Subversion Repositories ALCASAR

Rev

Rev 1710 | Rev 1736 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1710 richard 1 
#!/bin/sh
2 
 
3 
# alcasar-importcert.sh
4 
# by Raphaël, Hugo, Clément, Bettyna
5 
 
6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
8 
# Script permettant
9 
# - d'importer des certificats sur Alcasar
1733 richard 10 
# - de revenir au certificat par default
1710 richard 11 
 
12 
# This script allows
1733 richard 13 
# - to import a certificate in Alcasar
14 
# - to go back to the default certificate
1710 richard 15 
 
16 
SED="/bin/sed -ri"
17 
 
18 
DIR_CERT="/etc/pki/tls"
19 
 
1733 richard 20 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
1710 richard 21 
 
1733 richard 22 
 
1710 richard 23 
nb_args=$#
1733 richard 24 
arg1=$1
1710 richard 25 
 
1733 richard 26 
 
27 
# nb_args=$#
28 
# args=$1
29 
# args1=$3
30 
# args2=$5
31 
# cert=$2
32 
# key=$4
33 
# sc=$6
34 
 
35 
function defaultNdd()
36 
{
37 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
38 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
39 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
40 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
41 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
42 
}
43 
 
44 
function defaultCert()
45 
{
46 
	cd $DIR_CERT
47 
	rm private/alcasar.key
48 
	rm certs/alcasar.crt
49 
	mv certs/alcasar.crt.old certs/alcasar.crt
50 
	mv private/alcasar.key.old private/alcasar.key
51 
	if [ -f certs/server-chain.crt.old ]
52 
	then
53 
		rm certs/server-chain.crt
54 
		mv certs/server-chain.crt.old certs/server-chain.crt
55 
	fi
56 
}
57 
 
1710 richard 58 
function domainName() # change the domain name in the conf files
59 
{
60 
 
61 
	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
62 
	echo $ndd
63 
	if [ "$ndd" != "" ]
1733 richard 64 
	then
1710 richard 65 
		$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
66 
		$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
67 
		$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
68 
		$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
69 
		$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
70 
	fi
71 
}
72 
 
73 
function certImport()
74 
{
75 
	cd $DIR_CERT
1733 richard 76 
 
1710 richard 77 
	if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
78 
	then
79 
		echo "Backup of old cert (alcasar.crt)"
80 
		mv certs/alcasar.crt certs/alcasar.crt.old
81 
	fi
82 
	if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
83 
	then
84 
		echo "Backup of old private key (alcasar.key)"
85 
		mv private/alcasar.key private/alcasar.key.old
86 
	fi
1733 richard 87 
 
1710 richard 88 
	cp $cert certs/alcasar.crt
89 
	cp $key private/alcasar.key
90 
 
91 
	chown root:apache certs/alcasar.crt
92 
	chown root:apache private/alcasar.key
93 
 
94 
	chmod 750 certs/alcasar.crt
95 
	chmod 750 private/alcasar.key
96 
 
97 
	if [ "$sc" != "" ]
98 
	then
99 
		echo "cert-chain exists"
100 
		if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
101 
		then
102 
			echo "Backup of old cert-chain (server-chain.crt)"
103 
			mv certs/server-chain.crt certs/server-chain.crt.old
104 
		fi
105 
		cp $sc certs/server-chain.crt
106 
		chown root:apache certs/server-chain.crt
107 
		chmod 750 certs/server-chain.crt
108 
	fi
109 
}
110 
 
1733 richard 111 
 
112 
if [ $nb_args -eq 0 ]
1710 richard 113 
then
1733 richard 114 
	echo "$usage"
115 
	exit 1
1710 richard 116 
fi
117 
 
1733 richard 118 
case $arg1 in
1710 richard 119 
	-\? | -h* | --h*)
120 
		echo "$usage"
121 
		exit 0
122 
		;;
123 
	-i)
1733 richard 124 
		arg3=$3
125 
		arg5=$5
126 
		cert=$2
127 
		key=$4
128 
		sc=$6
129 
 
130 
		if [ "$cert" == "" ] || [ "$key" == "" ]
131 
		then
132 
			echo "$usage"
133 
			exit 1
134 
		fi
135 
 
136 
		if [ ! -f "$cert" -o ! -f "$key" ]
137 
		then
138 
			echo "Certificate and/or private key not found"
139 
			exit 1
140 
		fi
141 
 
142 
		if [ ${cert: -4} != ".crt" ]
143 
		then
144 
			echo "Invalid certificate file"
145 
			exit 1
146 
		fi
147 
 
148 
		if [ ${key: -4} != ".key" ]
149 
		then
150 
			echo "Invalid private key"
151 
			exit 1
152 
		fi
153 
 
154 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
155 
		then
156 
			echo "No server-chain given"
157 
			echo "Importing certificate $cert with private key $key"
158 
			sc=""
159 
		else
160 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
161 
		fi
162 
 
163 
		domainName $cert
164 
		certImport $cert $key $sc
165 
		systemctl restart chilli.service
166 
		systemctl restart httpd.service
1710 richard 167 
		;;
1733 richard 168 
	-d)
169 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
170 
		then
171 
			echo "Restoring default certificate"
172 
			defaultCert
173 
			defaultNdd
174 
			systemctl restart chilli.service
175 
			systemctl restart httpd.service
176 
		fi
177 
		;;
1710 richard 178 
	*)
179 
		echo "$usage"
180 
		;;
181 
esac