WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/bash
#
# $Id: alcasar-importcert.sh 2295 2017-06-21 09:05:02Z tom.houdayer $
#
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
#
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
nb_args=$#
arg1=$1
 
function defaultNdd()
{
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
	cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	alcasar alcasar.localdomain
EOF
	$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf
	$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf
	$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf
	hostnamectl set-hostname alcasar.localdomain
	$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf
	$SED "s/^    ServerName.*/    ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf
}
 
function defaultCert()
{
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
	then
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
	fi
}
 
function domainName() # change the domain name in the conf files
{
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
 
	#check if there is a wildcard in $fqdn
	if [[ $fqdn == *"*"* ]];
	then
		hostname="alcasar"
		fqdn=${fqdn/"*"/$hostname}
	else
		hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
	fi
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'`
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
 
	#check fqdn format      
	if [[ "$fqdn" != "" && "$domain" != "" ]];
	then
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		domainNames="alcasar.localdomain $hostname $fqdn"
		if [ "$hostname" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi
		cat <<EOF > /etc/hosts
127.0.0.1	localhost
$PRIVATE_IP	$domainNames
EOF
		$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf
		$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf
		$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf
		$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf
		hostnamectl set-hostname $fqdn
		$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf
		$SED "s/^    ServerName.*/    ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default
	fi
}
 
function certImport()
{
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
	fi
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
	fi
 
	cp $cert $DIR_CERT/certs/alcasar.crt
	cp $key $DIR_CERT/private/alcasar.key
 
	chown root:apache $DIR_CERT/certs/alcasar.crt
	chown root:apache $DIR_CERT/private/alcasar.key
 
	chmod 750 $DIR_CERT/certs/alcasar.crt
	chmod 750 $DIR_CERT/private/alcasar.key
 
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
		then
			echo "Backup of old cert-chain (server-chain.crt)"
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
		fi
		cp $sc $DIR_CERT/certs/server-chain.crt
		chown root:apache $DIR_CERT/certs/server-chain.crt
		chmod 750 $DIR_CERT/certs/server-chain.crt
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo -e "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo -e "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo -e "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			if [ ! -f "$sc" ]
			then
				echo "Server-chain certificate not found"
				exit 1
			fi
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
			then
				echo "Invalid server-chain certificate file"
				exit 1
			fi
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
		domainName $cert
		certImport $cert $key $sc
		for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
		do
			echo "restarting $services"; systemctl restart $services; sleep 1
		done
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			defaultNdd
			for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd
			do
				echo "restarting $services"; systemctl restart $services; sleep 1
			done
		fi
		;;
	*)
		echo -e "$usage"
		;;
esac
 

