WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh

 #!/bin/sh
 # alcasar-importcert.sh
 # by Raphaël, Hugo, Clément, Bettyna
 # This script is distributed under the Gnu General Public License (GPL)
 # Script permettant
 # - d'importer des certificats sur Alcasar
+# - de revenir au certificat par default
 # This script allows
-# - to import certificate in Alcasar
+# - to import a certificate in Alcasar
+# - to go back to the default certificate
 SED="/bin/sed -ri"
 DIR_CERT="/etc/pki/tls"
-usage="Usage: alcasar-importcert.sh -i YourCertificate.crt -k YourAlcasar.key -c Chaîne.com"
+usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
 nb_args=$#
-args=$1
+arg1=$1
+# nb_args=$#
+# args=$1
-args1=$3
+# args1=$3
-args2=$5
+# args2=$5
-cert=$2
+# cert=$2
-key=$4
+# key=$4
-sc=$6
+# sc=$6
+function defaultNdd()
+{
+	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
+	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
+	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
+	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
+	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
+}
+function defaultCert()
+{
+	cd $DIR_CERT
+	rm private/alcasar.key
+	rm certs/alcasar.crt
+	mv certs/alcasar.crt.old certs/alcasar.crt
+	mv private/alcasar.key.old private/alcasar.key
+	if [ -f certs/server-chain.crt.old ]
+	then
+		rm certs/server-chain.crt
+		mv certs/server-chain.crt.old certs/server-chain.crt
+	fi
+}
 function domainName() # change the domain name in the conf files
+{
 	ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
 	echo $ndd
 	if [ "$ndd" != "" ]
 	then
 		$SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
 		$SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
 		$SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
 		$SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
 		$SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
 	fi
+}
 function certImport()
+{
 	cd $DIR_CERT
 	if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
 	then
 		echo "Backup of old cert (alcasar.crt)"
 		mv certs/alcasar.crt certs/alcasar.crt.old
 	fi
 	if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
 	then
 		echo "Backup of old private key (alcasar.key)"
 		mv private/alcasar.key private/alcasar.key.old
 	fi
 	cp $cert certs/alcasar.crt
 	cp $key private/alcasar.key
 	chown root:apache certs/alcasar.crt
 	chown root:apache private/alcasar.key
 	chmod 750 certs/alcasar.crt
 	chmod 750 private/alcasar.key
 	if [ "$sc" != "" ]
 	then
 		echo "cert-chain exists"
 		if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
 		then
 			echo "Backup of old cert-chain (server-chain.crt)"
 			mv certs/server-chain.crt certs/server-chain.crt.old
 		fi
 		cp $sc certs/server-chain.crt
 		chown root:apache certs/server-chain.crt
 		chmod 750 certs/server-chain.crt
 	fi
+}
-if [ $nb_args -eq 0 ] || [ "$cert" == "" ] || [ "$key" == "" ]
+if [ $nb_args -eq 0 ]
 then
-	nb_args=1
+	echo "$usage"
-	args="-h"
+	exit 1
 fi
-case $args in
+case $arg1 in
 	-\? | -h* | --h*)
 		echo "$usage"
 		exit 0
 		;;
 	-i)
-		echo "You want import the certificate: $2"
-		;;
+		arg3=$3
-	*)
-	echo "Unknown argument: $1"
-	echo "$usage"
+		arg5=$5
-	exit 1
+		cert=$2
-	;;
+		key=$4
-esac
+		sc=$6
-case $args1 in
+		if [ "$cert" == "" ] || [ "$key" == "" ]
-	-\? | -h* | --h*)
+		then
-		echo "$usage"
+			echo "$usage"
+			exit 1
+		fi
+		if [ ! -f "$cert" -o ! -f "$key" ]
+		then
+			echo "Certificate and/or private key not found"
+			exit 1
+		fi
+		if [ ${cert: -4} != ".crt" ]
+		then
+			echo "Invalid certificate file"
+			exit 1
+		fi
+		if [ ${key: -4} != ".key" ]
+		then
+			echo "Invalid private key"
-		exit 0
+			exit 1
+		fi
+		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
+		then
+			echo "No server-chain given"
+			echo "Importing certificate $cert with private key $key"
+			sc=""
+		else
+			echo "Importing certificate $cert with private key $key and server-chain $sc"
+		fi
+		domainName $cert
+		certImport $cert $key $sc
+		systemctl restart chilli.service
+		systemctl restart httpd.service
 		;;
-	-k)
+	-d)
+		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
+		then
-		echo "With the private key: $4"
+			echo "Restoring default certificate"
+			defaultCert
+			defaultNdd
+			systemctl restart chilli.service
+			systemctl restart httpd.service
+		fi
 		;;
 	*)
-	echo "Unknown argument: $3"
-	echo "$usage"
+		echo "$usage"
-	exit 1
-	;;
+		;;
 esac
-if [ "$args2" == "-c" ]
-then
-	echo "And the cert-chain: $6"
-	if [ "$sc" == "" ]
-	then
-		echo "! Can't find the file of the chain-cert"
-	fi
-else
-	echo "Without a cert-chain"
-	sc=""
-fi
-domainName
-certImport $cert $key $sc
-systemctl restart chilli.service
-systemctl restart httpd.service

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2274 – Rev 1710 → 1733