WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/sh
#
# $Id: alcasar-importcert.sh 2223 2017-05-14 14:38:01Z tom.houdayer $
#
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
#
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
DEFAULT_FQDN='alcasar.localdomain'
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
nb_args=$#
arg1=$1
 
 
function defaultNdd()
{
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
	cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	alcasar alcasar.localdomain
EOF
	$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf
	$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf
	hostnamectl set-hostname alcasar.localdomain
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^    ServerName.*/    ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf
}
 
function defaultCert()
{
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
	then
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
	#else 
	#	rm -f $DIR_CERT/certs/server-chain.crt
	fi
}
 
function domainName() # change the domain name in the conf files
{
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
 
        #check if there is a wildcard in $fqdn
        if [[ $fqdn == *"*"* ]];
        then
                hostname="alcasar"
                fqdn=${fqdn/"*"/$hostname}
        else
                hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
        fi
        domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
        echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 
        #check fqdn format      
        if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];
	then
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$hostname $hostname.localdomain $fqdn
EOF
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
		hostnamectl set-hostname $fqdn
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^    ServerName.*/    ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
	fi
}
 
function certImport()
{
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
	fi
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
	fi
	cp $cert $DIR_CERT/certs/alcasar.crt
	cp $key $DIR_CERT/private/alcasar.key
 
	rm $cert $key
 
	chown root:apache $DIR_CERT/certs/alcasar.crt
	chown root:apache $DIR_CERT/private/alcasar.key
 
	chmod 750 $DIR_CERT/certs/alcasar.crt
	chmod 750 $DIR_CERT/private/alcasar.key
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
		then
			echo "Backup of old cert-chain (server-chain.crt)"
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
		fi
		cp $sc $DIR_CERT/certs/server-chain.crt
		rm $sc
		chown root:apache $DIR_CERT/certs/server-chain.crt
		chmod 750 $DIR_CERT/certs/server-chain.crt
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" -o ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
		domainName $cert
		certImport $cert $key $sc
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
		do
			echo "restarting $services"; systemctl restart $services; sleep 1
		done
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			defaultNdd
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
			do
				echo "restarting $services"; systemctl restart $services; sleep 1
			done
		fi
		;;
	*)
		echo "$usage"
		;;
esac
 

