WebSVN – ALCASAR – Diff – /scripts/alcasar-importcert.sh


#!/bin/bash
#
# $Id: alcasar-importcert.sh 2850 2020-07-15 22:24:44Z rexy $
#
# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna & rexy
#
# This script is distributed under the Gnu General Public License (GPL)
#
# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default
#
# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate
 
SED="/bin/sed -ri"
DIR_CERT="/etc/pki/tls"
CONF_FILE="/usr/local/etc/alcasar.conf"
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
 
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
nb_args=$#
arg1=$1
 
function defaultCert()
{
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
	if [ -f $DIR_CERT/certs/server-chain.pem.old ]
	then
		mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem
	fi
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
	chown root:apache $DIR_CERT/private/alcasar.pem
	chmod 750 $DIR_CERT/private/alcasar.pem
}
 
function domainName() # change the domain name in the conf files
{
	fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt | grep commonName|cut -d"=" -f2|tr -d ' ')
	#check if there is a wildcard in $fqdn
	if [[ $fqdn == *"*"* ]];
	then
		hostname="alcasar"
		fqdn=${fqdn/"*"/$hostname}
	else
		hostname=$(echo $fqdn | cut -d'.' -f1)
	fi
	domain=$(echo $fqdn | cut -d'.' -f2-)
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
	#check fqdn format
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
		/usr/local/bin/alcasar-conf.sh --apply
	fi
}
 
function certImport()
{
	if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]
	then
		echo "Backup of old cert (alcasar.crt)"
		mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old
	fi
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
	then
		echo "Backup of old private key (alcasar.key)"
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
	fi
	cp $cert $DIR_CERT/certs/alcasar.crt
	cp $key $DIR_CERT/private/alcasar.key
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
	chown root:apache $DIR_CERT/certs/alcasar.crt
	chown root:apache $DIR_CERT/private/alcasar.key
	chown root:apache $DIR_CERT/private/alcasar.pem
	chmod 750 $DIR_CERT/certs/alcasar.crt
	chmod 750 $DIR_CERT/private/alcasar.key
	chmod 750 $DIR_CERT/private/alcasar.pem
	if [ "$sc" != "" ]
	then
		echo "cert-chain exists"
		if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]
		then
			echo "Backup of old cert-chain (server-chain.pem)"
			mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old
		fi
		cp $sc $DIR_CERT/certs/server-chain.pem
		chown root:apache $DIR_CERT/certs/server-chain.pem
		chmod 750 $DIR_CERT/certs/server-chain.pem
	fi
}
 
 
if [ $nb_args -eq 0 ]
then
	echo -e "$usage"
	exit 1
fi
 
case $arg1 in
	-\? | -h* | --h*)
		echo -e "$usage"
		exit 0
		;;
	-i)
		arg3=$3
		arg5=$5
		cert=$2
		key=$4
		sc=$6
 
		if [ "$cert" == "" ] || [ "$key" == "" ]
		then
			echo -e "$usage"
			exit 1
		fi
 
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
		then
			echo "Certificate and/or private key not found"
			exit 1
		fi
 
		if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]
		then
			echo "Invalid certificate file"
			exit 1
		fi
 
		if [ ${key: -4} != ".key" ]
		then
			echo "Invalid private key"
			exit 1
		fi
 
		if [ "$arg5" != "-c" ] || [ -z "$sc" ]
		then
			echo "No server-chain given"
			echo "Importing certificate $cert with private key $key"
			sc=""
		else
			if [ ! -f "$sc" ]
			then
				echo "Server-chain certificate not found"
				exit 1
			fi
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]
			then
				echo "Invalid server-chain certificate file"
				exit 1
			fi
			echo "Importing certificate $cert with private key $key and server-chain $sc"
		fi
		certImport 
		domainName
		;;
	-d)
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
		then
			echo "Restoring default certificate"
			defaultCert
			domainName
		else echo "No default cert found"
		fi
		;;
	*)
		echo -e "$usage"
		;;
esac
 

