Subversion Repositories ALCASAR

#!/bin/sh

#!/bin/sh

# alcasar-importcert.sh

# alcasar-importcert.sh

# by Raphaël, Hugo, Clément, Bettyna & rexy

# by Raphaël, Hugo, Clément, Bettyna & rexy

# This script is distributed under the Gnu General Public License (GPL)

# This script is distributed under the Gnu General Public License (GPL)

# Script permettant

# Script permettant

# - d'importer des certificats sur Alcasar

# - d'importer des certificats sur Alcasar

# - de revenir au certificat par default

# - de revenir au certificat par default

# This script allows

# This script allows

# - to import a certificate in Alcasar

# - to import a certificate in Alcasar

# - to go back to the default certificate

# - to go back to the default certificate

SED="/bin/sed -ri"

SED="/bin/sed -ri"

DIR_CERT="/etc/pki/tls"

DIR_CERT="/etc/pki/tls"

CONF_FILE="/usr/local/etc/alcasar.conf"

CONF_FILE="/usr/local/etc/alcasar.conf"

PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`

PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`

PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`

PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`

usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"

usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"

nb_args=$#

nb_args=$#

arg1=$1

arg1=$1

function defaultNdd()

function defaultNdd()

{

{

	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf

	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf

	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts

	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts

	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf

	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf

	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf

	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf

	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf

	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf

	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf

	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf

}

}

function defaultCert()

function defaultCert()

{

{

	then

	then

	fi

	fi

}

}

function domainName() # change the domain name in the conf files

function domainName() # change the domain name in the conf files

{

{

	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')

	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')

	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`

	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`

	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`

	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`

	echo "fqdn=$fqdn hostname=$hostname domain=$domain"

	echo "fqdn=$fqdn hostname=$hostname domain=$domain"

	if [ "$fqdn" != "" ]

	if [ "$fqdn" != "" ]

	then

	then

		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf

		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf

		cat <<EOF > /etc/hosts

		cat <<EOF > /etc/hosts

127.0.0.1	localhost

127.0.0.1	localhost

$PRIVATE_IP	$fqdn $hostname

$PRIVATE_IP	$fqdn $hostname

EOF

EOF

		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf

		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf

		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf

		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf

		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf

		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf

		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf

		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf

		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf

		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf

		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf

		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf

		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf

		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf

	fi

	fi

}

}

function certImport()

function certImport()

{

{

	then

	then

		echo "Backup of old cert (alcasar.crt)"

		echo "Backup of old cert (alcasar.crt)"

	fi

	fi

	then

	then

		echo "Backup of old private key (alcasar.key)"

		echo "Backup of old private key (alcasar.key)"

	fi

	fi

	if [ "$sc" != "" ]

	if [ "$sc" != "" ]

	then

	then

		echo "cert-chain exists"

		echo "cert-chain exists"

		then

		then

			echo "Backup of old cert-chain (server-chain.crt)"

			echo "Backup of old cert-chain (server-chain.crt)"

		fi

		fi

	fi

	fi

}

}

if [ $nb_args -eq 0 ]

if [ $nb_args -eq 0 ]

then

then

	echo "$usage"

	echo "$usage"

	exit 1

	exit 1

fi

fi

case $arg1 in

case $arg1 in

	-\? | -h* | --h*)

	-\? | -h* | --h*)

		echo "$usage"

		echo "$usage"

		exit 0

		exit 0

		;;

		;;

	-i)

	-i)

		arg3=$3

		arg3=$3

		arg5=$5

		arg5=$5

		cert=$2

		cert=$2

		key=$4

		key=$4

		sc=$6

		sc=$6

		if [ "$cert" == "" ] || [ "$key" == "" ]

		if [ "$cert" == "" ] || [ "$key" == "" ]

		then

		then

			echo "$usage"

			echo "$usage"

			exit 1

			exit 1

		fi

		fi

		if [ ! -f "$cert" -o ! -f "$key" ]

		if [ ! -f "$cert" -o ! -f "$key" ]

		then

		then

			echo "Certificate and/or private key not found"

			echo "Certificate and/or private key not found"

			exit 1

			exit 1

		fi

		fi

		if [ ${cert: -4} != ".crt" ]

		if [ ${cert: -4} != ".crt" ]

		then

		then

			echo "Invalid certificate file"

			echo "Invalid certificate file"

			exit 1

			exit 1

		fi

		fi

		if [ ${key: -4} != ".key" ]

		if [ ${key: -4} != ".key" ]

		then

		then

			echo "Invalid private key"

			echo "Invalid private key"

			exit 1

			exit 1

		fi

		fi

		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]

		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]

		then

		then

			echo "No server-chain given"

			echo "No server-chain given"

			echo "Importing certificate $cert with private key $key"

			echo "Importing certificate $cert with private key $key"

			sc=""

			sc=""

		else

		else

			echo "Importing certificate $cert with private key $key and server-chain $sc"

			echo "Importing certificate $cert with private key $key and server-chain $sc"

		fi

		fi

		domainName $cert

		domainName $cert

		certImport $cert $key $sc

		certImport $cert $key $sc

		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist

		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist

		;;

		;;

	-d)

	-d)

		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]

		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]

		then

		then

			echo "Restoring default certificate"

			echo "Restoring default certificate"

			defaultCert

			defaultCert

			defaultNdd

			defaultNdd

		fi

		fi

		;;

		;;

	*)

	*)

		echo "$usage"

		echo "$usage"

		;;

		;;

esac

esac