WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/bash
#
# $Id: alcasar-importcert.sh 2488 2018-02-25 14:53:54Z lucas.echard $
#
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
#
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
nb_args=$#
arg1=$1
 
function defaultNdd()
{
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
	/usr/local/bin/alcasar-conf.sh --apply
}
 
function defaultCert()
{
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
	then
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
	fi
	cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
	chown root:apache $DIR_CERT/private/alcasar.pem
	chmod 750 $DIR_CERT/private/alcasar.pem
}
 
function domainName() # change the domain name in the conf files
{
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
 
	#check if there is a wildcard in $fqdn
	if [[ $fqdn == *"*"* ]];
	then
		hostname="alcasar"
		fqdn=${fqdn/"*"/$hostname}
	else
		hostname=$(echo $fqdn | cut -d'.' -f1)
	fi
	domain=$(echo $fqdn | cut -d'.' -f2-)
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 
	#check fqdn format
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		/usr/local/bin/alcasar-conf.sh --apply
	fi
}
 
function certImport()
{
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
	fi
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
	fi
 
	cp $cert $DIR_CERT/certs/alcasar.crt
	cp $key $DIR_CERT/private/alcasar.key
	cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
 
	chown root:apache $DIR_CERT/certs/alcasar.crt
	chown root:apache $DIR_CERT/private/alcasar.key
	chown root:apache $DIR_CERT/private/alcasar.pem
 
	chmod 750 $DIR_CERT/certs/alcasar.crt
	chmod 750 $DIR_CERT/private/alcasar.key
	chmod 750 $DIR_CERT/private/alcasar.pem
 
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
		then
			echo "Backup of old cert-chain (server-chain.crt)"
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
		fi
		cp $sc $DIR_CERT/certs/server-chain.crt
		chown root:apache $DIR_CERT/certs/server-chain.crt
		chmod 750 $DIR_CERT/certs/server-chain.crt
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo -e "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo -e "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo -e "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			if [ ! -f "$sc" ]
			then
				echo "Server-chain certificate not found"
				exit 1
			fi
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
			then
				echo "Invalid server-chain certificate file"
				exit 1
			fi
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
		domainName $cert
		certImport $cert $key $sc
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
		do
			echo "restarting $services"; systemctl restart $services; sleep 1
		done
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			defaultNdd
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
			do
				echo "restarting $services"; systemctl restart $services; sleep 1
			done
		fi
		;;
	*)
		echo -e "$usage"
		;;
esac
 

