WebSVN – ALCASAR – Blame – /scripts/alcasar-importcert.sh

Rev	Author	Line No.	Line
2260	tom.houday	1	`#!/bin/bash`
2223	tom.houday	2	`#`
		3	`# $Id: alcasar-importcert.sh 2554 2018-05-20 11:02:46Z lucas.echard $`
		4	`#`
1710	richard	5	`# alcasar-importcert.sh`
1736	richard	6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
2223	tom.houday	7	`#`
1710	richard	8	`# This script is distributed under the Gnu General Public License (GPL)`
2223	tom.houday	9	`#`
1710	richard	10	`# Script permettant`
		11	`# - d'importer des certificats sur Alcasar`
1733	richard	12	`# - de revenir au certificat par default`
2223	tom.houday	13	`#`
1710	richard	14	`# This script allows`
1733	richard	15	`# - to import a certificate in Alcasar`
		16	`# - to go back to the default certificate`
1710	richard	17
		18	`SED="/bin/sed -ri"`
		19	`DIR_CERT="/etc/pki/tls"`
1736	richard	20	`CONF_FILE="/usr/local/etc/alcasar.conf"`
2260	tom.houday	21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
1736	richard	22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
1710	richard	23
2260	tom.houday	24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`
1710	richard	25	`nb_args=$#`
1733	richard	26	`arg1=$1`
1710	richard	27
1733	richard	28	`function defaultNdd()`
		29	`{`
1758	richard	30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`
		31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`
2309	tom.houday	32	`/usr/local/bin/alcasar-conf.sh --apply`
1733	richard	33	`}`
		34
		35	`function defaultCert()`
		36	`{`
1740	richard	37	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
		38	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
		39	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`
1733	richard	40	`then`
1740	richard	41	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`
1733	richard	42	`fi`
2554	lucas.echa	43
		44	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`
		45
2488	lucas.echa	46	`chown root:apache $DIR_CERT/private/alcasar.pem`
		47	`chmod 750 $DIR_CERT/private/alcasar.pem`
1733	richard	48	`}`
		49
1710	richard	50	`function domainName() # change the domain name in the conf files`
		51	`{`
1744	clement.si	52	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`
1934	raphael.pi	53
2260	tom.houday	54	`#check if there is a wildcard in $fqdn`
		55	`if [[ $fqdn == ""* ]];`
		56	`then`
		57	`hostname="alcasar"`
		58	`fqdn=${fqdn/"*"/$hostname}`
		59	`else`
2472	tom.houday	60	`hostname=$(echo $fqdn \| cut -d'.' -f1)`
2260	tom.houday	61	`fi`
2472	tom.houday	62	`domain=$(echo $fqdn \| cut -d'.' -f2-)`
2260	tom.houday	63	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
1934	raphael.pi	64
2454	tom.houday	65	`#check fqdn format`
2309	tom.houday	66	`if [[ "$fqdn" != "" && "$domain" != "" ]]; then`
1758	richard	67	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`
1736	richard	68	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
2309	tom.houday	69	`/usr/local/bin/alcasar-conf.sh --apply`
1710	richard	70	`fi`
		71	`}`
		72
		73	`function certImport()`
		74	`{`
1740	richard	75	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
1710	richard	76	`then`
		77	`echo "Backup of old cert (alcasar.crt)"`
1740	richard	78	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
1710	richard	79	`fi`
1740	richard	80	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
1710	richard	81	`then`
		82	`echo "Backup of old private key (alcasar.key)"`
1740	richard	83	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
1710	richard	84	`fi`
2260	tom.houday	85
1740	richard	86	`cp $cert $DIR_CERT/certs/alcasar.crt`
		87	`cp $key $DIR_CERT/private/alcasar.key`
1733	richard	88
2554	lucas.echa	89	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`
		90
1740	richard	91	`chown root:apache $DIR_CERT/certs/alcasar.crt`
		92	`chown root:apache $DIR_CERT/private/alcasar.key`
2488	lucas.echa	93	`chown root:apache $DIR_CERT/private/alcasar.pem`
1710	richard	94
1740	richard	95	`chmod 750 $DIR_CERT/certs/alcasar.crt`
		96	`chmod 750 $DIR_CERT/private/alcasar.key`
2488	lucas.echa	97	`chmod 750 $DIR_CERT/private/alcasar.pem`
2260	tom.houday	98
1710	richard	99	`if [ "$sc" != "" ]`
		100	`then`
		101	`echo "cert-chain exists"`
1740	richard	102	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`
1710	richard	103	`then`
		104	`echo "Backup of old cert-chain (server-chain.crt)"`
1740	richard	105	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`
1710	richard	106	`fi`
1740	richard	107	`cp $sc $DIR_CERT/certs/server-chain.crt`
		108	`chown root:apache $DIR_CERT/certs/server-chain.crt`
		109	`chmod 750 $DIR_CERT/certs/server-chain.crt`
1710	richard	110	`fi`
		111	`}`
		112
1733	richard	113
		114	`if [ $nb_args -eq 0 ]`
1710	richard	115	`then`
2260	tom.houday	116	`echo -e "$usage"`
1733	richard	117	`exit 1`
1710	richard	118	`fi`
		119
1733	richard	120	`case $arg1 in`
1710	richard	121	`-\? \| -h* \| --h*)`
2260	tom.houday	122	`echo -e "$usage"`
1710	richard	123	`exit 0`
		124	`;;`
		125	`-i)`
1733	richard	126	`arg3=$3`
		127	`arg5=$5`
		128	`cert=$2`
		129	`key=$4`
		130	`sc=$6`
		131
		132	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
		133	`then`
2260	tom.houday	134	`echo -e "$usage"`
1733	richard	135	`exit 1`
		136	`fi`
		137
2260	tom.houday	138	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`
1733	richard	139	`then`
		140	`echo "Certificate and/or private key not found"`
		141	`exit 1`
		142	`fi`
		143
2261	tom.houday	144	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`
1733	richard	145	`then`
		146	`echo "Invalid certificate file"`
		147	`exit 1`
		148	`fi`
		149
		150	`if [ ${key: -4} != ".key" ]`
		151	`then`
		152	`echo "Invalid private key"`
		153	`exit 1`
		154	`fi`
		155
2261	tom.houday	156	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`
1733	richard	157	`then`
		158	`echo "No server-chain given"`
		159	`echo "Importing certificate $cert with private key $key"`
		160	`sc=""`
		161	`else`
2261	tom.houday	162	`if [ ! -f "$sc" ]`
		163	`then`
		164	`echo "Server-chain certificate not found"`
		165	`exit 1`
		166	`fi`
		167	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]`
		168	`then`
		169	`echo "Invalid server-chain certificate file"`
		170	`exit 1`
		171	`fi`
1733	richard	172	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
		173	`fi`
		174	`domainName $cert`
		175	`certImport $cert $key $sc`
2488	lucas.echa	176	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd`
1740	richard	177	`do`
		178	`echo "restarting $services"; systemctl restart $services; sleep 1`
		179	`done`
1710	richard	180	`;;`
1733	richard	181	`-d)`
		182	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
		183	`then`
		184	`echo "Restoring default certificate"`
		185	`defaultCert`
		186	`defaultNdd`
2488	lucas.echa	187	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd`
1740	richard	188	`do`
		189	`echo "restarting $services"; systemctl restart $services; sleep 1`
		190	`done`
1733	richard	191	`fi`
		192	`;;`
1710	richard	193	`*)`
2260	tom.houday	194	`echo -e "$usage"`
1710	richard	195	`;;`
		196	`esac`

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2670 – Rev 2554