Subversion Repositories ALCASAR

Rev

Rev 2223 | Rev 2261 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2223 Rev 2260
Line 1... Line 1...
1
#!/bin/sh
1
#!/bin/bash
2
#
2
#
3
# $Id: alcasar-importcert.sh 2223 2017-05-14 14:38:01Z tom.houdayer $
3
# $Id: alcasar-importcert.sh 2260 2017-05-29 19:46:00Z tom.houdayer $
4
#
4
#
5
# alcasar-importcert.sh
5
# alcasar-importcert.sh
6
# by Raphaël, Hugo, Clément, Bettyna & rexy
6
# by Raphaël, Hugo, Clément, Bettyna & rexy
7
#
7
#
8
# This script is distributed under the Gnu General Public License (GPL)
8
# This script is distributed under the Gnu General Public License (GPL)
Line 16... Line 16...
16
# - to go back to the default certificate
16
# - to go back to the default certificate
17
 
17
 
18
SED="/bin/sed -ri"
18
SED="/bin/sed -ri"
19
DIR_CERT="/etc/pki/tls"
19
DIR_CERT="/etc/pki/tls"
20
CONF_FILE="/usr/local/etc/alcasar.conf"
20
CONF_FILE="/usr/local/etc/alcasar.conf"
21
PRIVATE_IP_MASK=`grep PRIVATE_IP $CONF_FILE|cut -d"=" -f2`
21
PRIVATE_IP_MASK=`grep ^PRIVATE_IP= $CONF_FILE|cut -d"=" -f2`
22
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
22
PRIVATE_IP=`echo $PRIVATE_IP_MASK | cut -d"/" -f1`
23
DEFAULT_FQDN='alcasar.localdomain'
-
 
24
 
23
 
25
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key (-c /path/to/serverchain.crt) || alcasar-importcert.sh -d (Cette utilisation permet de revenir au certificat par default)"
24
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
26
nb_args=$#
25
nb_args=$#
27
arg1=$1
26
arg1=$1
28
 
27
 
29
 
-
 
30
function defaultNdd()
28
function defaultNdd()
31
{
29
{
32
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
30
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
33
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
31
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
34
	cat <<EOF > /etc/hosts
32
	cat <<EOF > /etc/hosts
Line 51... Line 49...
51
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
49
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
52
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
50
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
53
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
51
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
54
	then
52
	then
55
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
53
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
56
	#else 
-
 
57
	#	rm -f $DIR_CERT/certs/server-chain.crt
-
 
58
	fi
54
	fi
59
}
55
}
60
 
56
 
61
function domainName() # change the domain name in the conf files
57
function domainName() # change the domain name in the conf files
62
{
58
{
63
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
59
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
64
 
60
 
65
        #check if there is a wildcard in $fqdn
61
	#check if there is a wildcard in $fqdn
66
        if [[ $fqdn == *"*"* ]];
62
	if [[ $fqdn == *"*"* ]];
67
        then
63
	then
68
                hostname="alcasar"
64
		hostname="alcasar"
69
                fqdn=${fqdn/"*"/$hostname}
65
		fqdn=${fqdn/"*"/$hostname}
70
        else
66
	else
71
                hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
67
		hostname=`echo $fqdn | awk -F'.' '{ print $1 }'`
72
        fi
68
	fi
73
        domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' |sed 's/^.//'`
69
	domain=`echo $fqdn | awk -F'.' '{$1="";OFS=".";print $0}' | sed 's/^.//'`
74
        echo "fqdn=$fqdn hostname=$hostname domain=$domain"
70
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
75
 
71
 
76
        #check fqdn format      
72
	#check fqdn format      
77
        if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];
73
	if [[ "$fqdn" != "" && "$domain" != "" && "$hostname" == "alcasar" ]];
78
	then
74
	then
79
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
75
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
80
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
76
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
81
		cat <<EOF > /etc/hosts
77
		cat <<EOF > /etc/hosts
82
127.0.0.1	localhost
78
127.0.0.1	localhost
Line 104... Line 100...
104
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
100
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
105
	then
101
	then
106
		echo "Backup of old private key (alcasar.key)"
102
		echo "Backup of old private key (alcasar.key)"
107
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
103
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
108
	fi
104
	fi
-
 