Rev 2472	Rev 2488
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`#`	2	`#`
3	`# $Id: alcasar-importcert.sh 2472 2017-12-29 23:49:24Z tom.houdayer $`	3	`# $Id: alcasar-importcert.sh 2488 2018-02-25 14:53:54Z lucas.echard $`
4	`#`	4	`#`
5	`# alcasar-importcert.sh`	5	`# alcasar-importcert.sh`
6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`	6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
7	`#`	7	`#`
8	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
9	`#`	9	`#`
10	`# Script permettant`	10	`# Script permettant`
11	`# - d'importer des certificats sur Alcasar`	11	`# - d'importer des certificats sur Alcasar`
12	`# - de revenir au certificat par default`	12	`# - de revenir au certificat par default`
13	`#`	13	`#`
14	`# This script allows`	14	`# This script allows`
15	`# - to import a certificate in Alcasar`	15	`# - to import a certificate in Alcasar`
16	`# - to go back to the default certificate`	16	`# - to go back to the default certificate`
17		17
18	`SED="/bin/sed -ri"`	18	`SED="/bin/sed -ri"`
19	`DIR_CERT="/etc/pki/tls"`	19	`DIR_CERT="/etc/pki/tls"`
20	`CONF_FILE="/usr/local/etc/alcasar.conf"`	20	`CONF_FILE="/usr/local/etc/alcasar.conf"`
21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
23		23
24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`	24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`
25	`nb_args=$#`	25	`nb_args=$#`
26	`arg1=$1`	26	`arg1=$1`
27		27
28	`function defaultNdd()`	28	`function defaultNdd()`
29	`{`	29	`{`
30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`	30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`
31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`	31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`
32	`/usr/local/bin/alcasar-conf.sh --apply`	32	`/usr/local/bin/alcasar-conf.sh --apply`
33	`}`	33	`}`
34		34
35	`function defaultCert()`	35	`function defaultCert()`
36	`{`	36	`{`
37	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`	37	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
38	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`	38	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
39	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`	39	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`
40	`then`	40	`then`
41	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`	41	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`
42	`fi`	42	`fi`
-		43	`cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem`
-		44	`chown root:apache $DIR_CERT/private/alcasar.pem`
-		45	`chmod 750 $DIR_CERT/private/alcasar.pem`
43	`}`	46	`}`
44		47
45	`function domainName() # change the domain name in the conf files`	48	`function domainName() # change the domain name in the conf files`
46	`{`	49	`{`
47	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`	50	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`
48		51
49	`#check if there is a wildcard in $fqdn`	52	`#check if there is a wildcard in $fqdn`
50	`if [[ $fqdn == ""* ]];`	53	`if [[ $fqdn == ""* ]];`
51	`then`	54	`then`
52	`hostname="alcasar"`	55	`hostname="alcasar"`
53	`fqdn=${fqdn/"*"/$hostname}`	56	`fqdn=${fqdn/"*"/$hostname}`
54	`else`	57	`else`
55	`hostname=$(echo $fqdn \| cut -d'.' -f1)`	58	`hostname=$(echo $fqdn \| cut -d'.' -f1)`
56	`fi`	59	`fi`
57	`domain=$(echo $fqdn \| cut -d'.' -f2-)`	60	`domain=$(echo $fqdn \| cut -d'.' -f2-)`
58	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`	61	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
59		62
60	`#check fqdn format`	63	`#check fqdn format`
61	`if [[ "$fqdn" != "" && "$domain" != "" ]]; then`	64	`if [[ "$fqdn" != "" && "$domain" != "" ]]; then`
62	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`	65	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`
63	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`	66	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
64	`/usr/local/bin/alcasar-conf.sh --apply`	67	`/usr/local/bin/alcasar-conf.sh --apply`
65	`fi`	68	`fi`
66	`}`	69	`}`
67		70
68	`function certImport()`	71	`function certImport()`
69	`{`	72	`{`
70	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`	73	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
71	`then`	74	`then`
72	`echo "Backup of old cert (alcasar.crt)"`	75	`echo "Backup of old cert (alcasar.crt)"`
73	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`	76	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
74	`fi`	77	`fi`
75	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`	78	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
76	`then`	79	`then`
77	`echo "Backup of old private key (alcasar.key)"`	80	`echo "Backup of old private key (alcasar.key)"`
78	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`	81	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
79	`fi`	82	`fi`
80		83
81	`cp $cert $DIR_CERT/certs/alcasar.crt`	84	`cp $cert $DIR_CERT/certs/alcasar.crt`
82	`cp $key $DIR_CERT/private/alcasar.key`	85	`cp $key $DIR_CERT/private/alcasar.key`
-		86	`cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem`
83		87
84	`chown root:apache $DIR_CERT/certs/alcasar.crt`	88	`chown root:apache $DIR_CERT/certs/alcasar.crt`
