WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/sh
 
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
 
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
 
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
 
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
 
 
nb_args=$#
arg1=$1
 
 
 
 
 
 
 
 
 
 
function defaultNdd()
{
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
}
 
function defaultCert()
{
	cd $DIR_CERT
	rm private/alcasar.key
	rm certs/alcasar.crt
	mv certs/alcasar.crt.old certs/alcasar.crt
	mv private/alcasar.key.old private/alcasar.key
	if [ -f certs/server-chain.crt.old ]
	then
		rm certs/server-chain.crt
		mv certs/server-chain.crt.old certs/server-chain.crt
	fi
}
 
function domainName() # change the domain name in the conf files
{
 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
	if [ "$fqdn" != "" ]
	then
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$fqdn $hostname
EOF
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
	fi
}
 
function certImport()
{
	cd $DIR_CERT
 
	if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv certs/alcasar.crt certs/alcasar.crt.old
	fi
	if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv private/alcasar.key private/alcasar.key.old
	fi
 
	cp $cert certs/alcasar.crt
	cp $key private/alcasar.key
 
	chown root:apache certs/alcasar.crt
	chown root:apache private/alcasar.key
 
	chmod 750 certs/alcasar.crt
	chmod 750 private/alcasar.key
 
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
		then
			echo "Backup of old cert-chain (server-chain.crt)"
			mv certs/server-chain.crt certs/server-chain.crt.old
		fi
		cp $sc certs/server-chain.crt
		chown root:apache certs/server-chain.crt
		chmod 750 certs/server-chain.crt
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" -o ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
 
		domainName $cert
		certImport $cert $key $sc
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
			do
				systemctl restart $services
			done
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			defaultNdd
			systemctl restart chilli.service
			systemctl restart httpd.service
		fi
		;;
	*)
		echo "$usage"
		;;
esac
 