Rev 2813	Rev 2850
1	`#!/bin/bash`	1	`#!/bin/bash`
2	`#`	2	`#`
3	`# $Id: alcasar-importcert.sh 2813 2020-04-26 21:26:32Z rexy $`	3	`# $Id: alcasar-importcert.sh 2850 2020-07-15 22:24:44Z rexy $`
4	`#`	4	`#`
5	`# alcasar-importcert.sh`	5	`# alcasar-importcert.sh`
6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`	6	`# by Raphaël, Hugo, Clément, Bettyna & rexy`
7	`#`	7	`#`
8	`# This script is distributed under the Gnu General Public License (GPL)`	8	`# This script is distributed under the Gnu General Public License (GPL)`
9	`#`	9	`#`
10	`# Script permettant`	10	`# Script permettant`
11	`# - d'importer des certificats sur Alcasar`	11	`# - d'importer des certificats sur Alcasar`
12	`# - de revenir au certificat par default`	12	`# - de revenir au certificat par default`
13	`#`	13	`#`
14	`# This script allows`	14	`# This script allows`
15	`# - to import a certificate in Alcasar`	15	`# - to import a certificate in Alcasar`
16	`# - to go back to the default certificate`	16	`# - to go back to the default certificate`
17		17
18	`SED="/bin/sed -ri"`	18	`SED="/bin/sed -ri"`
19	`DIR_CERT="/etc/pki/tls"`	19	`DIR_CERT="/etc/pki/tls"`
20	`CONF_FILE="/usr/local/etc/alcasar.conf"`	20	`CONF_FILE="/usr/local/etc/alcasar.conf"`
21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`	21	PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE\|cut -d"=" -f2`
22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`	22	PRIVATE_IP=`echo $PRIVATE_IP_MASK \| cut -d"/" -f1`
23		23
24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`	24	`usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n alcasar-importcert.sh -d (restore default certificate)"`
25	`nb_args=$#`	25	`nb_args=$#`
26	`arg1=$1`	26	`arg1=$1`
27		27
28	`function defaultCert()`	28	`function defaultCert()`
29	`{`	29	`{`
30	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`	30	`mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt`
31	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`	31	`mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key`
32	`if [ -f $DIR_CERT/certs/server-chain.pem.old ]`	32	`if [ -f $DIR_CERT/certs/server-chain.pem.old ]`
33	`then`	33	`then`
34	`mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem`	34	`mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem`
35	`fi`	35	`fi`
36	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`	36	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`
37	`chown root:apache $DIR_CERT/private/alcasar.pem`	37	`chown root:apache $DIR_CERT/private/alcasar.pem`
38	`chmod 750 $DIR_CERT/private/alcasar.pem`	38	`chmod 750 $DIR_CERT/private/alcasar.pem`
39	`}`	39	`}`
40		40
41	`function domainName() # change the domain name in the conf files`	41	`function domainName() # change the domain name in the conf files`
42	`{`	42	`{`
43	`fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt \| grep commonName\|cut -d"=" -f2\|tr -d ' ')`	43	`fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt \| grep commonName\|cut -d"=" -f2\|tr -d ' ')`
44	`#check if there is a wildcard in $fqdn`	44	`#check if there is a wildcard in $fqdn`
45	`if [[ $fqdn == ""* ]];`	45	`if [[ $fqdn == ""* ]];`
46	`then`	46	`then`
47	`hostname="alcasar"`	47	`hostname="alcasar"`
48	`fqdn=${fqdn/"*"/$hostname}`	48	`fqdn=${fqdn/"*"/$hostname}`
49	`else`	49	`else`