105
 
109
	cp $cert $DIR_CERT/certs/alcasar.crt
106
	cp $cert $DIR_CERT/certs/alcasar.crt
110
	cp $key $DIR_CERT/private/alcasar.key
107
	cp $key $DIR_CERT/private/alcasar.key
111
 
108
 
112
	rm $cert $key
-
 
113
 
-
 
114
	chown root:apache $DIR_CERT/certs/alcasar.crt
109
	chown root:apache $DIR_CERT/certs/alcasar.crt
115
	chown root:apache $DIR_CERT/private/alcasar.key
110
	chown root:apache $DIR_CERT/private/alcasar.key
116
 
111
 
117
	chmod 750 $DIR_CERT/certs/alcasar.crt
112
	chmod 750 $DIR_CERT/certs/alcasar.crt
118
	chmod 750 $DIR_CERT/private/alcasar.key
113
	chmod 750 $DIR_CERT/private/alcasar.key
-
 
114
 
119
	if [ "$sc" != "" ]
115
	if [ "$sc" != "" ]
120
	then
116
	then
121
		echo "cert-chain exists"
117
		echo "cert-chain exists"
122
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
118
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
123
		then
119
		then
124
			echo "Backup of old cert-chain (server-chain.crt)"
120
			echo "Backup of old cert-chain (server-chain.crt)"
125
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
121
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
126
		fi
122
		fi
127
		cp $sc $DIR_CERT/certs/server-chain.crt
123
		cp $sc $DIR_CERT/certs/server-chain.crt
128
		rm $sc
-
 
129
		chown root:apache $DIR_CERT/certs/server-chain.crt
124
		chown root:apache $DIR_CERT/certs/server-chain.crt
130
		chmod 750 $DIR_CERT/certs/server-chain.crt
125
		chmod 750 $DIR_CERT/certs/server-chain.crt
131
	fi
126
	fi
132
}
127
}
133
 
128
 
134
 
129
 
135
if [ $nb_args -eq 0 ]
130
if [ $nb_args -eq 0 ]
136
then
131
then
137
	echo "$usage"
132
	echo -e "$usage"
138
	exit 1
133
	exit 1
139
fi
134
fi
140
 
135
 
141
case $arg1 in
136
case $arg1 in
142
	-\? | -h* | --h*)
137
	-\? | -h* | --h*)
143
		echo "$usage"
138
		echo -e "$usage"
144
		exit 0
139
		exit 0
145
		;;
140
		;;
146
	-i)
141
	-i)
147
		arg3=$3
142
		arg3=$3
148
		arg5=$5
143
		arg5=$5
Line 150... Line 145...
150
		key=$4
145
		key=$4
151
		sc=$6
146
		sc=$6
152
 
147
 
153
		if [ "$cert" == "" ] || [ "$key" == "" ]
148
		if [ "$cert" == "" ] || [ "$key" == "" ]
154
		then
149
		then
155
			echo "$usage"
150
			echo -e "$usage"
156
			exit 1
151
			exit 1
157
		fi
152
		fi
158
 
153
 
159
		if [ ! -f "$cert" -o ! -f "$key" ]
154
		if [ ! -f "$cert" ] || [ ! -f "$key" ]
160
		then
155
		then
161
			echo "Certificate and/or private key not found"
156
			echo "Certificate and/or private key not found"
162
			exit 1
157
			exit 1
163
		fi
158
		fi
164
 
159
 
Line 200... Line 195...
200
				echo "restarting $services"; systemctl restart $services; sleep 1
195
				echo "restarting $services"; systemctl restart $services; sleep 1
201
			done
196
			done
202
		fi
197
		fi
203
		;;
198
		;;
204
	*)
199
	*)
205
		echo "$usage"
200
		echo -e "$usage"
206
		;;
201
		;;
207
esac
202
esac