WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/sh
 
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
 
# This script is distributed under the Gnu General Public License (GPL)
 
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
 
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
DEFAULT_FQDN='alcasar.localdomain'
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
nb_args=$#
arg1=$1
 
 
function defaultNdd()
{
	$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
	$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
	$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
	$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
	$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
	$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
	hostnamectl set-hostname alcasar.localdomain
	$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^    ServerName.*/    ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf
	$SED "s/:.*:/:alcasar.localdomain:/g" /usr/local/etc/digest/key_*
}
 
function defaultCert()
{
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
	then
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
	#else 
	#	rm -f $DIR_CERT/certs/server-chain.crt
	fi
}
 
function domainName() # change the domain name in the conf files
{
 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
	hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
	if [ "$fqdn" != "" ]
	then
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$fqdn $hostname
EOF
		$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
		$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf
		hostnamectl set-hostname $fqdn
		$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^    ServerName.*/    ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
		$SED "s/:.*:/:$fqdn:/g" /usr/local/etc/digest/key_*
	fi
}
 
function certImport()
{
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
	fi
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
	fi
	cp $cert $DIR_CERT/certs/alcasar.crt
	cp $key $DIR_CERT/private/alcasar.key
 
	rm $cert $key
 
	chown root:apache $DIR_CERT/certs/alcasar.crt
	chown root:apache $DIR_CERT/private/alcasar.key
 
	chmod 750 $DIR_CERT/certs/alcasar.crt
	chmod 750 $DIR_CERT/private/alcasar.key
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
		then
			echo "Backup of old cert-chain (server-chain.crt)"
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
		fi
		cp $sc $DIR_CERT/certs/server-chain.crt
		rm $sc
		chown root:apache $DIR_CERT/certs/server-chain.crt
		chmod 750 $DIR_CERT/certs/server-chain.crt
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" -o ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
		domainName $cert
		certImport $cert $key $sc
		for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
		do
			echo "restarting $services"; systemctl restart $services; sleep 1
		done
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			defaultNdd
			for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist
			do
				echo "restarting $services"; systemctl restart $services; sleep 1
			done
		fi
		;;
	*)
		echo "$usage"
		;;
esac
 

