Subversion Repositories ALCASAR

Rev

Rev 1710 | Rev 1736 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log

Rev 1710 Rev 1733
Line 5... Line 5...
5 
 
 5 
 
6 
# This script is distributed under the Gnu General Public License (GPL)
 6 
# This script is distributed under the Gnu General Public License (GPL)
7 
 
 7 
 
8 
# Script permettant
 8 
# Script permettant
9 
# - d'importer des certificats sur Alcasar
 9 
# - d'importer des certificats sur Alcasar
- 
 
 10 
# - de revenir au certificat par default
10 
 
 11 
 
11 
# This script allows
 12 
# This script allows
12 
# - to import certificate in Alcasar
 13 
# - to import a certificate in Alcasar
- 
 
 14 
# - to go back to the default certificate
13 
 
 15 
 
14 
SED="/bin/sed -ri"
 16 
SED="/bin/sed -ri"
15 
 
 17 
 
16 
DIR_CERT="/etc/pki/tls"
 18 
DIR_CERT="/etc/pki/tls"
17 
 
 19 
 
18 
usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c ChaƮne.com"
 20 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
- 
 
 21 
 
19 
 
 22 
 
20 
nb_args=$#
 23 
nb_args=$#
21 
args=$1
 24 
arg1=$1
- 
 
 25 
 
- 
 
 26 
 
- 
 
 27 
# nb_args=$#
- 
 
 28 
# args=$1
22 
args1=$3
 29 
# args1=$3
23 
args2=$5
 30 
# args2=$5
24 
cert=$2
 31 
# cert=$2
25 
key=$4
 32 
# key=$4
26 
sc=$6
 33 
# sc=$6
- 
 
 34 
 
- 
 
 35 
function defaultNdd()
- 
 
 36 
{
- 
 
 37 
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
- 
 
 38 
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
- 
 
 39 
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
- 
 
 40 
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
- 
 
 41 
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
- 
 
 42 
}
- 
 
 43 
 
- 
 
 44 
function defaultCert()
- 
 
 45 
{
- 
 
 46 
	cd $DIR_CERT
- 
 
 47 
	rm private/alcasar.key
- 
 
 48 
	rm certs/alcasar.crt
- 
 
 49 
	mv certs/alcasar.crt.old certs/alcasar.crt
- 
 
 50 
	mv private/alcasar.key.old private/alcasar.key
- 
 
 51 
	if [ -f certs/server-chain.crt.old ]
- 
 
 52 
	then
- 
 
 53 
		rm certs/server-chain.crt
- 
 
 54 
		mv certs/server-chain.crt.old certs/server-chain.crt
- 
 
 55 
	fi
- 
 
 56 
}
27 
 
 57 
 
28 
function domainName() # change the domain name in the conf files
 58 
function domainName() # change the domain name in the conf files
29 
{
 59 
{
30 
 
 60 
 
31 
	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
 61 
	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
Line 76... Line 106...
76 
		chown root:apache certs/server-chain.crt
 106 
		chown root:apache certs/server-chain.crt
77 
		chmod 750 certs/server-chain.crt
 107 
		chmod 750 certs/server-chain.crt
78 
	fi
 108 
	fi
79 
}
 109 
}
80 
 
 110 
 
- 
 
 111 
 
81 
if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
 112 
if [ $nb_args -eq 0 ]
82 
then
 113 
then
83 
	nb_args=1
 114 
	echo "$usage"
84 
	args="-h"
 115 
	exit 1
85 
fi
 116 
fi
86 
 
 117 
 
87 
case $args in
 118 
case $arg1 in
88 
	-\? | -h* | --h*)
 119 
	-\? | -h* | --h*)
89 
		echo "$usage"
 120 
		echo "$usage"
90 
		exit 0
 121 
		exit 0
91 
		;;
 122 
		;;
92 
	-i)
 123 
	-i)
- 
 
 124 
		arg3=$3
- 
 
 125 
		arg5=$5
93 
		echo "You want import the certificate: $2"
 126 
		cert=$2
- 
 
 127 
		key=$4
94 
		;;
 128 
		sc=$6
95 
	*)
 129 
 
96 
	echo "Unknown argument: $1"
 130 
		if [ "$cert" == "" ] || [ "$key" == "" ]
- 
 
 131 
		then
97 
	echo "$usage"
 132 
			echo "$usage"
98 
	exit 1
 133 
			exit 1
99 
	;;
 134 
		fi
100 
esac
 - 
 
101 
 
 135 
 
102 
case $args1 in
 - 
 
103 
	-\? | -h* | --h*)
 136 
		if [ ! -f "$cert" -o ! -f "$key" ]
104 
		echo "$usage"
 - 
 
105 
		exit 0
 - 
 
106 
		;;
 137 
		then
107 
	-k)
 - 
 
108 
		echo "With the private key: $4"
 138 
			echo "Certificate and/or private key not found"
109 
		;;
 - 
 
110 
	*)
 - 
 
111 
	echo "Unknown argument: $3"
 - 
 
112 
	echo "$usage"
 - 
 
113 
	exit 1
 139 
			exit 1
114 
	;;
 140 
		fi
115 
esac
 - 
 
116 
 
 141 
 
117 
if [ "$args2" == "-c" ]
 142 
		if [ ${cert: -4} != ".crt" ]
118 
then
 143 
		then
119 
	echo "And the cert-chain: $6"
 144 
			echo "Invalid certificate file"
- 
 
 145 
			exit 1
- 
 
 146 
		fi
- 
 
 147 
 
120 
	if [ "$sc" == "" ]
 148 
		if [ ${key: -4} != ".key" ]
121 
	then
 149 
		then
122 
		echo "! Can't find the file of the chain-cert"
 150 
			echo "Invalid private key"
- 
 
 151 
			exit 1
123 
	fi
 152 
		fi
- 
 
 153 
 
- 
 
 154 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
124 
else
 155 
		then
125 
	echo "Without a cert-chain"
 156 
			echo "No server-chain given"
- 
 
 157 
			echo "Importing certificate $cert with private key $key"
126 
	sc=""
 158 
			sc=""
- 
 
 159 
		else
- 
 
 160 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
127 
fi
 161 
		fi
128 
 
 162 
 
129 
domainName
 163 
		domainName $cert
130 
certImport $cert $key $sc
 164 
		certImport $cert $key $sc
131 
systemctl restart chilli.service
 165 
		systemctl restart chilli.service
132 
systemctl restart httpd.service
 166 
		systemctl restart httpd.service
- 
 
 167 
		;;
- 
 
 168 
	-d)
- 
 
 169 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
- 
 
 170 
		then
- 
 
 171 
			echo "Restoring default certificate"
- 
 
 172 
			defaultCert
- 
 
 173 
			defaultNdd
- 
 
 174 
			systemctl restart chilli.service
- 
 
 175 
			systemctl restart httpd.service
- 
 
 176 
		fi
- 
 
 177 
		;;
- 
 
 178 
	*)
- 
 
 179 
		echo "$usage"
- 
 
 180 
		;;
- 
 
 181 
esac