50	`hostname=$(echo $fqdn \| cut -d'.' -f1)`	50	`hostname=$(echo $fqdn \| cut -d'.' -f1)`
51	`fi`	51	`fi`
52	`domain=$(echo $fqdn \| cut -d'.' -f2-)`	52	`domain=$(echo $fqdn \| cut -d'.' -f2-)`
53	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`	53	`echo "fqdn=$fqdn hostname=$hostname domain=$domain"`
54	`#check fqdn format`	54	`#check fqdn format`
55	`if [[ "$fqdn" != "" && "$domain" != "" ]]; then`	55	`if [[ "$fqdn" != "" && "$domain" != "" ]]; then`
56	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`	56	`$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf`
57	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`	57	`$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf`
58	`# /usr/local/bin/alcasar-conf.sh --apply`	58	`/usr/local/bin/alcasar-conf.sh --apply`
59	`fi`	59	`fi`
60	`}`	60	`}`
61		61
62	`function certImport()`	62	`function certImport()`
63	`{`	63	`{`
64	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`	64	`if [ ! -f "$DIR_CERT/certs/alcasar.crt.old" ]`
65	`then`	65	`then`
66	`echo "Backup of old cert (alcasar.crt)"`	66	`echo "Backup of old cert (alcasar.crt)"`
67	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`	67	`mv $DIR_CERT/certs/alcasar.crt $DIR_CERT/certs/alcasar.crt.old`
68	`fi`	68	`fi`
69	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`	69	`if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]`
70	`then`	70	`then`
71	`echo "Backup of old private key (alcasar.key)"`	71	`echo "Backup of old private key (alcasar.key)"`
72	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`	72	`mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old`
73	`fi`	73	`fi`
74	`cp $cert $DIR_CERT/certs/alcasar.crt`	74	`cp $cert $DIR_CERT/certs/alcasar.crt`
75	`cp $key $DIR_CERT/private/alcasar.key`	75	`cp $key $DIR_CERT/private/alcasar.key`
76	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`	76	`(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem`
77	`chown root:apache $DIR_CERT/certs/alcasar.crt`	77	`chown root:apache $DIR_CERT/certs/alcasar.crt`
78	`chown root:apache $DIR_CERT/private/alcasar.key`	78	`chown root:apache $DIR_CERT/private/alcasar.key`
79	`chown root:apache $DIR_CERT/private/alcasar.pem`	79	`chown root:apache $DIR_CERT/private/alcasar.pem`
80	`chmod 750 $DIR_CERT/certs/alcasar.crt`	80	`chmod 750 $DIR_CERT/certs/alcasar.crt`
81	`chmod 750 $DIR_CERT/private/alcasar.key`	81	`chmod 750 $DIR_CERT/private/alcasar.key`
82	`chmod 750 $DIR_CERT/private/alcasar.pem`	82	`chmod 750 $DIR_CERT/private/alcasar.pem`
83	`if [ "$sc" != "" ]`	83	`if [ "$sc" != "" ]`
84	`then`	84	`then`
85	`echo "cert-chain exists"`	85	`echo "cert-chain exists"`
86	`if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]`	86	`if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]`
87	`then`	87	`then`
88	`echo "Backup of old cert-chain (server-chain.pem)"`	88	`echo "Backup of old cert-chain (server-chain.pem)"`
89	`mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old`	89	`mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old`
90	`fi`	90	`fi`
91	`cp $sc $DIR_CERT/certs/server-chain.pem`	91	`cp $sc $DIR_CERT/certs/server-chain.pem`
92	`chown root:apache $DIR_CERT/certs/server-chain.pem`	92	`chown root:apache $DIR_CERT/certs/server-chain.pem`
93	`chmod 750 $DIR_CERT/certs/server-chain.pem`	93	`chmod 750 $DIR_CERT/certs/server-chain.pem`
94	`fi`	94	`fi`
95	`}`	95	`}`
