#!/bin/sh # SPDX-Version: 3.0 # SPDX-CreationInfo: 2025-06-03; WEIDNER, Marc S.; # SPDX-ExternalRef: GIT https://git.coresecret.dev/msw/draft-weidner-catalog-rr-ext.git # SPDX-FileContributor: WEIDNER, Marc S.; Centurion Intelligence Consulting Agency # SPDX-FileCopyrightText: 2024-2025; WEIDNER, Marc S.; # SPDX-FileType: SOURCE # SPDX-License-Identifier: EUPL-1.2 # SPDX-LicenseComment: This file is part of the draft-weidner-catalog-rr-ext framework. # SPDX-PackageName: draft-weidner-catalog-rr-ext # SPDX-Security-Contact: security@coresecret.eu # Usage: # sh build_caa-ct-sts.sh set -eu readonly OWN_DOMAIN="$1" readonly CAA_DOMAIN="$2" readonly CRIT__FLAG="$3" readonly CAA_CTS_TS="caa-ct-sts.${OWN_DOMAIN}.txt" case "${CRIT__FLAG}" in true|false) ;; *) echo "Error: CRIT_FLAG MUST be either 'true' or 'false'." >&2 exit 1 ;; esac :> "${CAA_CTS_TS}" { echo "### CAA-CT-STS Policy: $CAA_CTS_TS ###" echo "version: CAACTSTSv1" echo "max_age: 60" } > "${CAA_CTS_TS}" JSON=$(curl -fsSL https://www.gstatic.com/ct/log_list/v3/log_list.json) readonly JSON echo "${JSON}" | awk -v OWN="${OWN_DOMAIN}" -v CA="${CAA_DOMAIN}" -v CRIT="${CRIT__FLAG}" -v OUT="${CAA_CTS_TS}" ' BEGIN { FS="\""; } /{[[:space:]]*"description"/ { desc=""; url=""; start=""; endt=""; logid=""; key=""; } /"description":/ { desc = $4 gsub(/\047/, "", desc) } /"url":/ { url = $4 } /"start_inclusive":/ { start = $4 } /"end_exclusive":/ { endt = $4 } /"log_id":/ { logid = $4 } /"key":/ { key = $4 gsub(/\047/, "", key) } /"end_exclusive":/ { if (desc != "" && url != "" && start != "" && logid != "" && key != "") { printf "ct_policy: ( \"%s; critical=%s; desc='\''%s'\''; validfrom=%s; validtill=%s; cturi=%s; logid='\''%s'\''; pubkey='\''%s'\'';\" )\n", \ CA, CRIT, desc, start, endt, url, logid, key \ >> OUT } } ' echo "CAA-CT-STS Policy File: '${CAA_CTS_TS}' written." exit 0 # vim: number et ts=2 sw=2 sts=2 ai tw=128 ft=sh