From 533e79ba959143f0459431a486bfb85c56c72ddc Mon Sep 17 00:00:00 2001
From: luisgulo <luisgulo@gmail.com>
Date: Fri, 24 Oct 2025 18:01:10 +0200
Subject: Releasing code version 1.8.0

---
 core/modules/openssl.sh | 141 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 141 insertions(+)
 create mode 100644 core/modules/openssl.sh

(limited to 'core/modules/openssl.sh')

diff --git a/core/modules/openssl.sh b/core/modules/openssl.sh
new file mode 100644
index 0000000..d872dca
--- /dev/null
+++ b/core/modules/openssl.sh
@@ -0,0 +1,141 @@
+#!/bin/bash
+# Module: openssl
+# Description: Gestiona certificados y claves con OpenSSL (convertir, inspeccionar, instalar como CA)
+# License: GPLv3
+# Author: Luis GuLo
+# Version: 1.1.0
+# Dependencies: openssl, sudo, bash
+
+openssl_task() {
+  local host="$1"; shift
+  check_dependencies_openssl || return 1
+
+  local state="" src="" dest="" format="" password="" alias="" trust_path="" become="false"
+  for arg in "$@"; do
+    case "$arg" in
+      state=*) state="${arg#state=}" ;;
+      src=*) src="${arg#src=}" ;;
+      dest=*) dest="${arg#dest=}" ;;
+      format=*) format="${arg#format=}" ;;
+      password=*) password="${arg#password=}" ;;
+      alias=*) alias="${arg#alias=}" ;;
+      trust_path=*) trust_path="${arg#trust_path=}" ;;
+      become=*) become="${arg#become=}" ;;
+    esac
+  done
+
+  local sudo_cmd=""
+  [[ "$become" == "true" ]] && sudo_cmd="sudo"
+
+  # 🌐 Cargar traducciones
+  local lang="${shflow_vars[language]:-es}"
+  local trfile="$(dirname "${BASH_SOURCE[0]}")/openssl.tr.${lang}"
+  declare -A tr
+  if [[ -f "$trfile" ]]; then
+    while IFS='=' read -r k v; do tr["$k"]="$v"; done < "$trfile"
+  fi
+
+  case "$state" in
+    convert)
+      if [[ -z "$src" || -z "$dest" || -z "$format" ]]; then
+        echo "${tr[missing_convert]:-❌ [openssl] Faltan argumentos para conversión: src, dest, format}"
+        return 1
+      fi
+      if [[ ! -f "$src" ]]; then
+        echo "$(render_msg "${tr[src_not_found]}" "src=$src")"
+        return 1
+      fi
+      echo "$(render_msg "${tr[converting]}" "src=$src" "format=$format")"
+
+      case "$format" in
+        pem)
+          $sudo_cmd openssl pkcs12 -in "$src" -out "$dest" -nodes -password pass:"$password" && \
+          echo "$(render_msg "${tr[converted]}" "dest=$dest")"
+          ;;
+        pfx)
+          $sudo_cmd openssl pkcs12 -export -out "$dest" -inkey "$src" -in "$src" -password pass:"$password" && \
+          echo "$(render_msg "${tr[converted]}" "dest=$dest")"
+          ;;
+        key)
+          $sudo_cmd openssl pkey -in "$src" -out "$dest" && \
+          echo "$(render_msg "${tr[key_extracted]}" "dest=$dest")"
+          ;;
+        cer)
+          $sudo_cmd openssl x509 -in "$src" -out "$dest" -outform DER && \
+          echo "$(render_msg "${tr[cer_converted]}" "dest=$dest")"
+          ;;
+        *)
+          echo "$(render_msg "${tr[unsupported_format]}" "format=$format")"
+          return 1
+          ;;
+      esac
+      ;;
+
+    inspect)
+      if [[ -z "$src" || ! -f "$src" ]]; then
+        echo "$(render_msg "${tr[missing_inspect]}" "src=$src")"
+        return 1
+      fi
+      echo "$(render_msg "${tr[inspecting]}" "src=$src")"
+      $sudo_cmd openssl x509 -in "$src" -noout -text | grep -E 'Subject:|Issuer:|Not Before:|Not After :|Fingerprint' || echo "${tr[inspect_fail]:-⚠️ [openssl] No se pudo extraer información}"
+      ;;
+
+    trust)
+      if [[ -z "$src" || -z "$alias" || -z "$trust_path" ]]; then
+        echo "${tr[missing_trust]:-❌ [openssl] Faltan argumentos para instalación como CA: src, alias, trust_path}"
+        return 1
+      fi
+      if [[ ! -f "$src" ]]; then
+        echo "$(render_msg "${tr[src_not_found]}" "src=$src")"
+        return 1
+      fi
+      echo "$(render_msg "${tr[trusting]}" "alias=$alias")"
+      $sudo_cmd cp "$src" "$trust_path/$alias.crt" && \
+      $sudo_cmd update-ca-certificates && \
+      echo "${tr[trusted]:-✅ [openssl] Certificado instalado y CA actualizada}"
+      ;;
+
+    untrust)
+      if [[ -z "$alias" || -z "$trust_path" ]]; then
+        echo "${tr[missing_untrust]:-❌ [openssl] Faltan argumentos para eliminación: alias, trust_path}"
+        return 1
+      fi
+      local cert_path="$trust_path/$alias.crt"
+      if [[ ! -f "$cert_path" ]]; then
+        echo "$(render_msg "${tr[untrust_not_found]}" "alias=$alias" "trust_path=$trust_path")"
+        return 0
+      fi
+      echo "$(render_msg "${tr[untrusting]}" "alias=$alias")"
+      $sudo_cmd rm -f "$cert_path" && \
+      $sudo_cmd update-ca-certificates && \
+      echo "${tr[untrusted]:-✅ [openssl] Certificado eliminado y CA actualizada}"
+      ;;
+
+    *)
+      echo "$(render_msg "${tr[unknown_state]}" "state=$state")"
+      return 1
+      ;;
+  esac
+}
+
+check_dependencies_openssl() {
+  local lang="${shflow_vars[language]:-es}"
+  local trfile="$(dirname "${BASH_SOURCE[0]}")/openssl.tr.${lang}"
+  declare -A tr
+  if [[ -f "$trfile" ]]; then
+    while IFS='=' read -r k v; do tr["$k"]="$v"; done < "$trfile"
+  fi
+
+  local missing=()
+  for cmd in openssl sudo; do
+    command -v "$cmd" >/dev/null 2>&1 || missing+=("$cmd")
+  done
+
+  if [[ ${#missing[@]} -gt 0 ]]; then
+    echo "$(render_msg "${tr[missing_deps]}" "cmds=${missing[*]}")"
+    return 1
+  fi
+
+  echo "${tr[deps_ok]:-✅ [openssl] Todas las dependencias están disponibles}"
+  return 0
+}
-- 
cgit v1.2.3