96		96
97		97
98	`if [ $nb_args -eq 0 ]`	98	`if [ $nb_args -eq 0 ]`
99	`then`	99	`then`
100	`echo -e "$usage"`	100	`echo -e "$usage"`
101	`exit 1`	101	`exit 1`
102	`fi`	102	`fi`
103		103
104	`case $arg1 in`	104	`case $arg1 in`
105	`-\? \| -h* \| --h*)`	105	`-\? \| -h* \| --h*)`
106	`echo -e "$usage"`	106	`echo -e "$usage"`
107	`exit 0`	107	`exit 0`
108	`;;`	108	`;;`
109	`-i)`	109	`-i)`
110	`arg3=$3`	110	`arg3=$3`
111	`arg5=$5`	111	`arg5=$5`
112	`cert=$2`	112	`cert=$2`
113	`key=$4`	113	`key=$4`
114	`sc=$6`	114	`sc=$6`
115		115
116	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`	116	`if [ "$cert" == "" ] \|\| [ "$key" == "" ]`
117	`then`	117	`then`
118	`echo -e "$usage"`	118	`echo -e "$usage"`
119	`exit 1`	119	`exit 1`
120	`fi`	120	`fi`
121		121
122	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`	122	`if [ ! -f "$cert" ] \|\| [ ! -f "$key" ]`
123	`then`	123	`then`
124	`echo "Certificate and/or private key not found"`	124	`echo "Certificate and/or private key not found"`
125	`exit 1`	125	`exit 1`
126	`fi`	126	`fi`
127		127
128	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`	128	`if [ ${cert: -4} != ".crt" ] && [ ${cert: -4} != ".cer" ]`
129	`then`	129	`then`
130	`echo "Invalid certificate file"`	130	`echo "Invalid certificate file"`
131	`exit 1`	131	`exit 1`
132	`fi`	132	`fi`
133		133
134	`if [ ${key: -4} != ".key" ]`	134	`if [ ${key: -4} != ".key" ]`
135	`then`	135	`then`
136	`echo "Invalid private key"`	136	`echo "Invalid private key"`
137	`exit 1`	137	`exit 1`
138	`fi`	138	`fi`
139		139
140	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`	140	`if [ "$arg5" != "-c" ] \|\| [ -z "$sc" ]`
141	`then`	141	`then`
142	`echo "No server-chain given"`	142	`echo "No server-chain given"`
143	`echo "Importing certificate $cert with private key $key"`	143	`echo "Importing certificate $cert with private key $key"`
144	`sc=""`	144	`sc=""`
145	`else`	145	`else`
146	`if [ ! -f "$sc" ]`	146	`if [ ! -f "$sc" ]`
147	`then`	147	`then`
148	`echo "Server-chain certificate not found"`	148	`echo "Server-chain certificate not found"`
149	`exit 1`	149	`exit 1`
150	`fi`	150	`fi`
151	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]`	151	`if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]`
152	`then`	152	`then`
153	`echo "Invalid server-chain certificate file"`	153	`echo "Invalid server-chain certificate file"`
154	`exit 1`	154	`exit 1`
155	`fi`	155	`fi`
156	`echo "Importing certificate $cert with private key $key and server-chain $sc"`	156	`echo "Importing certificate $cert with private key $key and server-chain $sc"`
157	`fi`	157	`fi`
158	`certImport`	158	`certImport`
159	`domainName`	159	`domainName`
160	`;;`	160	`;;`
161	`-d)`	161	`-d)`
162	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`	162	`if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]`
163	`then`	163	`then`
164	`echo "Restoring default certificate"`	164	`echo "Restoring default certificate"`
165	`defaultCert`	165	`defaultCert`
166	`domainName`	166	`domainName`
167	`else echo "No default cert found"`	167	`else echo "No default cert found"`
168	`fi`	168	`fi`
169	`;;`	169	`;;`
170	`*)`	170	`*)`
171	`echo -e "$usage"`	171	`echo -e "$usage"`
172	`;;`	172	`;;`
173	`esac`	173	`esac`
174		174

Subversion Repositories ALCASAR

(root)/scripts/alcasar-importcert.sh @ 2432 – Rev 2813 → 2850