85	`chown root:apache $DIR_CERT/private/alcasar.key`	89	`chown root:apache $DIR_CERT/private/alcasar.key`
-		90	`chown root:apache $DIR_CERT/private/alcasar.pem`
86		91
87	`chmod 750 $DIR_CERT/certs/alcasar.crt`	92	`chmod 750 $DIR_CERT/certs/alcasar.crt`
88	`chmod 750 $DIR_CERT/private/alcasar.key`	93	`chmod 750 $DIR_CERT/private/alcasar.key`
-		94	`chmod 750 $DIR_CERT/private/alcasar.pem`
89		95
90	`if [ "$sc" != "" ]`	96	`if [ "$sc" != "" ]`
91	`then`	97	`then`
92	`echo "cert-chain exists"`	98	`echo "cert-chain exists"`
93	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`	99	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`
94	`then`	100	`then`
95	`echo "Backup of old cert-chain (server-chain.crt)"`	101	`echo "Backup of old cert-chain (server-chain.crt)"`
96	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`	102	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`
97	`fi`	103	`fi`
98	`cp $sc $DIR_CERT/certs/server-chain.crt`	104	`cp $sc $DIR_CERT/certs/server-chain.crt`
99	`chown root:apache $DIR_CERT/certs/server-chain.crt`	105	`chown root:apache $DIR_CERT/certs/server-chain.crt`
100	`chmod 750 $DIR_CERT/certs/server-chain.crt`	106	`chmod 750 $DIR_CERT/certs/server-chain.crt`
101	`fi`	107	`fi`
102	`}`	108	`}`
103		109
104		110
105	`if [ $nb_args -eq 0 ]`	111	`if [ $nb_args -eq 0 ]`
106	`then`	112	`then`
107	`echo -e "$usage"`	113	`echo -e "$usage"`
108	`exit 1`	114	`exit 1`
109	`fi`	115	`fi`
110		116
111	`case $arg1 in`	117	`case $arg1 in`
112	`-\? \| -h* \| --h*)`	118	`-\? \| -h* \| --h*)`
113	`echo -e "$usage"`	119	`echo -e "$usage"`
114	`exit 0`	120	`exit 0`
115	`;;`	121	`;;`
116	`-i)`	122	`-i)`
117	`arg3=$3`	123	`arg3=$3`
118	`arg5=$5`	124	`arg5=$5`
119	`cert=$2`	125	`cert=$2`
120	`key=$4`	126	`key=$4`
121	`sc=$6`	127	`sc=$6`
122		128
123	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	129	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
124	`then`	130	`then`
125	`echo -e "$usage"`	131	`echo -e "$usage"`
126	`exit 1`	132	`exit 1`
127	`fi`	133	`fi`
128		134
129	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`	135	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`
130	`then`	136	`then`
131	`echo "Certificate and/or private key not found"`	137	`echo "Certificate and/or private key not found"`
132	`exit 1`	138	`exit 1`
133	`fi`	139	`fi`
134		140
135	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`	141	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`
136	`then`	142	`then`
137	`echo "Invalid certificate file"`	143	`echo "Invalid certificate file"`
138	`exit 1`	144	`exit 1`
139	`fi`	145	`fi`
140		146
141	`if [ ${key: -4} != ".key" ]`	147	`if [ ${key: -4} != ".key" ]`
142	`then`	148	`then`
143	`echo "Invalid private key"`	149	`echo "Invalid private key"`
144	`exit 1`	150	`exit 1`
145	`fi`	151	`fi`
146		152
147	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`	153	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`
148	`then`	154	`then`
149	`echo "No server-chain given"`	155	`echo "No server-chain given"`
150	`echo "Importing certificate $cert with private key $key"`	156	`echo "Importing certificate $cert with private key $key"`
151	`sc=""`	157	`sc=""`
152	`else`	158	`else`
153	`if [ ! -f "$sc" ]`	159	`if [ ! -f "$sc" ]`
154	`then`	160	`then`
155	`echo "Server-chain certificate not found"`	161	`echo "Server-chain certificate not found"`
156	`exit 1`	162	`exit 1`
157	`fi`	163	`fi`
158	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]`	164	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]`
159	`then`	165	`then`
160	`echo "Invalid server-chain certificate file"`	166	`echo "Invalid server-chain certificate file"`
161	`exit 1`	167	`exit 1`
162	`fi`	168	`fi`
163	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	169	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
164	`fi`	170	`fi`
165	`domainName $cert`	171	`domainName $cert`
166	`certImport $cert $key $sc`	172	`certImport $cert $key $sc`
167	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	173	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd`
168	`do`	174	`do`
169	`echo "restarting $services"; systemctl restart $services; sleep 1`	175	`echo "restarting $services"; systemctl restart $services; sleep 1`
170	`done`	176	`done`
171	`;;`	177	`;;`
172	`-d)`	178	`-d)`
173	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	179	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
174	`then`	180	`then`
175	`echo "Restoring default certificate"`	181	`echo "Restoring default certificate"`
176	`defaultCert`	182	`defaultCert`
177	`defaultNdd`	183	`defaultNdd`
178	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	184	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd`
179	`do`	185	`do`
180	`echo "restarting $services"; systemctl restart $services; sleep 1`	186	`echo "restarting $services"; systemctl restart $services; sleep 1`
181	`done`	187	`done`
182	`fi`	188	`fi`
183	`;;`	189	`;;`
184	`*)`	190	`*)`
185	`echo -e "$usage"`	191	`echo -e "$usage"`
186	`;;`	192	`;;`
187	`esac`	193	`esac`
188		194

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh – Rev 2472 → 2488