open-infrastructure-service-tools/dehydrated/share/hooks/exit_hook.extra-cleanup

#!/bin/sh

# Open Infrastructure: service-tools

# Copyright (C) 2014-2024 Daniel Baumann <daniel.baumann@open-infrastructure.net>
#
# SPDX-License-Identifier: GPL-3.0+
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <https://www.gnu.org/licenses/>.

set -e

echo -n " + Cleanup extra certificate files..."

for EXTRA in root intermediate fullchain_privkey privkey_fullchain root_intermediate_cert
do
	for CERTIFICATE in "${CERTDIR}"/*/
	do
		if ! ls "${CERTIFICATE}"/${EXTRA}*.pem > /dev/null 2>&1
		then
			continue
		fi

		SYMLINK="${CERTIFICATE}/${EXTRA}.pem"
		ORIGINAL="$(readlink -f "${SYMLINK}")"

		if [ -e "${SYMLINK}" ] && [ ! -e "${ORIGINAL}" ]
		then
			# remove dangling symlink
			rm -f "${SYMLINK}"
		fi

		if [ -e "${SYMLINK}.ocsp" ] && [ ! -e "${ORIGINAL}.ocsp" ]
		then
			# remove dangling symlink
			rm -f "${SYMLINK}.ocsp"
		fi

		if [ -e "${SYMLINK}" ]
		then
			for FILE in "${CERTIFICATE}/${EXTRA}"-[0-9]*.pem
			do
				case "$(basename "${FILE}")" in
					"$(basename "${ORIGINAL}")")
						continue
						;;

					*)
						# archive unused files
						ARCHIVE="${BASEDIR}/archive/$(basename "${CERTIFICATE}")"
						mkdir -p "${ARCHIVE}"

						mv "${FILE}" "${ARCHIVE}"

						if [ -e "${FILE}.ocsp" ]
						then
							mv "${FILE}.ocsp" "${ARCHIVE}"
						fi
						;;
				esac
			done
		fi
	done
done

echo " done."