noout -sha256 -fingerprint | tr '[:upper:]' '[:lower:]' | tr -d : | sed 's/.*=//')"

cat >> config/clients.yml <<EOF
- client_id: $CLIENT_ID
client_name: $CLIENT_NAME
grant_types: client_credentials
token_endpoint_auth_method: private_key_jwt
scope: idsc:IDS_CONNECTOR_ATTRIBUTES_ALL
attributes:
- key: idsc
value: IDS_CONNECTOR_ATTRIBUTES_ALL
- key: securityProfile
value: $CLIENT_SECURITY_PROFILE
- key: referringConnector
value: http://${CLIENT_NAME}.demo
- key: "@type"
value: ids:DatPayload
- key: "@context"
value: https://w3id.org/idsa/contexts/context.jsonld
- key: transportCertsSha256
value: $CLIENT_CERT_SHA
import_certfile: $CLIENT_CERT
EOF
# Check if a client with the same client_id or client_name exists
CLIENT_EXISTS=$(yq eval '.[] | select(.client_id == "'"$CLIENT_ID"'" or .client_name == "'"$CLIENT_NAME"'")' config/clients.yml)

if [ -n "$CLIENT_EXISTS" ]; then
echo "Client with ID $CLIENT_ID or name $CLIENT_NAME already exists. Updating the existing entry."

# Update client_id, client_name, and transportCertsSha256 for the exact matching entry
yq eval -i '
map(
select(.client_id == "'"$CLIENT_ID"'" or .client_name == "'"$CLIENT_NAME"'") |=
(.client_id = "'"$CLIENT_ID"'" |
.client_name = "'"$CLIENT_NAME"'" |
(.attributes[] | select(.key == "transportCertsSha256").value) = "'"$CLIENT_CERT_SHA"'")
)
' config/clients.yml

echo "Client entry updated successfully."
exit 0
fi

# If the client does not exist, append the new client entry
echo "Adding new client entry to config/clients.yml."

# Ensure the file ends with a newline
if [ -n "$(tail -c 1 config/clients.yml)" ] && [ "$(tail -c 1 config/clients.yml)" != $'\n' ]; then
echo >>config/clients.yml
fi

# Append the new client entry
yq eval -i '. += [{"client_id": "'"$CLIENT_ID"'", "client_name": "'"$CLIENT_NAME"'", "grant_types": "client_credentials", "token_endpoint_auth_method": "private_key_jwt", "scope": "idsc:IDS_CONNECTOR_ATTRIBUTES_ALL", "attributes": [{"key": "idsc", "value": "IDS_CONNECTOR_ATTRIBUTES_ALL"}, {"key": "securityProfile", "value": "'"$CLIENT_SECURITY_PROFILE"'"}, {"key": "referringConnector", "value": "http://'"${CLIENT_NAME}"'.demo"}, {"key": "@type", "value": "ids:DatPayload"}, {"key": "@context", "value": "https://w3id.org/idsa/contexts/context.jsonld"}, {"key": "transportCertsSha256", "value": "'"$CLIENT_CERT_SHA"'"}], "import_certfile": "'"$CLIENT_CERT"'"}]' config/clients.yml

echo "Client entry added successfully."