Subversion Repositories ALCASAR

Rev

Rev 2813 | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2260 tom.houday 1
#!/bin/bash
2223 tom.houday 2
#
3
# $Id: alcasar-importcert.sh 2850 2020-07-15 22:24:44Z rexy $
4
#
1710 richard 5
# alcasar-importcert.sh
1736 richard 6
# by Raphaël, Hugo, Clément, Bettyna & rexy
2223 tom.houday 7
#
1710 richard 8
# This script is distributed under the Gnu General Public License (GPL)
2223 tom.houday 9
#
1710 richard 10
# Script permettant
11
# - d'importer des certificats sur Alcasar
1733 richard 12
# - de revenir au certificat par default
2223 tom.houday 13
#
1710 richard 14
# This script allows
1733 richard 15
# - to import a certificate in Alcasar
16
# - to go back to the default certificate
1710 richard 17
 
18
SED="/bin/sed -ri"
19
DIR_CERT="/etc/pki/tls"
1736 richard 20
CONF_FILE="/usr/local/etc/alcasar.conf"
2260 tom.houday 21
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
1736 richard 22
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
1710 richard 23
 
2260 tom.houday 24
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
1710 richard 25
nb_args=$#
1733 richard 26
arg1=$1
1710 richard 27
 
1733 richard 28
function defaultCert()
29
{
1740 richard 30
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
31
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
2813 rexy 32
	if [ -f $DIR_CERT/certs/server-chain.pem.old ]
1733 richard 33
	then
2813 rexy 34
		mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem
1733 richard 35
	fi
2554 lucas.echa 36
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
2488 lucas.echa 37
	chown root:apache $DIR_CERT/private/alcasar.pem
38
	chmod 750 $DIR_CERT/private/alcasar.pem
1733 richard 39
}
40
 
1710 richard 41
function domainName() # change the domain name in the conf files
42
{
2813 rexy 43
	fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt | grep commonName|cut -d"=" -f2|tr -d ' ')
2260 tom.houday 44
	#check if there is a wildcard in $fqdn
45
	if [[ $fqdn == *"*"* ]];
46
	then
47
		hostname="alcasar"
48
		fqdn=${fqdn/"*"/$hostname}
49
	else
2472 tom.houday 50
		hostname=$(echo $fqdn | cut -d'.' -f1)
2260 tom.houday 51
	fi
2472 tom.houday 52
	domain=$(echo $fqdn | cut -d'.' -f2-)
2260 tom.houday 53
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
2454 tom.houday 54
	#check fqdn format
2309 tom.houday 55
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
1758 richard 56
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
1736 richard 57
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
2850 rexy 58
		/usr/local/bin/alcasar-conf.sh --apply
1710 richard 59
	fi
60
}
61
 
62
function certImport()
63
{
1740 richard 64
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
1710 richard 65
	then
66
		echo "Backup of old cert (alcasar.crt)"
1740 richard 67
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
1710 richard 68
	fi
1740 richard 69
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
1710 richard 70
	then
71
		echo "Backup of old private key (alcasar.key)"
1740 richard 72
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
1710 richard 73
	fi
1740 richard 74
	cp $cert $DIR_CERT/certs/alcasar.crt
75
	cp $key $DIR_CERT/private/alcasar.key
2554 lucas.echa 76
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
1740 richard 77
	chown root:apache $DIR_CERT/certs/alcasar.crt
78
	chown root:apache $DIR_CERT/private/alcasar.key
2488 lucas.echa 79
	chown root:apache $DIR_CERT/private/alcasar.pem
1740 richard 80
	chmod 750 $DIR_CERT/certs/alcasar.crt
81
	chmod 750 $DIR_CERT/private/alcasar.key
2488 lucas.echa 82
	chmod 750 $DIR_CERT/private/alcasar.pem
1710 richard 83
	if [ "$sc" != "" ]
84
	then
85
		echo "cert-chain exists"
2813 rexy 86
		if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]
1710 richard 87
		then
2813 rexy 88
			echo "Backup of old cert-chain (server-chain.pem)"
89
			mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old
1710 richard 90
		fi
2813 rexy 91
		cp $sc $DIR_CERT/certs/server-chain.pem
92
		chown root:apache $DIR_CERT/certs/server-chain.pem
93
		chmod 750 $DIR_CERT/certs/server-chain.pem
1710 richard 94
	fi
95
}
96
 
1733 richard 97
 
98
if [ $nb_args -eq 0 ]
1710 richard 99
then
2260 tom.houday 100
	echo -e "$usage"
1733 richard 101
	exit 1
1710 richard 102
fi
103
 
1733 richard 104
case $arg1 in
1710 richard 105
	-\? | -h* | --h*)
2260 tom.houday 106
		echo -e "$usage"
1710 richard 107
		exit 0
108
		;;
109
	-i)
1733 richard 110
		arg3=$3
111
		arg5=$5
112
		cert=$2
113
		key=$4
114
		sc=$6
115
 
116
		if [ "$cert" == "" ] || [ "$key" == "" ]
117
		then
2260 tom.houday 118
			echo -e "$usage"
1733 richard 119
			exit 1
120
		fi
121
 
2260 tom.houday 122
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
1733 richard 123
		then
124
			echo "Certificate and/or private key not found"
125
			exit 1
126
		fi
127
 
2261 tom.houday 128
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
1733 richard 129
		then
130
			echo "Invalid certificate file"
131
			exit 1
132
		fi
133
 
134
		if [ ${key: -4} != ".key" ]
135
		then
136
			echo "Invalid private key"
137
			exit 1
138
		fi
139
 
2261 tom.houday 140
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
1733 richard 141
		then
142
			echo "No server-chain given"
143
			echo "Importing certificate $cert with private key $key"
144
			sc=""
145
		else
2261 tom.houday 146
			if [ ! -f "$sc" ]
147
			then
148
				echo "Server-chain certificate not found"
149
				exit 1
150
			fi
2813 rexy 151
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]
2261 tom.houday 152
			then
153
				echo "Invalid server-chain certificate file"
154
				exit 1
155
			fi
1733 richard 156
			echo "Importing certificate $cert with private key $key and server-chain $sc"
157
		fi
2813 rexy 158
		certImport 
159
		domainName
1710 richard 160
		;;
1733 richard 161
	-d)
162
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
163
		then
164
			echo "Restoring default certificate"
165
			defaultCert
2813 rexy 166
			domainName
167
		else echo "No default cert found"
1733 richard 168
		fi
169
		;;
1710 richard 170
	*)
2260 tom.houday 171
		echo -e "$usage"
1710 richard 172
		;;
173
esac