Subversion Repositories ALCASAR

Rev

Rev 1736 | Rev 1743 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1710 richard 1 
#!/bin/sh
2 
 
3 
# alcasar-importcert.sh
1736 richard 4 
# by Raphaël, Hugo, Clément, Bettyna & rexy
1710 richard 5 
 
6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
8 
# Script permettant
9 
# - d'importer des certificats sur Alcasar
1733 richard 10 
# - de revenir au certificat par default
1710 richard 11 
 
12 
# This script allows
1733 richard 13 
# - to import a certificate in Alcasar
14 
# - to go back to the default certificate
1710 richard 15 
 
16 
SED="/bin/sed -ri"
17 
DIR_CERT="/etc/pki/tls"
1736 richard 18 
CONF_FILE="/usr/local/etc/alcasar.conf"
19 
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
20 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
1710 richard 21 
 
1733 richard 22 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
1710 richard 23 
nb_args=$#
1733 richard 24 
arg1=$1
1710 richard 25 
 
1733 richard 26 
 
27 
function defaultNdd()
28 
{
29 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
30 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
31 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
32 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
33 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
1736 richard 34 
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
1740 richard 35 
	hostnamectl set-hostname alcasar.localdomain
36 
	$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
37 
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
1733 richard 38 
}
39 
 
40 
function defaultCert()
41 
{
1740 richard 42 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
43 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
44 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
1733 richard 45 
	then
1740 richard 46 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
47 
	else
48 
		rm -f $DIR_CERT/certs/server-chain.crt
1733 richard 49 
	fi
50 
}
51 
 
1710 richard 52 
function domainName() # change the domain name in the conf files
53 
{
54 
 
1736 richard 55 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
56 
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
57 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
58 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
59 
	if [ "$fqdn" != "" ]
1733 richard 60 
	then
1736 richard 61 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
62 
		cat <<EOF > /etc/hosts
63 
127.0.0.1	localhost
64 
$PRIVATE_IP	$fqdn $hostname
65 
EOF
66 
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
67 
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
68 
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
69 
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
70 
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
71 
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
72 
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
1740 richard 73 
		hostnamectl set-hostname $fqdn
74 
		$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
75 
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
1710 richard 76 
	fi
77 
}
78 
 
79 
function certImport()
80 
{
1740 richard 81 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
1710 richard 82 
	then
83 
		echo "Backup of old cert (alcasar.crt)"
1740 richard 84 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
1710 richard 85 
	fi
1740 richard 86 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
1710 richard 87 
	then
88 
		echo "Backup of old private key (alcasar.key)"
1740 richard 89 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
1710 richard 90 
	fi
1740 richard 91 
	cp $cert $DIR_CERT/certs/alcasar.crt
92 
	cp $key $DIR_CERT/private/alcasar.key
1733 richard 93 
 
1740 richard 94 
	chown root:apache $DIR_CERT/certs/alcasar.crt
95 
	chown root:apache $DIR_CERT/private/alcasar.key
1710 richard 96 
 
1740 richard 97 
	chmod 750 $DIR_CERT/certs/alcasar.crt
98 
	chmod 750 $DIR_CERT/private/alcasar.key
1710 richard 99 
	if [ "$sc" != "" ]
100 
	then
101 
		echo "cert-chain exists"
1740 richard 102 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
1710 richard 103 
		then
104 
			echo "Backup of old cert-chain (server-chain.crt)"
1740 richard 105 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
1710 richard 106 
		fi
1740 richard 107 
		cp $sc $DIR_CERT/certs/server-chain.crt
108 
		chown root:apache $DIR_CERT/certs/server-chain.crt
109 
		chmod 750 $DIR_CERT/certs/server-chain.crt
1710 richard 110 
	fi
111 
}
112 
 
1733 richard 113 
 
114 
if [ $nb_args -eq 0 ]
1710 richard 115 
then
1733 richard 116 
	echo "$usage"
117 
	exit 1
1710 richard 118 
fi
119 
 
1733 richard 120 
case $arg1 in
1710 richard 121 
	-\? | -h* | --h*)
122 
		echo "$usage"
123 
		exit 0
124 
		;;
125 
	-i)
1733 richard 126 
		arg3=$3
127 
		arg5=$5
128 
		cert=$2
129 
		key=$4
130 
		sc=$6
131 
 
132 
		if [ "$cert" == "" ] || [ "$key" == "" ]
133 
		then
134 
			echo "$usage"
135 
			exit 1
136 
		fi
137 
 
138 
		if [ ! -f "$cert" -o ! -f "$key" ]
139 
		then
140 
			echo "Certificate and/or private key not found"
141 
			exit 1
142 
		fi
143 
 
144 
		if [ ${cert: -4} != ".crt" ]
145 
		then
146 
			echo "Invalid certificate file"
147 
			exit 1
148 
		fi
149 
 
150 
		if [ ${key: -4} != ".key" ]
151 
		then
152 
			echo "Invalid private key"
153 
			exit 1
154 
		fi
155 
 
156 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
157 
		then
158 
			echo "No server-chain given"
159 
			echo "Importing certificate $cert with private key $key"
160 
			sc=""
161 
		else
162 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
163 
		fi
164 
		domainName $cert
165 
		certImport $cert $key $sc
1736 richard 166 
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
1740 richard 167 
		do
168 
			echo "restarting $services"; systemctl restart $services; sleep 1
169 
		done
1710 richard 170 
		;;
1733 richard 171 
	-d)
172 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
173 
		then
174 
			echo "Restoring default certificate"
175 
			defaultCert
176 
			defaultNdd
1740 richard 177 
			for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
178 
			do
179 
				echo "restarting $services"; systemctl restart $services; sleep 1
180 
			done
1733 richard 181 
		fi
182 
		;;
1710 richard 183 
	*)
184 
		echo "$usage"
185 
		;;
186 
esac