Rev 2261	Rev 2295
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`#`	2	`#`
3	`# $Id: alcasar-importcert.sh 2261 2017-05-29 20:04:37Z tom.houdayer $`	3	`# $Id: alcasar-importcert.sh 2295 2017-06-21 09:05:02Z tom.houdayer $`
4	`#`	4	`#`
5	`# alcasar-importcert.sh`	5	`# alcasar-importcert.sh`
6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`	6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
7	`#`	7	`#`
8	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
9	`#`	9	`#`
10	`# Script permettant`	10	`# Script permettant`
11	`# - d'importer des certificats sur Alcasar`	11	`# - d'importer des certificats sur Alcasar`
12	`# - de revenir au certificat par default`	12	`# - de revenir au certificat par default`
13	`#`	13	`#`
14	`# This script allows`	14	`# This script allows`
15	`# - to import a certificate in Alcasar`	15	`# - to import a certificate in Alcasar`
16	`# - to go back to the default certificate`	16	`# - to go back to the default certificate`
17		17
18	`SED="/bin/sed -ri"`	18	`SED="/bin/sed -ri"`
19	`DIR_CERT="/etc/pki/tls"`	19	`DIR_CERT="/etc/pki/tls"`
20	`CONF_FILE="/usr/local/etc/alcasar.conf"`	20	`CONF_FILE="/usr/local/etc/alcasar.conf"`
21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
23		23
24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`	24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`
25	`nb_args=$#`	25	`nb_args=$#`
26	`arg1=$1`	26	`arg1=$1`
27		27
28	`function defaultNdd()`	28	`function defaultNdd()`
29	`{`	29	`{`
30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`	30	`$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf`
31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`	31	`$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf`
32	`cat <<EOF > /etc/hosts`	32	`cat <<EOF > /etc/hosts`
33	`127.0.0.1 localhost`	33	`127.0.0.1 localhost`
34	`$PRIVATE_IP alcasar alcasar.localdomain`	34	`$PRIVATE_IP alcasar alcasar.localdomain`
35	`EOF`	35	`EOF`
36	`$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf`	36	`$SED "s/^locationname.*/locationname\talcasar.localdomain/g" /etc/chilli.conf`
37	`$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf`	37	`$SED "s/^uamserver.*/uamserver\thttps:\/\/alcasar.localdomain\/intercept.php/g" /etc/chilli.conf`
38	`$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf`	38	`$SED "s/^radiusnasid.*/radiusnasid\talcasar.localdomain/g" /etc/chilli.conf`
39	`$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf`	39	`$SED "s/^uamallowed.*/uamallowed\talcasar,alcasar.localdomain/g" /etc/chilli.conf`
40	`$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf`	40	`$SED "s/^ServerName.*/ServerName alcasar.localdomain/g" /etc/httpd/conf/httpd.conf`
41	`hostnamectl set-hostname alcasar.localdomain`	41	`hostnamectl set-hostname alcasar.localdomain`
42	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	42	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/alcasar.localdomain\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
43	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`	43	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain alcasar.localdomain/g" /etc/httpd/conf/webapps.d/alcasar.conf`
44	`$SED "s/^ ServerName.*/ ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf`	44	`$SED "s/^ ServerName.*/ ServerName alcasar.localdomain/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf`
45	`}`	45	`}`
46		46
47	`function defaultCert()`	47	`function defaultCert()`
48	`{`	48	`{`
49	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`	49	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
50	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`	50	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
51	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`	51	`if [ -f $DIR_CERT/certs/server-chain.crt.old ]`
52	`then`	52	`then`
53	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`	53	`mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt`
54	`fi`	54	`fi`
55	`}`	55	`}`
56		56
57	`function domainName() # change the domain name in the conf files`	57	`function domainName() # change the domain name in the conf files`
58	`{`	58	`{`
59	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`	59	`fqdn=$(openssl x509 -noout -subject -in $cert \| sed -n '/^subject/s/^.*CN=//p' \| cut -d'/' -f 1)`
60		60
61	`#check if there is a wildcard in $fqdn`	61	`#check if there is a wildcard in $fqdn`
62	`if [[ $fqdn == ""* ]];`	62	`if [[ $fqdn == ""* ]];`