Rev 1744	Rev 1747
1	`#!/bin/sh`	1	`#!/bin/sh`
2		2
3	`# alcasar-importcert.sh`	3	`# alcasar-importcert.sh`
4	`# by Raphaël, Hugo, Clément, Bettyna & rexy`	4	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
5		5
6	`# This script is distributed under the Gnu General Public License (GPL)`	6	`# This script is distributed under the Gnu General Public License (GPL)`
7		7
8	`# Script permettant`	8	`# Script permettant`
9	`# - d'importer des certificats sur Alcasar`	9	`# - d'importer des certificats sur Alcasar`
10	`# - de revenir au certificat par default`	10	`# - de revenir au certificat par default`
11		11
12	`# This script allows`	12	`# This script allows`
13	`# - to import a certificate in Alcasar`	13	`# - to import a certificate in Alcasar`
14	`# - to go back to the default certificate`	14	`# - to go back to the default certificate`
15		15
16	`SED="/bin/sed -ri"`	16	`SED="/bin/sed -ri"`
17	`DIR_CERT="/etc/pki/tls"`	17	`DIR_CERT="/etc/pki/tls"`
18	`CONF_FILE="/usr/local/etc/alcasar.conf"`	18	`CONF_FILE="/usr/local/etc/alcasar.conf"`
19	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`	19	PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE\|cut -d"=" -f2`
20	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	20	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
-		21	`DEFAULT_FQDN='alcasar.localdomain'`
21		22
22	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`	23	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) \|\| alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"`
23	`nb_args=$#`	24	`nb_args=$#`
24	`arg1=$1`	25	`arg1=$1`
25		26
26		27
27	`function defaultNdd()`	28	`function defaultNdd()`
28	`{`	29	`{`
29	`$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf`	30	`$SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf`
30	`$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts`	31	`$SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts`
31	`$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf`	32	`$SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf`
32	`$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf`	33	`$SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf`
33	`$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf`	34	`$SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf`
34	`$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`	35	`$SED "s/^domain=.*/domain=localdomain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`
35	`hostnamectl set-hostname alcasar.localdomain`	36	`hostnamectl set-hostname alcasar.localdomain`
36	`$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`	37	`$SED "s/^\tAuthName.*/\tAuthName alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`
37	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	38	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
-		39	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`
-		40	`$SED "s/^ ServerName.*/ ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf`
38	`$SED "s/:.:/:alcasar.localdomain:/g" /usr/local/etc/digest/key_`	41	`$SED "s/:.:/:alcasar.localdomain:/g" /usr/local/etc/digest/key_`
39	`}`	42	`}`
40		43
41	`function defaultCert()`	44	`function defaultCert()`
42	`{`	45	`{`
43	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`	46	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
44	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`	47	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
45	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`	48	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`
46	`then`	49	`then`
47	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`	50	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`
48	`#else`	51	`#else`
49	`# rm -f $DIR_CERT/certs/server-chain.crt`	52	`# rm -f $DIR_CERT/certs/server-chain.crt`
50	`fi`	53	`fi`
51	`}`	54	`}`
52		55
53	`function domainName() # change the domain name in the conf files`	56	`function domainName() # change the domain name in the conf files`
54	`{`	57	`{`
55		58
56	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`	59	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`
57	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`	60	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`
58	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \|sed 's/^.//'`	61	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \|sed 's/^.//'`
59	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`	62	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
60	`if [ "$fqdn" != "" ]`	63	`if [ "$fqdn" != "" ]`
61	`then`	64	`then`
62	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`	65	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
63	`cat <<EOF > /etc/hosts`	66	`cat <<EOF > /etc/hosts`
64	`127.0.0.1 localhost`	67	`127.0.0.1 localhost`
65	`$PRIVATE_IP $fqdn $hostname`	68	`$PRIVATE_IP $fqdn $hostname`
66	`EOF`	69	`EOF`
67	`$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf`	70	`$SED "s/^domain.*/domain\t\t$domain/g" /etc/chilli.conf`
68	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`	71	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`
69	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`	72	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`
70	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`	73	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`
71	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`	74	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`
72	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`	75	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`
73	`$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`	76	`$SED "s/^domain=.*/domain=$domain/g" /etc/dnsmasq.conf /etc/dnsmasq-blackhole.conf /etc/dnsmasq-blacklist.conf /etc/dnsmasq-whitelist.conf`
74	`hostnamectl set-hostname $fqdn`	77	`hostnamectl set-hostname $fqdn`
75	`$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`	78	`$SED "s/^\tAuthName.*/\tAuthName $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`
