Subversion Repositories ALCASAR

Rev

Rev 1710 | Rev 1736 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1710 richard 1
#!/bin/sh
2
 
3
# alcasar-importcert.sh
4
# by Raphaël, Hugo, Clément, Bettyna
5
 
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
8
# Script permettant
9
# - d'importer des certificats sur Alcasar
1733 richard 10
# - de revenir au certificat par default
1710 richard 11
 
12
# This script allows
1733 richard 13
# - to import a certificate in Alcasar
14
# - to go back to the default certificate
1710 richard 15
 
16
SED="/bin/sed -ri"
17
 
18
DIR_CERT="/etc/pki/tls"
19
 
1733 richard 20
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
1710 richard 21
 
1733 richard 22
 
1710 richard 23
nb_args=$#
1733 richard 24
arg1=$1
1710 richard 25
 
1733 richard 26
 
27
# nb_args=$#
28
# args=$1
29
# args1=$3
30
# args2=$5
31
# cert=$2
32
# key=$4
33
# sc=$6
34
 
35
function defaultNdd()
36
{
37
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
38
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
39
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
40
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
41
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
42
}
43
 
44
function defaultCert()
45
{
46
	cd $DIR_CERT
47
	rm private/alcasar.key
48
	rm certs/alcasar.crt
49
	mv certs/alcasar.crt.old certs/alcasar.crt
50
	mv private/alcasar.key.old private/alcasar.key
51
	if [ -f certs/server-chain.crt.old ]
52
	then
53
		rm certs/server-chain.crt
54
		mv certs/server-chain.crt.old certs/server-chain.crt
55
	fi
56
}
57
 
1710 richard 58
function domainName() # change the domain name in the conf files
59
{
60
 
61
	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
62
	echo $ndd
63
	if [ "$ndd" != "" ]
1733 richard 64
	then
1710 richard 65
		$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
66
		$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
67
		$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
68
		$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
69
		$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
70
	fi
71
}
72
 
73
function certImport()
74
{
75
	cd $DIR_CERT
1733 richard 76
 
1710 richard 77
	if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
78
	then
79
		echo "Backup of old cert (alcasar.crt)"
80
		mv certs/alcasar.crt certs/alcasar.crt.old
81
	fi
82
	if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
83
	then
84
		echo "Backup of old private key (alcasar.key)"
85
		mv private/alcasar.key private/alcasar.key.old
86
	fi
1733 richard 87
 
1710 richard 88
	cp $cert certs/alcasar.crt
89
	cp $key private/alcasar.key
90
 
91
	chown root:apache certs/alcasar.crt
92
	chown root:apache private/alcasar.key
93
 
94
	chmod 750 certs/alcasar.crt
95
	chmod 750 private/alcasar.key
96
 
97
	if [ "$sc" != "" ]
98
	then
99
		echo "cert-chain exists"
100
		if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
101
		then
102
			echo "Backup of old cert-chain (server-chain.crt)"
103
			mv certs/server-chain.crt certs/server-chain.crt.old
104
		fi
105
		cp $sc certs/server-chain.crt
106
		chown root:apache certs/server-chain.crt
107
		chmod 750 certs/server-chain.crt
108
	fi
109
}
110
 
1733 richard 111
 
112
if [ $nb_args -eq 0 ]
1710 richard 113
then
1733 richard 114
	echo "$usage"
115
	exit 1
1710 richard 116
fi
117
 
1733 richard 118
case $arg1 in
1710 richard 119
	-\? | -h* | --h*)
120
		echo "$usage"
121
		exit 0
122
		;;
123
	-i)
1733 richard 124
		arg3=$3
125
		arg5=$5
126
		cert=$2
127
		key=$4
128
		sc=$6
129
 
130
		if [ "$cert" == "" ] || [ "$key" == "" ]
131
		then
132
			echo "$usage"
133
			exit 1
134
		fi
135
 
136
		if [ ! -f "$cert" -o ! -f "$key" ]
137
		then
138
			echo "Certificate and/or private key not found"
139
			exit 1
140
		fi
141
 
142
		if [ ${cert: -4} != ".crt" ]
143
		then
144
			echo "Invalid certificate file"
145
			exit 1
146
		fi
147
 
148
		if [ ${key: -4} != ".key" ]
149
		then
150
			echo "Invalid private key"
151
			exit 1
152
		fi
153
 
154
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
155
		then
156
			echo "No server-chain given"
157
			echo "Importing certificate $cert with private key $key"
158
			sc=""
159
		else
160
			echo "Importing certificate $cert with private key $key and server-chain $sc"
161
		fi
162
 
163
		domainName $cert
164
		certImport $cert $key $sc
165
		systemctl restart chilli.service
166
		systemctl restart httpd.service
1710 richard 167
		;;
1733 richard 168
	-d)
169
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
170
		then
171
			echo "Restoring default certificate"
172
			defaultCert
173
			defaultNdd
174
			systemctl restart chilli.service
175
			systemctl restart httpd.service
176
		fi
177
		;;
1710 richard 178
	*)
179
		echo "$usage"
180
		;;
181
esac