Rev 1963	Rev 2223
1	`#!/bin/sh`	1	`#!/bin/sh`
-		2	`#`
-		3	`# $Id: alcasar-importcert.sh 2223 2017-05-14 14:38:01Z tom.houdayer $`
2		4	`#`
3	`# alcasar-importcert.sh`	5	`# alcasar-importcert.sh`
4	`# by Raphaël, Hugo, Clément, Bettyna & rexy`	6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
5		7	`#`
6	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
7		9	`#`
8	`# Script permettant`	10	`# Script permettant`
9	`# - d'importer des certificats sur Alcasar`	11	`# - d'importer des certificats sur Alcasar`
10	`# - de revenir au certificat par default`	12	`# - de revenir au certificat par default`
11		13	`#`
12	`# This script allows`	14	`# This script allows`
13	`# - to import a certificate in Alcasar`	15	`# - to import a certificate in Alcasar`
14	`# - to go back to the default certificate`	16	`# - to go back to the default certificate`
15		17
16	`SED="/bin/sed -ri"`	18	`SED="/bin/sed -ri"`
17	`DIR_CERT="/etc/pki/tls"`	19	`DIR_CERT="/etc/pki/tls"`
18	`CONF_FILE="/usr/local/etc/alcasar.conf"`	20	`CONF_FILE="/usr/local/etc/alcasar.conf"`
19	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`	21	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`
20	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
21	`DEFAULT_FQDN='alcasar.localdomain'`	23	`DEFAULT_FQDN='alcasar.localdomain'`
22		24
23	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`	25	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`
24	`nb_args=$#`	26	`nb_args=$#`
25	`arg1=$1`	27	`arg1=$1`
26		28
27		29
28	`function defaultNdd()`	30	`function defaultNdd()`
29	`{`	31	`{`
30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`	32	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`
31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`	33	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`
32	`cat <<EOF > /etc/hosts`	34	`cat <<EOF > /etc/hosts`
33	`127.0.0.1 localhost`	35	`127.0.0.1 localhost`
34	`$PRIVATE_IP alcasar alcasar.localdomain`	36	`$PRIVATE_IP alcasar alcasar.localdomain`
35	`EOF`	37	`EOF`
36	`$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf`	38	`$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf`
37	`$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf`	39	`$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf`
38	`$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf`	40	`$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf`
39	`$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf`	41	`$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf`
40	`$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf`	42	`$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf`
41	`hostnamectl set-hostname alcasar.localdomain`	43	`hostnamectl set-hostname alcasar.localdomain`
42	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	44	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
43	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`	45	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`
44	`$SED "s/^ ServerName.*/ ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf`	46	`$SED "s/^ ServerName.*/ ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf`
45	`}`	47	`}`
46		48
47	`function defaultCert()`	49	`function defaultCert()`
48	`{`	50	`{`
49	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`	51	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
50	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`	52	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
51	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`	53	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`
52	`then`	54	`then`
53	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`	55	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`
54	`#else`	56	`#else`
55	`# rm -f $DIR_CERT/certs/server-chain.crt`	57	`# rm -f $DIR_CERT/certs/server-chain.crt`
56	`fi`	58	`fi`
57	`}`	59	`}`
58		60
59	`function domainName() # change the domain name in the conf files`	61	`function domainName() # change the domain name in the conf files`
60	`{`	62	`{`
61	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`	63	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`
62		64
63	`#check if there is a wildcard in $fqdn`	65	`#check if there is a wildcard in $fqdn`
64	`if [[ $fqdn == ""* ]];`	66	`if [[ $fqdn == ""* ]];`
65	`then`	67	`then`
66	`hostname="alcasar"`	68	`hostname="alcasar"`
67	`fqdn=${fqdn/"*"/$hostname}`	69	`fqdn=${fqdn/"*"/$hostname}`
68	`else`	70	`else`
69	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`	71	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`
70	`fi`	72	`fi`
71	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \|sed 's/^.//'`	73	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \|sed 's/^.//'`
72	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`	74	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
73		75
74	`#check fqdn format`	76	`#check fqdn format`
75	`if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];`	77	`if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];`
76	`then`	78	`then`
77	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`	79	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`
78	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`	80	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
79	`cat <<EOF > /etc/hosts`	81	`cat <<EOF > /etc/hosts`
80	`127.0.0.1 localhost`	82	`127.0.0.1 localhost`
81	`$PRIVATE_IP $hostname $hostname.localdomain $fqdn`	83	`$PRIVATE_IP $hostname $hostname.localdomain $fqdn`
82	`EOF`	84	`EOF`
83	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`	85	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`
84	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`	86	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`
85	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`	87	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`
86	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`	88	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`
87	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`	89	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`