Rev 1733	Rev 1736
1	`#!/bin/sh`	1	`#!/bin/sh`
2		2
3	`# alcasar-importcert.sh`	3	`# alcasar-importcert.sh`
4	`# by Raphaël, Hugo, Clément, Bettyna`	4	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
5		5
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Script permettant`	8	`# Script permettant`
9	`# - d'importer des certificats sur Alcasar`	9	`# - d'importer des certificats sur Alcasar`
10	`# - de revenir au certificat par default`	10	`# - de revenir au certificat par default`
11		11
12	`# This script allows`	12	`# This script allows`
13	`# - to import a certificate in Alcasar`	13	`# - to import a certificate in Alcasar`
14	`# - to go back to the default certificate`	14	`# - to go back to the default certificate`
15		15
16	`SED="/bin/sed -ri"`	16	`SED="/bin/sed -ri"`
17		-
18	`DIR_CERT="/etc/pki/tls"`	17	`DIR_CERT="/etc/pki/tls"`
-		18	`CONF_FILE="/usr/local/etc/alcasar.conf"`
-		19	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`
-		20	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
19		21
20	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`	22	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`
21		-
22		-
23	`nb_args=$#`	23	`nb_args=$#`
24	`arg1=$1`	24	`arg1=$1`
25		25
26		26
27	`# nb_args=$#`	-
28	`# args=$1`	-
29	`# args1=$3`	-
30	`# args2=$5`	-
31	`# cert=$2`	-
32	`# key=$4`	-
33	`# sc=$6`	-
34		-
35	`function defaultNdd()`	27	`function defaultNdd()`
36	`{`	28	`{`
37	`$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf`	29	`$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf`
38	`$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts`	30	`$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts`
39	`$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf`	31	`$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf`
40	`$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf`	32	`$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf`
41	`$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf`	33	`$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf`
-		34	`$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`
42	`}`	35	`}`
43		36
44	`function defaultCert()`	37	`function defaultCert()`
45	`{`	38	`{`
46	`cd $DIR_CERT`	39	`cd $DIR_CERT`
47	`rm private/alcasar.key`	40	`rm private/alcasar.key`
48	`rm certs/alcasar.crt`	41	`rm certs/alcasar.crt`
49	`mv certs/alcasar.crt.old certs/alcasar.crt`	42	`mv certs/alcasar.crt.old certs/alcasar.crt`
50	`mv private/alcasar.key.old private/alcasar.key`	43	`mv private/alcasar.key.old private/alcasar.key`
51	`if [ -f certs/server-chain.crt.old ]`	44	`if [ -f certs/server-chain.crt.old ]`
52	`then`	45	`then`
53	`rm certs/server-chain.crt`	46	`rm certs/server-chain.crt`
54	`mv certs/server-chain.crt.old certs/server-chain.crt`	47	`mv certs/server-chain.crt.old certs/server-chain.crt`
55	`fi`	48	`fi`
56	`}`	49	`}`
57		50
58	`function domainName() # change the domain name in the conf files`	51	`function domainName() # change the domain name in the conf files`
59	`{`	52	`{`
60		53
61	`ndd=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p')`	54	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p')`
-		55	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`
-		56	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \|sed 's/^.//'`
62	`echo $ndd`	57	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
63	`if [ "$ndd" != "" ]`	58	`if [ "$fqdn" != "" ]`
64	`then`	59	`then`
65	`$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf`	60	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
-		61	`cat <<EOF > /etc/hosts`
-		62	`127.0.0.1 localhost`
-		63	`$PRIVATE_IP $fqdn $hostname`
-		64	`EOF`
-		65	`$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf`
66	`$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts`	66	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`
67	`$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf`	67	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`
68	`$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf`	68	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`
-		69	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`
69	`$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf`	70	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`
-		71	`$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`
70	`fi`	72	`fi`
71	`}`	73	`}`
72		74
73	`function certImport()`	75	`function certImport()`
74	`{`	76	`{`
75	`cd $DIR_CERT`	77	`cd $DIR_CERT`
76		78
77	`if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]`	79	`if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]`
78	`then`	80	`then`
79	`echo "Backup of old cert (alcasar.crt)"`	81	`echo "Backup of old cert (alcasar.crt)"`
