Subversion Repositories ALCASAR

Rev

Rev 2454 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2454 Rev 2488
1 
#!/bin/sh
 1 
#!/bin/sh
2 
 
 2 
 
3 
# Id: $Id$
 3 
# Id: $Id$
4 
 
 4 
 
5 
# alcasar-certificates.sh
 5 
# alcasar-certificates.sh
6 
# by Franck BOUIJOUX and REXY
 6 
# by Franck BOUIJOUX and REXY
7 
# This script is distributed under the Gnu General Public License (GPL)
 7 
# This script is distributed under the Gnu General Public License (GPL)
8 
 
 8 
 
9 
# Script permettant
 9 
# Script permettant
10 
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
 10 
#	- d'exporter les certificats d'un serveur pour les transposer sur un autre.
11 
 
 11 
 
12 
# This script allows
 12 
# This script allows
13 
#	- export certificates server to move them.
 13 
#	- export certificates server to move them.
14 
 
 14 
 
15 
 
 15 
 
16 
DIR_EXPORT="/root/Certificats"
 16 
DIR_EXPORT="/root/Certificats"
17 
DIR_PKI="/etc/pki"
 17 
DIR_PKI="/etc/pki"
18 
DIR_SAVE="/root/PKI_SAVE"
 18 
DIR_SAVE="/root/PKI_SAVE"
19 
DIR_IMPORT="/root/Certificats"
 19 
DIR_IMPORT="/root/Certificats"
20 
 
 20 
 
21 
 
 21 
 
22 
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
 22 
usage="Usage: alcasar-certificates.sh {--export or -x} | {--import or -i <FileOfCertificate.tar.gz>} "
23 
 
 23 
 
24 
nb_args=$#
 24 
nb_args=$#
25 
args=$1
 25 
args=$1
26 
if [ $nb_args -eq 0 ]
 26 
if [ $nb_args -eq 0 ]
27 
then
 27 
then
28 
	nb_args=1
 28 
	nb_args=1
29 
	args="-h"
 29 
	args="-h"
30 
fi
 30 
fi
31 
 
 31 
 
32 
 
 32 
 
33 
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
 33 
NOW="$(date +%G%m%d-%Hh%M)"		# date et heure du moment
34 
FILE="certificates-$NOW"
 34 
FILE="certificates-$NOW"
35 
DIR_SAVE=$DIR_SAVE-$NOW
 35 
DIR_SAVE=$DIR_SAVE-$NOW
36 
 
 36 
 
37 
# Function of export
 37 
# Function of export
38 
function certs_export() {
 38 
function certs_export() {
39 
	#  Export of CA Certificate
 39 
	#  Export of CA Certificate
40 
	cd /root
 40 
	cd /root
41 
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
 41 
	tar cvf $FILE.tar $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
42 
 
 42 
 
43 
	#  Export of server Certificate
 43 
	#  Export of server Certificate
44 
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
 44 
	tar rvf $FILE.tar $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
45 
	gzip $FILE.tar
 45 
	gzip $FILE.tar
46 
	echo "Le ficher des certificats exportés est : $FILE.tar.gz"
 46 
	echo "Le fichier des certificats exportés est : $FILE.tar.gz"
47 
} # end function export
 47 
} # end function export
48 
 
 48 
 
49 
 
 49 
 
50 
function archive() {
 50 
function archive() {
51 
	# Sauvegarde de la pki actuelle
 51 
	# Sauvegarde de la pki actuelle
52 
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
 52 
	[ -d $DIR_SAVE ] || mkdir $DIR_SAVE
53 
 
 53 
 
54 
	#  Save of CA Certificate
 54 
	#  Save of CA Certificate
55 
	cd $DIR_PKI/CA/
 55 
	cd $DIR_PKI/CA/
56 
	cp alcasar-ca.crt $DIR_SAVE/.
 56 
	cp alcasar-ca.crt $DIR_SAVE/.
57 
	cp private/alcasar-ca.key $DIR_SAVE/.
 57 
	cp private/alcasar-ca.key $DIR_SAVE/.
58 
 
