Subversion Repositories ALCASAR

Rev

Rev 2295 | Rev 2454 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log

Rev 2295 Rev 2309
1 
#!/bin/bash
 1 
#!/bin/bash
2 
#
 2 
#
3 
# $Id: alcasar-importcert.sh 2295 2017-06-21 09:05:02Z tom.houdayer $
 3 
# $Id: alcasar-importcert.sh 2309 2017-06-26 14:33:22Z tom.houdayer $
4 
#
 4 
#
5 
# alcasar-importcert.sh
 5 
# alcasar-importcert.sh
6 
# by Raphaël, Hugo, Clément, Bettyna & rexy
 6 
# by Raphaël, Hugo, Clément, Bettyna & rexy
7 
#
 7 
#
8 
# This script is distributed under the Gnu General Public License (GPL)
 8 
# This script is distributed under the Gnu General Public License (GPL)
9 
#
 9 
#
10 
# Script permettant
 10 
# Script permettant
11 
# - d'importer des certificats sur Alcasar
 11 
# - d'importer des certificats sur Alcasar
12 
# - de revenir au certificat par default
 12 
# - de revenir au certificat par default
13 
#
 13 
#
14 
# This script allows
 14 
# This script allows
15 
# - to import a certificate in Alcasar
 15 
# - to import a certificate in Alcasar
16 
# - to go back to the default certificate
 16 
# - to go back to the default certificate
17 
 
 17 
 
18 
SED="/bin/sed -ri"
 18 
SED="/bin/sed -ri"
19 
DIR_CERT="/etc/pki/tls"
 19 
DIR_CERT="/etc/pki/tls"
20 
CONF_FILE="/usr/local/etc/alcasar.conf"
 20 
CONF_FILE="/usr/local/etc/alcasar.conf"
21 
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
 21 
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
22 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 22 
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
23 
 
 23 
 
24 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
 24 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
25 
nb_args=$#
 25 
nb_args=$#
26 
arg1=$1
 26 
arg1=$1
27 
 
 27 
 
28 
function defaultNdd()
 28 
function defaultNdd()
29 
{
 29 
{
30 
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
 30 
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
31 
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
 31 
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
32 
	cat <<EOF > /etc/hosts
 - 
 
33 
127.0.0.1	localhost
 - 
 
34 
$PRIVATE_IP	alcasar alcasar.localdomain
 32 
	/usr/local/bin/alcasar-conf.sh --apply
35 
EOF
 - 
 
36 
	$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf
 - 
 
37 
	$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf
 - 
 
38 
	$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf
 - 
 
39 
	$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf
 - 
 
40 
	$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf
 - 
 
41 
	hostnamectl set-hostname alcasar.localdomain
 - 
 
42 
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
 - 
 
43 
	$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
 - 
 
44 
	$SED "s/^    ServerName.*/    ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf
 - 
 
45 
}
 33 
}
46 
 
 34 
 
47 
function defaultCert()
 35 
function defaultCert()
48 
{
 36 
{
49 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
 37 
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
50 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
 38 
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
51 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
 39 
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
52 
	then
 40 
	then
53 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
 41 
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
54 
	fi
 42 
	fi
55 
}
 43 
}
56 
 
 44 
 
57 
function domainName() # change the domain name in the conf files
 45 
function domainName() # change the domain name in the conf files
58 
{
 46 
{
59 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
 47 
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
60 
 
 48 
 
61 
	#check if there is a wildcard in $fqdn
 49 
	#check if there is a wildcard in $fqdn
62 
	if [[ $fqdn == *"*"* ]];
 50 
	if [[ $fqdn == *"*"* ]];
63 
	then
 51 
	then
64 
		hostname="alcasar"
 52 
		hostname="alcasar"
65 
		fqdn=${fqdn/"*"/$hostname}
 53 
		fqdn=${fqdn/"*"/$hostname}
66 
	else
 54 
	else
67 
		hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
 55 
		hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
68 
	fi
 56 
	fi
69 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'`
 57 
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'`
70 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 58 
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
71 
 
