[NRL-1700] Fixup sonarcloud warnings in truststore.sh

Author: mattdean3-nhs

scripts/truststore.sh

@@ -45,13 +45,15 @@ EOF"
     cat > ${outfile} <<EOF
 ${output}
 EOF
+
+    return 0
 }
 
 # build a certificate authority
 function _truststore_build_ca() {
-    if [ $# -ne 2 ]; then
+    if [[ $# -ne 2 ]]; then
         echo "Usage: $0 build-ca <name> <fqdn>"
-        exit 1
+        return 1
     fi
 
     env=$1
@@ -77,13 +79,14 @@ function _truststore_build_ca() {
 
     cat ./truststore/ca/$env.crt > ./truststore/server/$env.pem
     echo -e "✅ Successfully Built Server Truststore: $env"
+    return 0
 }
 
 # build a certificate
 function _truststore_build_cert() {
-    if [ $# -ne 3 ]; then
+    if [[ $# -ne 3 ]]; then
         echo "Usage: $0 build-cert <name> <ca> <fqdn>"
-        exit 1;
+        return 1;
     fi
 
     cert_name=$1
@@ -123,98 +126,104 @@ function _truststore_build_cert() {
     echo -e "✅ Successfully generated $cert_name keypair for ca=$ca_name (FQDN: $fqdn)"
     rm /tmp/client.conf
     rm truststore/client/$cert_name.csr
+    return 0
 }
 
 # Rotate a CA - archive the existing CA and build a new one
 # The previous CA is added to the new CA bundle (can be removed after clients have updated)
 function _truststore_rotate_ca() {
-    if [ $# -ne 2 ]; then
+    if [[ $# -ne 2 ]]; then
         echo "Usage: $0 rotate-ca <env> <fqdn>"
-        exit 1;
+        return 1;
     fi
 
-    env=$1
-    fqdn=$2
+    env="$1"
+    fqdn="$2"
 
     # Archive the existing ca certs
-    archive_date=$(date +%Y-%m-%d)
-    if [ -f "truststore/ca/$env.archived_$archive_date.crt" ] ||
-       [ -f "truststore/ca/$env.archived_$archive_date.key" ] ||
-       [ -f "truststore/server/$env.archived_$archive_date.pem" ]; then
-        echo "Error: Archive files already exist for date $archive_date - please resolve before rotating the CA"
-        exit 1
+    archive_date="$(date +%Y-%m-%d)"
+    if [[ -f "truststore/ca/$env.archived_$archive_date.crt" ]] ||
+       [[ -f "truststore/ca/$env.archived_$archive_date.key" ]] ||
+       [[ -f "truststore/server/$env.archived_$archive_date.pem" ]]; then
+        echo "Error: Archive files already exist for date $archive_date - please resolve before rotating the CA" 1>&2
+        return 1
     fi
 
-    mv truststore/ca/$env.crt truststore/ca/$env.archived_$archive_date.crt
-    mv truststore/ca/$env.key truststore/ca/$env.archived_$archive_date.key
-    mv truststore/server/$env.pem truststore/server/$env.archived_$archive_date.pem
+    mv "truststore/ca/$env.crt" "truststore/ca/$env.archived_$archive_date.crt"
+    mv "truststore/ca/$env.key" "truststore/ca/$env.archived_$archive_date.key"
+    mv "truststore/server/$env.pem" "truststore/server/$env.archived_$archive_date.pem"
 
     # Build a new CA
-    _truststore_build_ca $env $fqdn
+    _truststore_build_ca "$env" "$fqdn"
 
     # Add the previous CA to the new CA bundle (can be removed after clients have updated)
-    cat truststore/ca/$env.archived_$archive_date.crt >> truststore/server/$env.pem
+    cat "truststore/ca/$env.archived_$archive_date.crt" >> "truststore/server/$env.pem"
 
     echo -e "✅ Successfully rotated CA for $env - previous CA archived with date: $archive_date"
+    return 0
 }
 
 # Rotate a client cert - archive the existing cert and build a new one
 function _truststore_rotate_cert() {
-    if [ $# -ne 3 ]; then
+    if [[ $# -ne 3 ]]; then
         echo "Usage: $0 rotate-cert <env> <ca> <fqdn>"
         exit 1;
     fi
 
-    cert_name=$1
-    ca_name=$2
-    fqdn=$3
+    cert_name="$1"
+    ca_name="$2"
+    fqdn="$3"
 
     # Archive the existing client certs
     archive_date=$(date +%Y-%m-%d)
-    if [ -f "truststore/client/$cert_name.archived_$archive_date.crt" ] ||
-       [ -f "truststore/client/$cert_name.archived_$archive_date.key" ]; then
-        echo "Error: Archive files already exist for date $archive_date - please resolve before rotating the client cert"
-        exit 1
+    if [[ -f "truststore/client/$cert_name.archived_$archive_date.crt" ]] ||
+       [[ -f "truststore/client/$cert_name.archived_$archive_date.key" ]]; then
+        echo "Error: Archive files already exist for date $archive_date - please resolve before rotating the client cert" 1>&2
+        return 1
     fi
 
-    mv truststore/client/$cert_name.crt truststore/client/$cert_name.archived_$archive_date.crt
-    mv truststore/client/$cert_name.key truststore/client/$cert_name.archived_$archive_date.key
+    mv "truststore/client/$cert_name.crt" "truststore/client/$cert_name.archived_$archive_date.crt"
+    mv "truststore/client/$cert_name.key" "truststore/client/$cert_name.archived_$archive_date.key"
 
     # Build a new client cert
-    _truststore_build_cert $cert_name $ca_name $fqdn
+    _truststore_build_cert "$cert_name" "$ca_name" "$fqdn"
 
     echo -e "✅ Successfully rotated client cert for $cert_name - previous cert archived with date: $archive_date"
+    return 0
 }
 