63	`then`	63	`then`
64	`hostname="alcasar"`	64	`hostname="alcasar"`
65	`fqdn=${fqdn/"*"/$hostname}`	65	`fqdn=${fqdn/"*"/$hostname}`
66	`else`	66	`else`
67	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`	67	hostname=`echo $fqdn \| awk -F'.' '{ print $1 }'`
68	`fi`	68	`fi`
69	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \| sed 's/^.//'`	69	domain=`echo $fqdn \| awk -F'.' '{$1="";OFS=".";print $0}' \| sed 's/^.//'`
70	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`	70	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
71		71
72	`#check fqdn format`	72	`#check fqdn format`
73	`if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];`	73	`if [[ "$fqdn" != "" && "$domain" != "" ]];`
74	`then`	74	`then`
75	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`	75	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`
76	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`	76	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
-		77	`domainNames="alcasar.localdomain $hostname $fqdn"`
-		78	`if [ "$hostname" != "alcasar" ]; then domainNames="alcasar $domainNames"; fi`
77	`cat <<EOF > /etc/hosts`	79	`cat <<EOF > /etc/hosts`
78	`127.0.0.1 localhost`	80	`127.0.0.1 localhost`
79	`$PRIVATE_IP $hostname $hostname.localdomain $fqdn`	81	`$PRIVATE_IP $domainNames`
80	`EOF`	82	`EOF`
81	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`	83	`$SED "s/^locationname.*/locationname\t$fqdn/g" /etc/chilli.conf`
82	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`	84	`$SED "s/^uamserver.*/uamserver\thttps:\/\/$fqdn\/intercept.php/g" /etc/chilli.conf`
83	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`	85	`$SED "s/^radiusnasid.*/radiusnasid\t$fqdn/g" /etc/chilli.conf`
84	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`	86	`$SED "s/^uamallowed.*/uamallowed\t$hostname,$fqdn/g" /etc/chilli.conf`
85	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`	87	`$SED "s/^ServerName.*/ServerName $fqdn/g" /etc/httpd/conf/httpd.conf`
86	`hostnamectl set-hostname $fqdn`	88	`hostnamectl set-hostname $fqdn`
87	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`	89	`$SED "s/^\tErrorDocument.*/\tErrorDocument 404 https:\/\/$fqdn\//g" /etc/httpd/conf/webapps.d/alcasar.conf`
88	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`	90	`$SED "s/^\tAuthDigestDomain.*/\tAuthDigestDomain $fqdn/g" /etc/httpd/conf/webapps.d/alcasar.conf`
89	`$SED "s/^ ServerName.*/ ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default`	91	`$SED "s/^ ServerName.*/ ServerName $fqdn/g" /etc/httpd/conf/sites.d/00_default_vhosts.conf /etc/httpd/conf/sites.d/00_default_ssl_vhost.conf /etc/httpd/conf/vhosts-ssl.default`
90	`fi`	92	`fi`
91	`}`	93	`}`
92		94
93	`function certImport()`	95	`function certImport()`
94	`{`	96	`{`
95	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`	97	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
96	`then`	98	`then`
97	`echo "Backup of old cert (alcasar.crt)"`	99	`echo "Backup of old cert (alcasar.crt)"`
98	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`	100	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
99	`fi`	101	`fi`
100	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`	102	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
101	`then`	103	`then`
102	`echo "Backup of old private key (alcasar.key)"`	104	`echo "Backup of old private key (alcasar.key)"`
103	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`	105	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
104	`fi`	106	`fi`
105		107
106	`cp $cert $DIR_CERT/certs/alcasar.crt`	108	`cp $cert $DIR_CERT/certs/alcasar.crt`
107	`cp $key $DIR_CERT/private/alcasar.key`	109	`cp $key $DIR_CERT/private/alcasar.key`
108		110
109	`chown root:apache $DIR_CERT/certs/alcasar.crt`	111	`chown root:apache $DIR_CERT/certs/alcasar.crt`
110	`chown root:apache $DIR_CERT/private/alcasar.key`	112	`chown root:apache $DIR_CERT/private/alcasar.key`
111		113
112	`chmod 750 $DIR_CERT/certs/alcasar.crt`	114	`chmod 750 $DIR_CERT/certs/alcasar.crt`
113	`chmod 750 $DIR_CERT/private/alcasar.key`	115	`chmod 750 $DIR_CERT/private/alcasar.key`
114		116
115	`if [ "$sc" != "" ]`	117	`if [ "$sc" != "" ]`
116	`then`	118	`then`
117	`echo "cert-chain exists"`	119	`echo "cert-chain exists"`
118	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`	120	`if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]`
119	`then`	121	`then`