80	`mv certs/alcasar.crt certs/alcasar.crt.old`	82	`mv certs/alcasar.crt certs/alcasar.crt.old`
81	`fi`	83	`fi`
82	`if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]`	84	`if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]`
83	`then`	85	`then`
84	`echo "Backup of old private key (alcasar.key)"`	86	`echo "Backup of old private key (alcasar.key)"`
85	`mv private/alcasar.key private/alcasar.key.old`	87	`mv private/alcasar.key private/alcasar.key.old`
86	`fi`	88	`fi`
87		89
88	`cp $cert certs/alcasar.crt`	90	`cp $cert certs/alcasar.crt`
89	`cp $key private/alcasar.key`	91	`cp $key private/alcasar.key`
90		92
91	`chown root:apache certs/alcasar.crt`	93	`chown root:apache certs/alcasar.crt`
92	`chown root:apache private/alcasar.key`	94	`chown root:apache private/alcasar.key`
93		95
94	`chmod 750 certs/alcasar.crt`	96	`chmod 750 certs/alcasar.crt`
95	`chmod 750 private/alcasar.key`	97	`chmod 750 private/alcasar.key`
96		98
97	`if [ "$sc" != "" ]`	99	`if [ "$sc" != "" ]`
98	`then`	100	`then`
99	`echo "cert-chain exists"`	101	`echo "cert-chain exists"`
100	`if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]`	102	`if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]`
101	`then`	103	`then`
102	`echo "Backup of old cert-chain (server-chain.crt)"`	104	`echo "Backup of old cert-chain (server-chain.crt)"`
103	`mv certs/server-chain.crt certs/server-chain.crt.old`	105	`mv certs/server-chain.crt certs/server-chain.crt.old`
104	`fi`	106	`fi`
105	`cp $sc certs/server-chain.crt`	107	`cp $sc certs/server-chain.crt`
106	`chown root:apache certs/server-chain.crt`	108	`chown root:apache certs/server-chain.crt`
107	`chmod 750 certs/server-chain.crt`	109	`chmod 750 certs/server-chain.crt`
108	`fi`	110	`fi`
109	`}`	111	`}`
110		112
111		113
112	`if [ $nb_args -eq 0 ]`	114	`if [ $nb_args -eq 0 ]`
113	`then`	115	`then`
114	`echo "$usage"`	116	`echo "$usage"`
115	`exit 1`	117	`exit 1`
116	`fi`	118	`fi`
117		119
118	`case $arg1 in`	120	`case $arg1 in`
119	`-\? \| -h* \| --h*)`	121	`-\? \| -h* \| --h*)`
120	`echo "$usage"`	122	`echo "$usage"`
121	`exit 0`	123	`exit 0`
122	`;;`	124	`;;`
123	`-i)`	125	`-i)`
124	`arg3=$3`	126	`arg3=$3`
125	`arg5=$5`	127	`arg5=$5`
126	`cert=$2`	128	`cert=$2`
127	`key=$4`	129	`key=$4`
128	`sc=$6`	130	`sc=$6`
129		131
130	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	132	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
131	`then`	133	`then`
132	`echo "$usage"`	134	`echo "$usage"`
133	`exit 1`	135	`exit 1`
134	`fi`	136	`fi`
135		137
136	`if [ ! -f "$cert" -o ! -f "$key" ]`	138	`if [ ! -f "$cert" -o ! -f "$key" ]`
137	`then`	139	`then`
138	`echo "Certificate and/or private key not found"`	140	`echo "Certificate and/or private key not found"`
139	`exit 1`	141	`exit 1`
140	`fi`	142	`fi`
141		143
142	`if [ ${cert: -4} != ".crt" ]`	144	`if [ ${cert: -4} != ".crt" ]`
143	`then`	145	`then`
144	`echo "Invalid certificate file"`	146	`echo "Invalid certificate file"`
145	`exit 1`	147	`exit 1`
146	`fi`	148	`fi`
147		149
148	`if [ ${key: -4} != ".key" ]`	150	`if [ ${key: -4} != ".key" ]`
149	`then`	151	`then`
150	`echo "Invalid private key"`	152	`echo "Invalid private key"`
151	`exit 1`	153	`exit 1`
152	`fi`	154	`fi`
153		155
154	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`	156	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`
155	`then`	157	`then`
156	`echo "No server-chain given"`	158	`echo "No server-chain given"`
157	`echo "Importing certificate $cert with private key $key"`	159	`echo "Importing certificate $cert with private key $key"`
158	`sc=""`	160	`sc=""`
159	`else`	161	`else`
160	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	162	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
161	`fi`	163	`fi`
162		164
163	`domainName $cert`	165	`domainName $cert`
164	`certImport $cert $key $sc`	166	`certImport $cert $key $sc`
165	`systemctl restart chilli.service`	167	`for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist`
-		168	`do`
166	`systemctl restart httpd.service`	169	`systemctl restart $services`
-		170	`done`
167	`;;`	171	`;;`
168	`-d)`	172	`-d)`
169	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	173	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
170	`then`	174	`then`
171	`echo "Restoring default certificate"`	175	`echo "Restoring default certificate"`
172	`defaultCert`	176	`defaultCert`
173	`defaultNdd`	177	`defaultNdd`
174	`systemctl restart chilli.service`	178	`systemctl restart chilli.service`
175	`systemctl restart httpd.service`	179	`systemctl restart httpd.service`
176	`fi`	180	`fi`
177	`;;`	181	`;;`
178	`*)`	182	`*)`
179	`echo "$usage"`	183	`echo "$usage"`
180	`;;`	184	`;;`
181	`esac`	185	`esac`
182		186

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2688 – Rev 1733 → 1736