 # Disable an archived CA by removing it from the server pem file
 function _disable_archived_ca() {
-    env=$1
-    cat truststore/ca/$env.crt > truststore/server/$env.pem
+    env="$1"
+    cat "truststore/ca/$env.crt" > "truststore/server/$env.pem"
 
     echo -e "✅ Successfully disabled archived CA for $env"
+    return 0
 }
 
 # Restore an archived CA by moving the archived files back to their original names
 function _restore_archived_ca() {
-    env=$1
-    archive_date=$2
+    env="$1"
+    archive_date="$2"
 
-    mv truststore/ca/$env.archived_$archive_date.crt truststore/ca/$env.crt
-    mv truststore/ca/$env.archived_$archive_date.key truststore/ca/$env.key
-    mv truststore/server/$env.archived_$archive_date.pem truststore/server/$env.pem
+    mv "truststore/ca/$env.archived_$archive_date.crt" "truststore/ca/$env.crt"
+    mv "truststore/ca/$env.archived_$archive_date.key" "truststore/ca/$env.key"
+    mv "truststore/server/$env.archived_$archive_date.pem" "truststore/server/$env.pem"
 
     echo -e "✅ Successfully restored archived CA for $env from date: $archive_date"
+    return 0
 }
 
 # Restore an archived client cert by moving the archived files back to their original names
 function _restore_archived_cert() {
-    env=$1
-    archive_date=$2
+    env="$1"
+    archive_date="$2"
 
-    mv truststore/client/$env.archived_$archive_date.crt truststore/client/$env.crt
-    mv truststore/client/$env.archived_$archive_date.key truststore/client/$env.key
+    mv "truststore/client/$env.archived_$archive_date.crt" "truststore/client/$env.crt"
+    mv "truststore/client/$env.archived_$archive_date.key" "truststore/client/$env.key"
 
     echo -e "✅ Successfully restored archived client cert for $env from date: $archive_date"
+    return 0
 }
 
 function _truststore_build_all() {
@@ -229,38 +238,56 @@ function _truststore_build_all() {
     _truststore_build_cert "ref"  "ref"  "ref.api.record-locator.ref.national.nhs.uk"
     _truststore_build_cert "qa"   "qa"   "api.qa.record-locator.national.nhs.uk"
     _truststore_build_cert "dev"  "dev"  "dev.api.record-locator.dev.national.nhs.uk"
+
+    echo -e "✅ Successfully built all truststore files"
+    return 0
 }
 
 function _truststore_pull_ca() {
     env=$1
     echo "Pulling ${env} ca certificate"
     aws s3 cp "s3://${BUCKET}/ca/${env}.crt" "truststore/ca/${env}.crt"
+
+    echo -e "✅ Successfully pulled ${env} ca certificate from s3://${BUCKET}"
+    return 0
 }
 
 function _truststore_pull_ca_key() {
     env=$1
     echo "Pulling ${env} ca private key"
     aws s3 cp "s3://${BUCKET}/ca/${env}.key" "truststore/ca/${env}.key"
+
+    echo -e "✅ Successfully pulled ${env} ca private key from s3://${BUCKET}"
+    return 0
 }
 
 function _truststore_pull_client() {
     env=$1
     echo "Pulling ${env} client certificate"
     aws s3 cp "s3://${BUCKET}/client/${env}.key" "truststore/client/${env}.key"
     aws s3 cp "s3://${BUCKET}/client/${env}.crt" "truststore/client/${env}.crt"
+
+    echo -e "✅ Successfully pulled ${env} client truststore files from s3://${BUCKET}"
+    return 0
 }
 
 function _truststore_pull_server() {
     env=$1
     echo "Pulling ${env} server trust certificate"
     aws s3 cp "s3://${BUCKET}/server/${env}.pem" "truststore/server/${env}.pem"
+
+    echo -e "✅ Successfully pulled ${env} server truststore files from s3://${BUCKET}"
+    return 0
 }
 
 function _truststore_pull_all() {
     env=$1
     _truststore_pull_ca $env
     _truststore_pull_client $env
     _truststore_pull_server $env
+
+    echo -e "✅ Successfully pulled all ${env} truststore files from s3://${BUCKET}"
+    return 0
 }
 
 function _truststore_push_all() {
@@ -276,7 +303,7 @@ function _truststore_push_all() {
         echo
         aws s3 cp "s3://${BUCKET}/$f" "${backup_dir}/$f" || echo "No existing file s3://${BUCKET}/$f to back up"
 
-        if [ -f "${backup_dir}/$f" ]
+        if [[ -f "${backup_dir}/$f" ]]
         then
             diff --brief "truststore/$f" "${backup_dir}/$f" || true
         fi
@@ -285,9 +312,9 @@ function _truststore_push_all() {
     echo
     echo -n "WARNING: You are about to upload files to the ${env} truststore - are you sure? [yes/NO] "
     read answer
-    if [ "$answer" != "yes" ]; then
-        echo "Aborting upload to ${env} truststore"
-        exit 1
+    if [[ "$answer" != "yes" ]]; then
+        echo "Aborting upload to ${env} truststore" 1>&2
+        return 1
     fi
 
     echo "Uploading ${env} ca certificate"
@@ -302,6 +329,9 @@ function _truststore_push_all() {
 
     echo "Uploading ${env} server trust certificate"
     aws s3 cp "truststore/server/${env}.pem" "s3://${BUCKET}/server/${env}.pem"
+
+    echo -e "✅ Successfully uploaded all ${env} truststore files to s3://${BUCKET}"
+    return 0
 }
 
 function _truststore() {