120	`echo "Backup of old cert-chain (server-chain.crt)"`	122	`echo "Backup of old cert-chain (server-chain.crt)"`
121	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`	123	`mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old`
122	`fi`	124	`fi`
123	`cp $sc $DIR_CERT/certs/server-chain.crt`	125	`cp $sc $DIR_CERT/certs/server-chain.crt`
124	`chown root:apache $DIR_CERT/certs/server-chain.crt`	126	`chown root:apache $DIR_CERT/certs/server-chain.crt`
125	`chmod 750 $DIR_CERT/certs/server-chain.crt`	127	`chmod 750 $DIR_CERT/certs/server-chain.crt`
126	`fi`	128	`fi`
127	`}`	129	`}`
128		130
129		131
130	`if [ $nb_args -eq 0 ]`	132	`if [ $nb_args -eq 0 ]`
131	`then`	133	`then`
132	`echo -e "$usage"`	134	`echo -e "$usage"`
133	`exit 1`	135	`exit 1`
134	`fi`	136	`fi`
135		137
136	`case $arg1 in`	138	`case $arg1 in`
137	`-\? \| -h* \| --h*)`	139	`-\? \| -h* \| --h*)`
138	`echo -e "$usage"`	140	`echo -e "$usage"`
139	`exit 0`	141	`exit 0`
140	`;;`	142	`;;`
141	`-i)`	143	`-i)`
142	`arg3=$3`	144	`arg3=$3`
143	`arg5=$5`	145	`arg5=$5`
144	`cert=$2`	146	`cert=$2`
145	`key=$4`	147	`key=$4`
146	`sc=$6`	148	`sc=$6`
147		149
148	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	150	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
149	`then`	151	`then`
150	`echo -e "$usage"`	152	`echo -e "$usage"`
151	`exit 1`	153	`exit 1`
152	`fi`	154	`fi`
153		155
154	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`	156	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`
155	`then`	157	`then`
156	`echo "Certificate and/or private key not found"`	158	`echo "Certificate and/or private key not found"`
157	`exit 1`	159	`exit 1`
158	`fi`	160	`fi`
159		161
160	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`	162	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`
161	`then`	163	`then`
162	`echo "Invalid certificate file"`	164	`echo "Invalid certificate file"`
163	`exit 1`	165	`exit 1`
164	`fi`	166	`fi`
165		167
166	`if [ ${key: -4} != ".key" ]`	168	`if [ ${key: -4} != ".key" ]`
167	`then`	169	`then`
168	`echo "Invalid private key"`	170	`echo "Invalid private key"`
169	`exit 1`	171	`exit 1`
170	`fi`	172	`fi`
171		173
172	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`	174	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`
173	`then`	175	`then`
174	`echo "No server-chain given"`	176	`echo "No server-chain given"`
175	`echo "Importing certificate $cert with private key $key"`	177	`echo "Importing certificate $cert with private key $key"`
176	`sc=""`	178	`sc=""`
177	`else`	179	`else`
178	`if [ ! -f "$sc" ]`	180	`if [ ! -f "$sc" ]`
179	`then`	181	`then`
180	`echo "Server-chain certificate not found"`	182	`echo "Server-chain certificate not found"`
181	`exit 1`	183	`exit 1`
182	`fi`	184	`fi`
183	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]`	185	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]`
184	`then`	186	`then`
185	`echo "Invalid server-chain certificate file"`	187	`echo "Invalid server-chain certificate file"`
186	`exit 1`	188	`exit 1`
187	`fi`	189	`fi`
188	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	190	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
189	`fi`	191	`fi`
190	`domainName $cert`	192	`domainName $cert`
191	`certImport $cert $key $sc`	193	`certImport $cert $key $sc`
192	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	194	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`
193	`do`	195	`do`
194	`echo "restarting $services"; systemctl restart $services; sleep 1`	196	`echo "restarting $services"; systemctl restart $services; sleep 1`
195	`done`	197	`done`
196	`;;`	198	`;;`
197	`-d)`	199	`-d)`
198	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	200	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
199	`then`	201	`then`
200	`echo "Restoring default certificate"`	202	`echo "Restoring default certificate"`
201	`defaultCert`	203	`defaultCert`
202	`defaultNdd`	204	`defaultNdd`
203	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`	205	`for services in chilli dnsmasq dnsmasq-blackhole dnsmasq-blacklist dnsmasq-whitelist httpd`
204	`do`	206	`do`
205	`echo "restarting $services"; systemctl restart $services; sleep 1`	207	`echo "restarting $services"; systemctl restart $services; sleep 1`
206	`done`	208	`done`
207	`fi`	209	`fi`
208	`;;`	210	`;;`
209	`*)`	211	`*)`
210	`echo -e "$usage"`	212	`echo -e "$usage"`
211	`;;`	213	`;;`
212	`esac`	214	`esac`
213		215

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2850 – Rev 2261 → 2295