88	`hostnamectl set-hostname $fqdn`	90	`hostnamectl set-hostname $fqdn`
89	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	91	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
90	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`	92	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`
91	`$SED "s/^ ServerName.*/ ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default`	93	`$SED "s/^ ServerName.*/ ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default`
92	`fi`	94	`fi`
93	`}`	95	`}`
94		96
95	`function certImport()`	97	`function certImport()`
96	`{`	98	`{`
97	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`	99	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
98	`then`	100	`then`
99	`echo "Backup of old cert (alcasar.crt)"`	101	`echo "Backup of old cert (alcasar.crt)"`
100	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`	102	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
101	`fi`	103	`fi`
102	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`	104	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
103	`then`	105	`then`
104	`echo "Backup of old private key (alcasar.key)"`	106	`echo "Backup of old private key (alcasar.key)"`
105	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`	107	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
106	`fi`	108	`fi`
107	`cp $cert $DIR_CERT/certs/alcasar.crt`	109	`cp $cert $DIR_CERT/certs/alcasar.crt`
108	`cp $key $DIR_CERT/private/alcasar.key`	110	`cp $key $DIR_CERT/private/alcasar.key`
109		111
110	`rm $cert $key`	112	`rm $cert $key`
111		113
112	`chown root:apache $DIR_CERT/certs/alcasar.crt`	114	`chown root:apache $DIR_CERT/certs/alcasar.crt`
113	`chown root:apache $DIR_CERT/private/alcasar.key`	115	`chown root:apache $DIR_CERT/private/alcasar.key`
114		116
115	`chmod 750 $DIR_CERT/certs/alcasar.crt`	117	`chmod 750 $DIR_CERT/certs/alcasar.crt`
116	`chmod 750 $DIR_CERT/private/alcasar.key`	118	`chmod 750 $DIR_CERT/private/alcasar.key`
117	`if [ "$sc" != "" ]`	119	`if [ "$sc" != "" ]`
118	`then`	120	`then`
119	`echo "cert-chain exists"`	121	`echo "cert-chain exists"`
120	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`	122	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`
121	`then`	123	`then`
122	`echo "Backup of old cert-chain (server-chain.crt)"`	124	`echo "Backup of old cert-chain (server-chain.crt)"`
123	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`	125	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`
124	`fi`	126	`fi`
125	`cp $sc $DIR_CERT/certs/server-chain.crt`	127	`cp $sc $DIR_CERT/certs/server-chain.crt`
126	`rm $sc`	128	`rm $sc`
127	`chown root:apache $DIR_CERT/certs/server-chain.crt`	129	`chown root:apache $DIR_CERT/certs/server-chain.crt`
128	`chmod 750 $DIR_CERT/certs/server-chain.crt`	130	`chmod 750 $DIR_CERT/certs/server-chain.crt`
129	`fi`	131	`fi`
130	`}`	132	`}`
131		133
132		134
133	`if [ $nb_args -eq 0 ]`	135	`if [ $nb_args -eq 0 ]`
134	`then`	136	`then`
135	`echo "$usage"`	137	`echo "$usage"`
136	`exit 1`	138	`exit 1`
137	`fi`	139	`fi`
138		140
139	`case $arg1 in`	141	`case $arg1 in`
140	`-\? \| -h* \| --h*)`	142	`-\? \| -h* \| --h*)`
141	`echo "$usage"`	143	`echo "$usage"`
142	`exit 0`	144	`exit 0`
143	`;;`	145	`;;`
144	`-i)`	146	`-i)`
145	`arg3=$3`	147	`arg3=$3`
146	`arg5=$5`	148	`arg5=$5`
147	`cert=$2`	149	`cert=$2`
148	`key=$4`	150	`key=$4`
149	`sc=$6`	151	`sc=$6`
150		152
151	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	153	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
152	`then`	154	`then`
153	`echo "$usage"`	155	`echo "$usage"`
154	`exit 1`	156	`exit 1`
155	`fi`	157	`fi`
156		158
157	`if [ ! -f "$cert" -o ! -f "$key" ]`	159	`if [ ! -f "$cert" -o ! -f "$key" ]`
158	`then`	160	`then`
159	`echo "Certificate and/or private key not found"`	161	`echo "Certificate and/or private key not found"`
160	`exit 1`	162	`exit 1`
161	`fi`	163	`fi`
162		164
163	`if [ ${cert: -4} != ".crt" ]`	165	`if [ ${cert: -4} != ".crt" ]`
164	`then`	166	`then`
165	`echo "Invalid certificate file"`	167	`echo "Invalid certificate file"`
166	`exit 1`	168	`exit 1`
167	`fi`	169	`fi`
168		170
169	`if [ ${key: -4} != ".key" ]`	171	`if [ ${key: -4} != ".key" ]`
170	`then`	172	`then`
171	`echo "Invalid private key"`	173	`echo "Invalid private key"`
172	`exit 1`	174	`exit 1`
173	`fi`	175	`fi`
174		176
175	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`	177	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`
176	`then`	178	`then`
177	`echo "No server-chain given"`	179	`echo "No server-chain given"`
178	`echo "Importing certificate $cert with private key $key"`	180	`echo "Importing certificate $cert with private key $key"`
179	`sc=""`	181	`sc=""`
180	`else`	182	`else`
181	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	183	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
182	`fi`	184	`fi`
183	`domainName $cert`	185	`domainName $cert`
184	`certImport $cert $key $sc`	186	`certImport $cert $key $sc`
185	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	187	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`
186	`do`	188	`do`
187	`echo "restarting $services"; systemctl restart $services; sleep 1`	189	`echo "restarting $services"; systemctl restart $services; sleep 1`
188	`done`	190	`done`
189	`;;`	191	`;;`
190	`-d)`	192	`-d)`
191	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	193	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
192	`then`	194	`then`
193	`echo "Restoring default certificate"`	195	`echo "Restoring default certificate"`
194	`defaultCert`	196	`defaultCert`
195	`defaultNdd`	197	`defaultNdd`
196	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	198	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`
197	`do`	199	`do`
198	`echo "restarting $services"; systemctl restart $services; sleep 1`	200	`echo "restarting $services"; systemctl restart $services; sleep 1`
199	`done`	201	`done`
200	`fi`	202	`fi`
201	`;;`	203	`;;`
202	`*)`	204	`*)`
203	`echo "$usage"`	205	`echo "$usage"`
204	`;;`	206	`;;`
205	`esac`	207	`esac`
206		208

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2850 – Rev 1963 → 2223