Subversion Repositories ALCASAR

Rev

Details | Last modification | View Log

Rev Author Line No. Line
2076 franck 1
#!/bin/sh
2
 
3
# Id: $Id$
4
 
5
# alcasar-certificates.sh
6
# by Franck BOUIJOUX and REXY
7
# This script is distributed under the Gnu General Public License (GPL)
8
 
2454 tom.houday 9
# Script permettant
2076 franck 10
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
11
 
2454 tom.houday 12
# This script allows
2076 franck 13
#	- export certificates server to move them.
14
 
15
 
16
DIR_EXPORT="/root/Certificats"
17
DIR_PKI="/etc/pki"
18
DIR_SAVE="/root/PKI_SAVE"
19
DIR_IMPORT="/root/Certificats"
20
 
21
 
22
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
23
 
24
nb_args=$#
25
args=$1
26
if [ $nb_args -eq 0 ]
27
then
28
	nb_args=1
29
	args="-h"
30
fi
31
 
32
 
2454 tom.houday 33
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
2076 franck 34
FILE="certificates-$NOW"
35
DIR_SAVE=$DIR_SAVE-$NOW
36
 
2454 tom.houday 37
# Function of export
2076 franck 38
function certs_export() {
2454 tom.houday 39
	#  Export of CA Certificate
2076 franck 40
	cd /root
2454 tom.houday 41
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
2076 franck 42
 
2454 tom.houday 43
	#  Export of server Certificate
2813 rexy 44
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.pem}
2454 tom.houday 45
	gzip $FILE.tar
2488 lucas.echa 46
	echo "Le fichier des certificats exportés est : $FILE.tar.gz"
2076 franck 47
} # end function export
48
 
49
 
50
function archive() {
51
	# Sauvegarde de la pki actuelle
52
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
53
 
2454 tom.houday 54
	#  Save of CA Certificate
2076 franck 55
	cd $DIR_PKI/CA/
2454 tom.houday 56
	cp alcasar-ca.crt $DIR_SAVE/.
57
	cp private/alcasar-ca.key $DIR_SAVE/.
2076 franck 58
 
2454 tom.houday 59
	#  Save of server Certificate
2076 franck 60
	cd $DIR_PKI/tls
2454 tom.houday 61
	cp certs/alcasar.crt $DIR_SAVE/.
62
	cp private/alcasar.key $DIR_SAVE/.
2813 rexy 63
	cp certs/server-chain.pem $DIR_SAVE/.
2076 franck 64
} # end function archive
65
 
66
function import() {
67
	echo "Would you like to Import New Certificates in ALCASAR ?"
68
	read response
69
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
70
	then
71
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
72
		rm -rf $DIR_IMPORT/*
73
 
2454 tom.houday 74
		#  Import of CA Certificate
2076 franck 75
		tar xzvf $1 --directory=$DIR_IMPORT
2554 lucas.echa 76
 
77
		(cat $DIR_PKI/tls/private/alcasar.key; echo; cat $DIR_PKI/tls/certs/alcasar.crt) > $DIR_PKI/tls/private/alcasar.pem
78
 
2076 franck 79
		echo "Import new certificates in ALCASAR !!!"
80
		cp -r $DIR_IMPORT/* /.
81
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
2813 rexy 82
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
2076 franck 83
 
2488 lucas.echa 84
		chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
2813 rexy 85
		chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.pem}
2488 lucas.echa 86
 
87
		service lighttpd restart
2454 tom.houday 88
	else
89
		echo "You are not import new certificates !!!"
90
		exit 0
2076 franck 91
	fi
92
} # end import
93
 
94
#  Core script
95
case $args in
96
	-\? | -h* | --h*)
97
		echo "$usage"
98
		exit 0
99
		;;
100
	--export | -x)	
101
		archive
102
		certs_export
103
		;;
104
	--import | -i)
105
		nb_args=$#
106
		if [ $nb_args -eq 1 ]
107
		then
108
			echo "Il faut passer un fichier de certificat en paramètre !!!"
2454 tom.houday 109
			exit 0
2076 franck 110
		fi
111
		import $2
112
		;;
113
	*)
114
		echo "Unknown argument :$1";
115
		echo "$usage"
116
		exit 1
117
		;;
118
esac
119
exit 0
120