 59 
 
72 
	#check fqdn format
60 
	#check fqdn format
73 
	if [[ "$fqdn" != "" && "$domain" != "" ]];
 61 
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
74 
	then
 - 
 
75 
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
 62 
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
76 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
 63 
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
77 
		domainNames="alcasar.localdomain $hostname $fqdn"
 64 
		/usr/local/bin/alcasar-conf.sh --apply
78 
		if [ "$hostname" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi
 - 
 
79 
		cat <<EOF > /etc/hosts
 - 
 
80 
127.0.0.1	localhost
 - 
 
81 
$PRIVATE_IP	$domainNames
 - 
 
82 
EOF
 - 
 
83 
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
 - 
 
84 
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
 - 
 
85 
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
 - 
 
86 
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
 - 
 
87 
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
 - 
 
88 
		hostnamectl set-hostname $fqdn
 - 
 
89 
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
 - 
 
90 
		$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
 - 
 
91 
		$SED "s/^    ServerName.*/    ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
 - 
 
92 
	fi
 65 
	fi
93 
}
 66 
}
94 
 
 67 
 
95 
function certImport()
 68 
function certImport()
96 
{
 69 
{
97 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
 70 
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
98 
	then
 71 
	then
99 
		echo "Backup of old cert (alcasar.crt)"
 72 
		echo "Backup of old cert (alcasar.crt)"
100 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
 73 
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
101 
	fi
 74 
	fi
102 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
 75 
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
103 
	then
 76 
	then
104 
		echo "Backup of old private key (alcasar.key)"
 77 
		echo "Backup of old private key (alcasar.key)"
105 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
 78 
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
106 
	fi
 79 
	fi
107 
 
 80 
 
108 
	cp $cert $DIR_CERT/certs/alcasar.crt
 81 
	cp $cert $DIR_CERT/certs/alcasar.crt
109 
	cp $key $DIR_CERT/private/alcasar.key
 82 
	cp $key $DIR_CERT/private/alcasar.key
110 
 
 83 
 
111 
	chown root:apache $DIR_CERT/certs/alcasar.crt
 84 
	chown root:apache $DIR_CERT/certs/alcasar.crt
112 
	chown root:apache $DIR_CERT/private/alcasar.key
 85 
	chown root:apache $DIR_CERT/private/alcasar.key
113 
 
 86 
 
114 
	chmod 750 $DIR_CERT/certs/alcasar.crt
 87 
	chmod 750 $DIR_CERT/certs/alcasar.crt
115 
	chmod 750 $DIR_CERT/private/alcasar.key
 88 
	chmod 750 $DIR_CERT/private/alcasar.key
116 
 
 89 
 
117 
	if [ "$sc" != "" ]
 90 
	if [ "$sc" != "" ]
118 
	then
 91 
	then
119 
		echo "cert-chain exists"
 92 
		echo "cert-chain exists"
120 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
 93 
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
121 
		then
 94 
		then
122 
			echo "Backup of old cert-chain (server-chain.crt)"
 95 
			echo "Backup of old cert-chain (server-chain.crt)"
123 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
 96 
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
124 
		fi
 97 
		fi
125 
		cp $sc $DIR_CERT/certs/server-chain.crt
 98 
		cp $sc $DIR_CERT/certs/server-chain.crt
126 
		chown root:apache $DIR_CERT/certs/server-chain.crt
 99 
		chown root:apache $DIR_CERT/certs/server-chain.crt
127 
		chmod 750 $DIR_CERT/certs/server-chain.crt
 100 
		chmod 750 $DIR_CERT/certs/server-chain.crt
128 
	fi
 101 
	fi
129 
}
 102 
}
130 
 
 103 
 
131 
 
 104 
 
132 
if [ $nb_args -eq 0 ]
 105 
if [ $nb_args -eq 0 ]
133 
then
 106 
then
134 
	echo -e "$usage"
 107 
	echo -e "$usage"
135 
	exit 1
 108 
	exit 1
136 
fi
 109 
fi
137 
 