76	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	79	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
-		80	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`
-		81	`$SED "s/^ ServerName.*/ ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default`
77	`$SED "s/:.:/:$fqdn:/g" /usr/local/etc/digest/key_`	82	`$SED "s/:.:/:$fqdn:/g" /usr/local/etc/digest/key_`
78	`fi`	83	`fi`
79	`}`	84	`}`
80		85
81	`function certImport()`	86	`function certImport()`
82	`{`	87	`{`
83	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`	88	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
84	`then`	89	`then`
85	`echo "Backup of old cert (alcasar.crt)"`	90	`echo "Backup of old cert (alcasar.crt)"`
86	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`	91	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
87	`fi`	92	`fi`
88	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`	93	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
89	`then`	94	`then`
90	`echo "Backup of old private key (alcasar.key)"`	95	`echo "Backup of old private key (alcasar.key)"`
91	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`	96	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
92	`fi`	97	`fi`
93	`cp $cert $DIR_CERT/certs/alcasar.crt`	98	`cp $cert $DIR_CERT/certs/alcasar.crt`
94	`cp $key $DIR_CERT/private/alcasar.key`	99	`cp $key $DIR_CERT/private/alcasar.key`
95		100
96	`rm $cert $key`	101	`rm $cert $key`
97		102
98	`chown root:apache $DIR_CERT/certs/alcasar.crt`	103	`chown root:apache $DIR_CERT/certs/alcasar.crt`
99	`chown root:apache $DIR_CERT/private/alcasar.key`	104	`chown root:apache $DIR_CERT/private/alcasar.key`
100		105
101	`chmod 750 $DIR_CERT/certs/alcasar.crt`	106	`chmod 750 $DIR_CERT/certs/alcasar.crt`
102	`chmod 750 $DIR_CERT/private/alcasar.key`	107	`chmod 750 $DIR_CERT/private/alcasar.key`
103	`if [ "$sc" != "" ]`	108	`if [ "$sc" != "" ]`
104	`then`	109	`then`
105	`echo "cert-chain exists"`	110	`echo "cert-chain exists"`
106	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`	111	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`
107	`then`	112	`then`
108	`echo "Backup of old cert-chain (server-chain.crt)"`	113	`echo "Backup of old cert-chain (server-chain.crt)"`
109	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`	114	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`
110	`fi`	115	`fi`
111	`cp $sc $DIR_CERT/certs/server-chain.crt`	116	`cp $sc $DIR_CERT/certs/server-chain.crt`
112	`rm $sc`	117	`rm $sc`
113	`chown root:apache $DIR_CERT/certs/server-chain.crt`	118	`chown root:apache $DIR_CERT/certs/server-chain.crt`
114	`chmod 750 $DIR_CERT/certs/server-chain.crt`	119	`chmod 750 $DIR_CERT/certs/server-chain.crt`
115	`fi`	120	`fi`
116	`}`	121	`}`
117		122
118		123
119	`if [ $nb_args -eq 0 ]`	124	`if [ $nb_args -eq 0 ]`
120	`then`	125	`then`
121	`echo "$usage"`	126	`echo "$usage"`
122	`exit 1`	127	`exit 1`
123	`fi`	128	`fi`
124		129
125	`case $arg1 in`	130	`case $arg1 in`
126	`-\? \| -h* \| --h*)`	131	`-\? \| -h* \| --h*)`
127	`echo "$usage"`	132	`echo "$usage"`
128	`exit 0`	133	`exit 0`
129	`;;`	134	`;;`
130	`-i)`	135	`-i)`
131	`arg3=$3`	136	`arg3=$3`
132	`arg5=$5`	137	`arg5=$5`
133	`cert=$2`	138	`cert=$2`
134	`key=$4`	139	`key=$4`
135	`sc=$6`	140	`sc=$6`
136		141
137	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	142	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
138	`then`	143	`then`
139	`echo "$usage"`	144	`echo "$usage"`
140	`exit 1`	145	`exit 1`
141	`fi`	146	`fi`
142		147
143	`if [ ! -f "$cert" -o ! -f "$key" ]`	148	`if [ ! -f "$cert" -o ! -f "$key" ]`
144	`then`	149	`then`
145	`echo "Certificate and/or private key not found"`	150	`echo "Certificate and/or private key not found"`
146	`exit 1`	151	`exit 1`
147	`fi`	152	`fi`
148		153
149	`if [ ${cert: -4} != ".crt" ]`	154	`if [ ${cert: -4} != ".crt" ]`
150	`then`	155	`then`
151	`echo "Invalid certificate file"`	156	`echo "Invalid certificate file"`
152	`exit 1`	157	`exit 1`
153	`fi`	158	`fi`
154		159
155	`if [ ${key: -4} != ".key" ]`	160	`if [ ${key: -4} != ".key" ]`
156	`then`	161	`then`
157	`echo "Invalid private key"`	162	`echo "Invalid private key"`
158	`exit 1`	163	`exit 1`
159	`fi`	164	`fi`
160		165
161	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`	166	`if [ "$arg5" != "-c" ] \|\| [ ! -f "$sc" ]`
162	`then`	167	`then`
163	`echo "No server-chain given"`	168	`echo "No server-chain given"`
164	`echo "Importing certificate $cert with private key $key"`	169	`echo "Importing certificate $cert with private key $key"`
165	`sc=""`	170	`sc=""`
166	`else`	171	`else`
167	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	172	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
168	`fi`	173	`fi`
169	`domainName $cert`	174	`domainName $cert`
170	`certImport $cert $key $sc`	175	`certImport $cert $key $sc`
171	`for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist`	176	`for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist`
172	`do`	177	`do`
173	`echo "restarting $services"; systemctl restart $services; sleep 1`	178	`echo "restarting $services"; systemctl restart $services; sleep 1`
174	`done`	179	`done`
175	`;;`	180	`;;`
176	`-d)`	181	`-d)`
177	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	182	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
178	`then`	183	`then`
179	`echo "Restoring default certificate"`	184	`echo "Restoring default certificate"`
180	`defaultCert`	185	`defaultCert`
181	`defaultNdd`	186	`defaultNdd`
182	`for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist`	187	`for services in chilli httpd dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist`
183	`do`	188	`do`
184	`echo "restarting $services"; systemctl restart $services; sleep 1`	189	`echo "restarting $services"; systemctl restart $services; sleep 1`
185	`done`	190	`done`
186	`fi`	191	`fi`
187	`;;`	192	`;;`
188	`*)`	193	`*)`
189	`echo "$usage"`	194	`echo "$usage"`
190	`;;`	195	`;;`
191	`esac`	196	`esac`
192		197

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh – Rev 1744 → 1747