Subversion Repositories ALCASAR

Rev

Rev 2472 | Rev 2554 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
2260 tom.houday 1 
#!/bin/bash
2223 tom.houday 2 
#
3 
# $Id: alcasar-importcert.sh 2488 2018-02-25 14:53:54Z lucas.echard $
4 
#
1710 richard 5 
# alcasar-importcert.sh
1736 richard 6 
# by Raphaël, Hugo, Clément, Bettyna & rexy
2223 tom.houday 7 
#
1710 richard 8 
# This script is distributed under the Gnu General Public License (GPL)
2223 tom.houday 9 
#
1710 richard 10 
# Script permettant
11 
# - d'importer des certificats sur Alcasar
1733 richard 12 
# - de revenir au certificat par default
2223 tom.houday 13 
#
1710 richard 14 
# This script allows
1733 richard 15 
# - to import a certificate in Alcasar
16 
# - to go back to the default certificate
1710 richard 17 
 
18 
SED="/bin/sed -ri"
19 
DIR_CERT="/etc/pki/tls"
1736 richard 20 
CONF_FILE="/usr/local/etc/alcasar.conf"
2260 tom.houday 21 
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
1736 richard 22 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
1710 richard 23 
 
2260 tom.houday 24 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
1710 richard 25 
nb_args=$#
1733 richard 26 
arg1=$1
1710 richard 27 
 
1733 richard 28 
function defaultNdd()
29 
{
1758 richard 30 
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
31 
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
2309 tom.houday 32 
	/usr/local/bin/alcasar-conf.sh --apply
1733 richard 33 
}
34 
 
35 
function defaultCert()
36 
{
1740 richard 37 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
38 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
39 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
1733 richard 40 
	then
1740 richard 41 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
1733 richard 42 
	fi
2488 lucas.echa 43 
	cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
44 
	chown root:apache $DIR_CERT/private/alcasar.pem
45 
	chmod 750 $DIR_CERT/private/alcasar.pem
1733 richard 46 
}
47 
 
1710 richard 48 
function domainName() # change the domain name in the conf files
49 
{
1744 clement.si 50 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
1934 raphael.pi 51 
 
2260 tom.houday 52 
	#check if there is a wildcard in $fqdn
53 
	if [[ $fqdn == *"*"* ]];
54 
	then
55 
		hostname="alcasar"
56 
		fqdn=${fqdn/"*"/$hostname}
57 
	else
2472 tom.houday 58 
		hostname=$(echo $fqdn | cut -d'.' -f1)
2260 tom.houday 59 
	fi
2472 tom.houday 60 
	domain=$(echo $fqdn | cut -d'.' -f2-)
2260 tom.houday 61 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
1934 raphael.pi 62 
 
2454 tom.houday 63 
	#check fqdn format
2309 tom.houday 64 
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
1758 richard 65 
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
1736 richard 66 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
2309 tom.houday 67 
		/usr/local/bin/alcasar-conf.sh --apply
1710 richard 68 
	fi
69 
}
70 
 
71 
function certImport()
72 
{
1740 richard 73 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
1710 richard 74 
	then
75 
		echo "Backup of old cert (alcasar.crt)"
1740 richard 76 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
1710 richard 77 
	fi
1740 richard 78 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
1710 richard 79 
	then
80 
		echo "Backup of old private key (alcasar.key)"
1740 richard 81 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
1710 richard 82 
	fi
2260 tom.houday 83 
 
1740 richard 84 
	cp $cert $DIR_CERT/certs/alcasar.crt
85 
	cp $key $DIR_CERT/private/alcasar.key
2488 lucas.echa 86 
	cat $DIR_CERT/private/alcasar.key $DIR_CERT/certs/alcasar.crt > $DIR_CERT/private/alcasar.pem
1733 richard 87 
 
1740 richard 88 
	chown root:apache $DIR_CERT/certs/alcasar.crt
89 
	chown root:apache $DIR_CERT/private/alcasar.key
2488 lucas.echa 90 
	chown root:apache $DIR_CERT/private/alcasar.pem
1710 richard 91 
 
1740 richard 92 
	chmod 750 $DIR_CERT/certs/alcasar.crt
93 
	chmod 750 $DIR_CERT/private/alcasar.key
2488 lucas.echa 94 
	chmod 750 $DIR_CERT/private/alcasar.pem
2260 tom.houday 95 
 
1710 richard 96 
	if [ "$sc" != "" ]
97 
	then
98 
		echo "cert-chain exists"
1740 richard 99 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
1710 richard 100 
		then
101 
			echo "Backup of old cert-chain (server-chain.crt)"
1740 richard 102 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
1710 richard 103 
		fi
1740 richard 104 
		cp $sc $DIR_CERT/certs/server-chain.crt
105 
		chown root:apache $DIR_CERT/certs/server-chain.crt
106 
		chmod 750 $DIR_CERT/certs/server-chain.crt
1710 richard 107 
	fi
108 
}
109 
 
1733 richard 110 
 
111 
if [ $nb_args -eq 0 ]
1710 richard 112 
then
2260 tom.houday 113 
	echo -e "$usage"
1733 richard 114 
	exit 1
1710 richard 115 
fi
116 
 
1733 richard 117 
case $arg1 in
1710 richard 118 
	-\? | -h* | --h*)
2260 tom.houday 119 
		echo -e "$usage"
1710 richard 120 
		exit 0
121 
		;;
122 
	-i)
1733 richard 123 
		arg3=$3
124 
		arg5=$5
125 
		cert=$2
126 
		key=$4
127 
		sc=$6
128 
 
129 
		if [ "$cert" == "" ] || [ "$key" == "" ]
130 
		then
2260 tom.houday 131 
			echo -e "$usage"
1733 richard 132 
			exit 1
133 
		fi
134 
 
2260 tom.houday 135 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
1733 richard 136 
		then
137 
			echo "Certificate and/or private key not found"
138 
			exit 1
139 
		fi
140 
 
2261 tom.houday 141 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
1733 richard 142 
		then
143 
			echo "Invalid certificate file"
144 
			exit 1
145 
		fi
146 
 
147 
		if [ ${key: -4} != ".key" ]
148 
		then
149 
			echo "Invalid private key"
150 
			exit 1
151 
		fi
152 
 
2261 tom.houday 153 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
1733 richard 154 
		then
155 
			echo "No server-chain given"
156 
			echo "Importing certificate $cert with private key $key"
157 
			sc=""
158 
		else
2261 tom.houday 159 
			if [ ! -f "$sc" ]
160 
			then
161 
				echo "Server-chain certificate not found"
162 
				exit 1
163 
			fi
164 
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
165 
			then
166 
				echo "Invalid server-chain certificate file"
167 
				exit 1
168 
			fi
1733 richard 169 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
170 
		fi
171 
		domainName $cert
172 
		certImport $cert $key $sc
2488 lucas.echa 173 
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
1740 richard 174 
		do
175 
			echo "restarting $services"; systemctl restart $services; sleep 1
176 
		done
1710 richard 177 
		;;
1733 richard 178 
	-d)
179 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
180 
		then
181 
			echo "Restoring default certificate"
182 
			defaultCert
183 
			defaultNdd
2488 lucas.echa 184 
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist lighttpd
1740 richard 185 
			do
186 
				echo "restarting $services"; systemctl restart $services; sleep 1
187 
			done
1733 richard 188 
		fi
189 
		;;
1710 richard 190 
	*)
2260 tom.houday 191 
		echo -e "$usage"
1710 richard 192 
		;;
193 
esac