 110 
 
138 
case $arg1 in
 111 
case $arg1 in
139 
	-\? | -h* | --h*)
 112 
	-\? | -h* | --h*)
140 
		echo -e "$usage"
 113 
		echo -e "$usage"
141 
		exit 0
 114 
		exit 0
142 
		;;
 115 
		;;
143 
	-i)
 116 
	-i)
144 
		arg3=$3
 117 
		arg3=$3
145 
		arg5=$5
 118 
		arg5=$5
146 
		cert=$2
 119 
		cert=$2
147 
		key=$4
 120 
		key=$4
148 
		sc=$6
 121 
		sc=$6
149 
 
 122 
 
150 
		if [ "$cert" == "" ] || [ "$key" == "" ]
 123 
		if [ "$cert" == "" ] || [ "$key" == "" ]
151 
		then
 124 
		then
152 
			echo -e "$usage"
 125 
			echo -e "$usage"
153 
			exit 1
 126 
			exit 1
154 
		fi
 127 
		fi
155 
 
 128 
 
156 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
 129 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
157 
		then
 130 
		then
158 
			echo "Certificate and/or private key not found"
 131 
			echo "Certificate and/or private key not found"
159 
			exit 1
 132 
			exit 1
160 
		fi
 133 
		fi
161 
 
 134 
 
162 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
 135 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
163 
		then
 136 
		then
164 
			echo "Invalid certificate file"
 137 
			echo "Invalid certificate file"
165 
			exit 1
 138 
			exit 1
166 
		fi
 139 
		fi
167 
 
 140 
 
168 
		if [ ${key: -4} != ".key" ]
 141 
		if [ ${key: -4} != ".key" ]
169 
		then
 142 
		then
170 
			echo "Invalid private key"
 143 
			echo "Invalid private key"
171 
			exit 1
 144 
			exit 1
172 
		fi
 145 
		fi
173 
 
 146 
 
174 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
 147 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
175 
		then
 148 
		then
176 
			echo "No server-chain given"
 149 
			echo "No server-chain given"
177 
			echo "Importing certificate $cert with private key $key"
 150 
			echo "Importing certificate $cert with private key $key"
178 
			sc=""
 151 
			sc=""
179 
		else
 152 
		else
180 
			if [ ! -f "$sc" ]
 153 
			if [ ! -f "$sc" ]
181 
			then
 154 
			then
182 
				echo "Server-chain certificate not found"
 155 
				echo "Server-chain certificate not found"
183 
				exit 1
 156 
				exit 1
184 
			fi
 157 
			fi
185 
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
 158 
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
186 
			then
 159 
			then
187 
				echo "Invalid server-chain certificate file"
 160 
				echo "Invalid server-chain certificate file"
188 
				exit 1
 161 
				exit 1
189 
			fi
 162 
			fi
190 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
 163 
			echo "Importing certificate $cert with private key $key and server-chain $sc"
191 
		fi
 164 
		fi
192 
		domainName $cert
 165 
		domainName $cert
193 
		certImport $cert $key $sc
 166 
		certImport $cert $key $sc
194 
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
 167 
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
195 
		do
 168 
		do
196 
			echo "restarting $services"; systemctl restart $services; sleep 1
 169 
			echo "restarting $services"; systemctl restart $services; sleep 1
197 
		done
 170 
		done
198 
		;;
 171 
		;;
199 
	-d)
 172 
	-d)
200 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
 173 
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
201 
		then
 174 
		then
202 
			echo "Restoring default certificate"
 175 
			echo "Restoring default certificate"
203 
			defaultCert
 176 
			defaultCert
204 
			defaultNdd
 177 
			defaultNdd
205 
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
 178 
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
206 
			do
 179 
			do
207 
				echo "restarting $services"; systemctl restart $services; sleep 1
 180 
				echo "restarting $services"; systemctl restart $services; sleep 1
208 
			done
 181 
			done
209 
		fi
 182 
		fi
210 
		;;
 183 
		;;
211 
	*)
 184 
	*)
212 
		echo -e "$usage"
 185 
		echo -e "$usage"
213 
		;;
 186 
		;;
214 
esac
 187 
esac
215 
 
 188