Subversion Repositories ALCASAR

#!/bin/sh

# alcasar-importcert.sh
# by Raphaël, Hugo, Clément, Bettyna

# This script is distributed under the Gnu General Public License (GPL)

# Script permettant
# - d'importer des certificats sur Alcasar
# - de revenir au certificat par default

# This script allows
# - to import a certificate in Alcasar
# - to go back to the default certificate

SED="/bin/sed -ri"

DIR_CERT="/etc/pki/tls"

usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"


nb_args=$#
arg1=$1


# nb_args=$#
# args=$1
# args1=$3
# args2=$5
# cert=$2
# key=$4
# sc=$6

function defaultNdd()
{
        $SED 's/^DOMAIN=.*/DOMAIN=localdomain/g' /usr/local/etc/alcasar.conf
        $SED 's/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.localdomain/g' /etc/hosts
        $SED 's/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.localdomain/g' /etc/chilli.conf
        $SED 's/^domain.*/domain\t\tlocaldomain/g' /etc/chilli.conf
        $SED 's/^ServerName.*/ServerName alcasar.localdomain/g' /etc/httpd/conf/httpd.conf
}

function defaultCert()
{
        cd $DIR_CERT
        rm private/alcasar.key
        rm certs/alcasar.crt
        mv certs/alcasar.crt.old certs/alcasar.crt
        mv private/alcasar.key.old private/alcasar.key
        if [ -f certs/server-chain.crt.old ]
        then
                rm certs/server-chain.crt
                mv certs/server-chain.crt.old certs/server-chain.crt
        fi
}

function domainName() # change the domain name in the conf files
{

        ndd=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p')
        echo $ndd
        if [ "$ndd" != "" ]
        then
                $SED "s/^DOMAIN=.*/DOMAIN=$ndd/g" /usr/local/etc/alcasar.conf
                $SED "s/\.([a-zA-Z][a-zA-Z0-9-]+(\.[a-z]{2,4})?)/.$ndd/g" /etc/hosts
                $SED "s/alcasar\.([a-zA-Z0-9-]+(\.[a-z]{2,4})?)/alcasar.$ndd/g" /etc/chilli.conf
                $SED "s/^domain.*/domain\t\t$ndd/g" /etc/chilli.conf
                $SED "s/^ServerName.*/ServerName alcasar.$ndd/g" /etc/httpd/conf/httpd.conf
        fi
}

function certImport()
{
        cd $DIR_CERT

        if [ ! -f "/etc/pki/tls/certs/alcasar.crt.old" ]
        then
                echo "Backup of old cert (alcasar.crt)"
                mv certs/alcasar.crt certs/alcasar.crt.old
        fi
        if [ ! -f "/etc/pki/tls/private/alcasar.key.old" ]
        then
                echo "Backup of old private key (alcasar.key)"
                mv private/alcasar.key private/alcasar.key.old
        fi

        cp $cert certs/alcasar.crt
        cp $key private/alcasar.key

        chown root:apache certs/alcasar.crt
        chown root:apache private/alcasar.key

        chmod 750 certs/alcasar.crt
        chmod 750 private/alcasar.key

        if [ "$sc" != "" ]
        then
                echo "cert-chain exists"
                if [ ! -f "/etc/pki/tls/certs/server-chain.crt.old" ]
                then
                        echo "Backup of old cert-chain (server-chain.crt)"
                        mv certs/server-chain.crt certs/server-chain.crt.old
                fi
                cp $sc certs/server-chain.crt
                chown root:apache certs/server-chain.crt
                chmod 750 certs/server-chain.crt
        fi
}


if [ $nb_args -eq 0 ]
then
        echo "$usage"
        exit 1
fi

case $arg1 in
        -\? | -h* | --h*)
                echo "$usage"
                exit 0
                ;;
        -i)
                arg3=$3
                arg5=$5
                cert=$2
                key=$4
                sc=$6

                if [ "$cert" == "" ] || [ "$key" == "" ]
                then
                        echo "$usage"
                        exit 1
                fi

                if [ ! -f "$cert" -o ! -f "$key" ]
                then
                        echo "Certificate and/or private key not found"
                        exit 1
                fi

                if [ ${cert: -4} != ".crt" ]
                then
                        echo "Invalid certificate file"
                        exit 1
                fi

                if [ ${key: -4} != ".key" ]
                then
                        echo "Invalid private key"
                        exit 1
                fi

                if [ "$arg5" != "-c" ] || [ ! -f "$sc" ]
                then
                        echo "No server-chain given"
                        echo "Importing certificate $cert with private key $key"
                        sc=""
                else
                        echo "Importing certificate $cert with private key $key and server-chain $sc"
                fi

                domainName $cert
                certImport $cert $key $sc
                systemctl restart chilli.service
                systemctl restart httpd.service
                ;;
        -d)
                if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
                then
                        echo "Restoring default certificate"
                        defaultCert
                        defaultNdd
                        systemctl restart chilli.service
                        systemctl restart httpd.service
                fi
                ;;
        *)
                echo "$usage"
                ;;
esac