#!/bin/sh RCol='\33[0m' # Text Reset # Regular Bold Underline High Intensity BoldHigh Intens Bla='\33[0;30m'; BBla='\33[1;30m'; UBla='\33[4;30m'; IBla='\33[0;90m'; BIBla='\33[1;90m'; Red='\33[0;31m'; BRed='\33[1;31m'; URed='\33[4;31m'; IRed='\33[0;91m'; BIRed='\33[1;91m'; Gre='\33[0;32m'; BGre='\33[1;32m'; UGre='\33[4;32m'; IGre='\33[0;92m'; BIGre='\33[1;92m'; Yel='\33[0;33m'; BYel='\33[1;33m'; UYel='\33[4;33m'; IYel='\33[0;93m'; BIYel='\33[1;93m'; Blu='\33[0;34m'; BBlu='\33[1;34m'; UBlu='\33[4;34m'; IBlu='\33[0;94m'; BIBlu='\33[1;94m'; Pur='\33[0;35m'; BPur='\33[1;35m'; UPur='\33[4;35m'; IPur='\33[0;95m'; BIPur='\33[1;95m'; Cya='\33[0;36m'; BCya='\33[1;36m'; UCya='\33[4;36m'; ICya='\33[0;96m'; BICya='\33[1;96m'; Whi='\33[0;37m'; BWhi='\33[1;37m'; UWhi='\33[4;37m'; IWhi='\33[0;97m'; BIWhi='\33[1;97m'; SYSLOG=1 help(){ cat < -u \\ -o -O -C HTTP timestamping client using openssl and curl (RFC 3161) arguments: * mandatory: -i : the input file to timestamp -u : the timestamp server url * optionnal: -l : enable logging to syslog -o : output timestamp file name (default: .ts) -O : openssl additionnal options (man ts for more details) -C : curl additionnal options (man curl for more details) EOF exit 1 } simple_logger(){ [ $SYSLOG -eq 0 ] && logger -t `basename $0` -p user.$1 $2 } clean(){ rm -f -- "$TMPREQ" } clean_exit(){ clean exit 1 } exit_error(){ msg=$1 simple_logger err "error, $msg" printf "${BIRed}[ERROR] ${IYel}%s${RCol}\n" "$msg" clean_exit } info(){ msg=$1 simple_logger debug "$msg" printf "${BIBlu}[INFO] ${RCol}%s${RCol}\n" "$msg" } success(){ msg=$1 simple_logger info "$msg" printf "${BIGre}[SUCCESS] ${RCol}%s${RCol}\n" "$msg" } trap clean_exit HUP INT TERM TMPREQ=`mktemp` REMOVE_TS=0 while getopts ":lhru:i:o:O:C:" opt; do case $opt in h) help;; l) SYSLOG=0;; u) TS_URL="$OPTARG";; i) INPUT_FILE="`readlink -f $OPTARG`";; o) OUTPUT_FILE="`readlink -f $OPTARG`";; O) OPENSSL_OPTS="$OPTARG";; C) CURL_OPTS="$OPTARG";; r) REMOVE_TS=1;; \?) echo "Invalid option: -$OPTARG" >&2; help; exit 1;; :) echo "Option -$OPTARG requires an argument." >&2; help; exit 1;; esac done # If no output file specified, output to .ts [ -z "$OUTPUT_FILE" ] && OUTPUT_FILE="${INPUT_FILE}.tsr" # Check that input file exists [ -f "$INPUT_FILE" ] || exit_error "Input file '$INPUT_FILE' doesn't exist" # Check that output file doesn't exit if [ $REMOVE_TS -eq 1 ] then [ -f "$OUTPUT_FILE" ] && rm -f "$OUTPUT_FILE" else ! [ -f "$OUTPUT_FILE" ] || exit_error "Output timestamp file '$OUTPUT_FILE' already exists" fi # Check that url is not empty ! [ -z "$TS_URL" ] || exit_error "Missing timestamp server url" info "Generating timestamp on file '$INPUT_FILE', to '$OUTPUT_FILE', using server '$TS_URL'" # Building the timestamp request with openssl openssl ts $OPENSSL_OPTS \ -query -data "$INPUT_FILE" \ -out "$TMPREQ" || exit_error "Request generation failed" # Submitting the timestamp request to the RFC 3161 server with curl curl "$TS_URL" $CURL_OPTS \ -H "Content-Type: application/timestamp-query" \ -f -g \ --data-binary @$TMPREQ \ -o "$OUTPUT_FILE" 2>/dev/null || exit_error "Timestamp query failed" openssl ts -verify -data "$INPUT_FILE" -in "$OUTPUT_FILE" 2>&1 | grep -q "asn1 encoding routines" && exit_error \ "Reponse doesn't appear to be a timestamp response" success "Timestamp of file '$INPUT_FILE' using server '$TS_URL' succeed, ts written to '$OUTPUT_FILE'" clean