Subversion Repositories ALCASAR

Rev

Rev 1740 | Rev 1744 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log

Rev Author Line No. Line
1710 richard 1
#!/bin/sh
2
 
3
# alcasar-importcert.sh
1736 richard 4
# by Raphaël, Hugo, Clément, Bettyna & rexy
1710 richard 5
 
6
# This script is distributed under the Gnu General Public License (GPL)
7
 
8
# Script permettant
9
# - d'importer des certificats sur Alcasar
1733 richard 10
# - de revenir au certificat par default
1710 richard 11
 
12
# This script allows
1733 richard 13
# - to import a certificate in Alcasar
14
# - to go back to the default certificate
1710 richard 15
 
16
SED="/bin/sed -ri"
17
DIR_CERT="/etc/pki/tls"
1736 richard 18
CONF_FILE="/usr/local/etc/alcasar.conf"
19
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
20
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
1710 richard 21
 
1733 richard 22
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
1710 richard 23
nb_args=$#
1733 richard 24
arg1=$1
1710 richard 25
 
1733 richard 26
 
27
function defaultNdd()
28
{
29
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
30
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
31
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
32
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
33
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
1736 richard 34
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
1740 richard 35
	hostnamectl set-hostname alcasar.localdomain
36
	$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
37
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
1743 clement.si 38
	$SED "s/:.*:/:alcasar.localdomain:/g" /usr/local/etc/digest/key_*
1733 richard 39
}
40
 
41
function defaultCert()
42
{
1740 richard 43
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
44
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
45
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
1733 richard 46
	then
1740 richard 47
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
1743 clement.si 48
	#else 
49
	#	rm -f $DIR_CERT/certs/server-chain.crt
1733 richard 50
	fi
51
}
52
 
1710 richard 53
function domainName() # change the domain name in the conf files
54
{
55
 
1736 richard 56
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
57
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
58
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
59
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
60
	if [ "$fqdn" != "" ]
1733 richard 61
	then
1736 richard 62
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
63
		cat <<EOF > /etc/hosts
64
127.0.0.1	localhost
65
$PRIVATE_IP	$fqdn $hostname
66
EOF
67
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
68
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
69
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
70
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
71
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
72
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
73
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
1740 richard 74
		hostnamectl set-hostname $fqdn
75
		$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
76
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
1743 clement.si 77
		$SED "s/:.*:/:$fqdn:/g" /usr/local/etc/digest/key_*
1710 richard 78
	fi
79
}
80
 
81
function certImport()
82
{
1740 richard 83
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
1710 richard 84
	then
85
		echo "Backup of old cert (alcasar.crt)"
1740 richard 86
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
1710 richard 87
	fi
1740 richard 88
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
1710 richard 89
	then
90
		echo "Backup of old private key (alcasar.key)"
1740 richard 91
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
1710 richard 92
	fi
1740 richard 93
	cp $cert $DIR_CERT/certs/alcasar.crt
94
	cp $key $DIR_CERT/private/alcasar.key
1733 richard 95
 
1743 clement.si 96
	rm $cert $key
97
 
1740 richard 98
	chown root:apache $DIR_CERT/certs/alcasar.crt
99
	chown root:apache $DIR_CERT/private/alcasar.key
1710 richard 100
 
1740 richard 101
	chmod 750 $DIR_CERT/certs/alcasar.crt
102
	chmod 750 $DIR_CERT/private/alcasar.key
1710 richard 103
	if [ "$sc" != "" ]
104
	then
105
		echo "cert-chain exists"
1740 richard 106
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
1710 richard 107
		then
108
			echo "Backup of old cert-chain (server-chain.crt)"
1740 richard 109
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
1710 richard 110
		fi
1740 richard 111
		cp $sc $DIR_CERT/certs/server-chain.crt
1743 clement.si 112
		rm $sc
1740 richard 113
		chown root:apache $DIR_CERT/certs/server-chain.crt
114
		chmod 750 $DIR_CERT/certs/server-chain.crt
1710 richard 115
	fi
116
}
117
 
1733 richard 118
 
119
if [ $nb_args -eq 0 ]
1710 richard 120
then
1733 richard 121
	echo "$usage"
122
	exit 1
1710 richard 123
fi
124
 
1733 richard 125
case $arg1 in
1710 richard 126
	-\? | -h* | --h*)
127
		echo "$usage"
128
		exit 0
129
		;;
130
	-i)
1733 richard 131
		arg3=$3
132
		arg5=$5
133
		cert=$2
134
		key=$4
135
		sc=$6
136
 
137
		if [ "$cert" == "" ] || [ "$key" == "" ]
138
		then
139
			echo "$usage"
140
			exit 1
141
		fi
142
 
143
		if [ ! -f "$cert" -o ! -f "$key" ]
144
		then
145
			echo "Certificate and/or private key not found"
146
			exit 1
147
		fi
148
 
149
		if [ ${cert: -4} != ".crt" ]
150
		then
151
			echo "Invalid certificate file"
152
			exit 1
153
		fi
154
 
155
		if [ ${key: -4} != ".key" ]
156
		then
157
			echo "Invalid private key"
158
			exit 1
159
		fi
160
 
161
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
162
		then
163
			echo "No server-chain given"
164
			echo "Importing certificate $cert with private key $key"
165
			sc=""
166
		else
167
			echo "Importing certificate $cert with private key $key and server-chain $sc"
168
		fi
169
		domainName $cert
170
		certImport $cert $key $sc
1736 richard 171
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
1740 richard 172
		do
173
			echo "restarting $services"; systemctl restart $services; sleep 1
174
		done
1710 richard 175
		;;
1733 richard 176
	-d)
177
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
178
		then
179
			echo "Restoring default certificate"
180
			defaultCert
181
			defaultNdd
1740 richard 182
			for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
183
			do
184
				echo "restarting $services"; systemctl restart $services; sleep 1
185
			done
1733 richard 186
		fi
187
		;;
1710 richard 188
	*)
189
		echo "$usage"
190
		;;
191
esac