 58 
 
59 
	#  Save of server Certificate
 59 
	#  Save of server Certificate
60 
	cd $DIR_PKI/tls
 60 
	cd $DIR_PKI/tls
61 
	cp certs/alcasar.crt $DIR_SAVE/.
 61 
	cp certs/alcasar.crt $DIR_SAVE/.
62 
	cp private/alcasar.key $DIR_SAVE/.
 62 
	cp private/alcasar.key $DIR_SAVE/.
63 
	cp certs/server-chain.crt $DIR_SAVE/.
 63 
	cp certs/server-chain.crt $DIR_SAVE/.
64 
} # end function archive
 64 
} # end function archive
65 
 
 65 
 
66 
function import() {
 66 
function import() {
67 
	echo "Would you like to Import New Certificates in ALCASAR ?"
 67 
	echo "Would you like to Import New Certificates in ALCASAR ?"
68 
	read response
 68 
	read response
69 
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
 69 
	if [ $response = "y" ] || [ $response = "o" ] || [ $response = "Y" ] || [ $response = "O" ]
70 
	then
 70 
	then
71 
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
 71 
		[ -d $DIR_IMPORT ] || mkdir $DIR_IMPORT
72 
		rm -rf $DIR_IMPORT/*
 72 
		rm -rf $DIR_IMPORT/*
73 
 
 73 
 
74 
		#  Import of CA Certificate
 74 
		#  Import of CA Certificate
75 
		tar xzvf $1 --directory=$DIR_IMPORT
 75 
		tar xzvf $1 --directory=$DIR_IMPORT
- 
 
 76 
		cat $DIR_PKI/tls/private/alcasar.key $DIR_PKI/tls/certs/alcasar.crt > $DIR_PKI/tls/private/alcasar.pem
76 
		echo "Import new certificates in ALCASAR !!!"
 77 
		echo "Import new certificates in ALCASAR !!!"
77 
		cp -r $DIR_IMPORT/* /.
 78 
		cp -r $DIR_IMPORT/* /.
78 
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
 79 
		chown root:apache $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
79 
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,certs/server-chain.crt}
 80 
		chown root:apache $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
80 
 
 81 
 
81 
		# Service apache restart
 82 
		chmod 750 $DIR_PKI/CA/{alcasar-ca.crt,private/alcasar-ca.key}
- 
 
 83 
		chmod 750 $DIR_PKI/tls/{certs/alcasar.crt,private/alcasar.key,private/alcasar.pem,certs/server-chain.crt}
- 
 
 84 
 
82 
		service httpd restart
 85 
		service lighttpd restart
83 
	else
 86 
	else
84 
		echo "You are not import new certificates !!!"
 87 
		echo "You are not import new certificates !!!"
85 
		exit 0
 88 
		exit 0
86 
	fi
 89 
	fi
87 
} # end import
 90 
} # end import
88 
 
 91 
 
89 
#  Core script
 92 
#  Core script
90 
case $args in
 93 
case $args in
91 
	-\? | -h* | --h*)
 94 
	-\? | -h* | --h*)
92 
		echo "$usage"
 95 
		echo "$usage"
93 
		exit 0
 96 
		exit 0
94 
		;;
 97 
		;;
95 
	--export | -x)
98 
	--export | -x)
96 
		archive
 99 
		archive
97 
		certs_export
 100 
		certs_export
98 
		;;
 101 
		;;
99 
	--import | -i)
 102 
	--import | -i)
100 
		nb_args=$#
 103 
		nb_args=$#
101 
		if [ $nb_args -eq 1 ]
 104 
		if [ $nb_args -eq 1 ]
102 
		then
 105 
		then
103 
			echo "Il faut passer un fichier de certificat en paramètre !!!"
 106 
			echo "Il faut passer un fichier de certificat en paramètre !!!"
104 
			exit 0
 107 
			exit 0
105 
		fi
 108 
		fi
106 
		import $2
 109 
		import $2
107 
		;;
 110 
		;;
108 
	*)
 111 
	*)
109 
		echo "Unknown argument :$1";
 112 
		echo "Unknown argument :$1";
110 
		echo "$usage"
 113 
		echo "$usage"
111 
		exit 1
 114 
		exit 1
112 
		;;
 115 
		;;
113 
esac
 116 
esac
114 
exit 0
 117 
exit 0
115 
 
 118 
 
116 
 
 119