Subversion Repositories ALCASAR

Rev

Rev 2688 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log

Rev 2688 Rev 2813
Line 1... Line 1...
1
#!/bin/bash
1
#!/bin/bash
2
#
2
#
3
# $Id: alcasar-importcert.sh 2688 2019-01-18 23:15:49Z lucas.echard $
3
# $Id: alcasar-importcert.sh 2813 2020-04-26 21:26:32Z rexy $
4
#
4
#
5
# alcasar-importcert.sh
5
# alcasar-importcert.sh
6
# by Raphaël, Hugo, Clément, Bettyna & rexy
6
# by Raphaël, Hugo, Clément, Bettyna & rexy
7
#
7
#
8
# This script is distributed under the Gnu General Public License (GPL)
8
# This script is distributed under the Gnu General Public License (GPL)
Line 23... Line 23...
23
 
23
 
24
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
24
usage="Usage: alcasar-importcert.sh -i /path/to/certificate.crt -k /path/to/privatekey.key [-c /path/to/serverchain.crt]\n       alcasar-importcert.sh -d (restore default certificate)"
25
nb_args=$#
25
nb_args=$#
26
arg1=$1
26
arg1=$1
27
 
27
 
28
function defaultNdd()
-
 
29
{
-
 
30
	$SED "s/^HOSTNAME=.*/HOSTNAME=alcasar/g" /usr/local/etc/alcasar.conf
-
 
31
	$SED "s/^DOMAIN=.*/DOMAIN=localdomain/g" /usr/local/etc/alcasar.conf
-
 
32
	/usr/local/bin/alcasar-conf.sh --apply
-
 
33
}
-
 
34
 
-
 
35
function defaultCert()
28
function defaultCert()
36
{
29
{
37
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
30
	mv -f $DIR_CERT/certs/alcasar.crt.old $DIR_CERT/certs/alcasar.crt
38
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
31
	mv -f $DIR_CERT/private/alcasar.key.old $DIR_CERT/private/alcasar.key
39
	if [ -f $DIR_CERT/certs/server-chain.crt.old ]
32
	if [ -f $DIR_CERT/certs/server-chain.pem.old ]
40
	then
33
	then
41
		mv $DIR_CERT/certs/server-chain.crt.old $DIR_CERT/certs/server-chain.crt
34
		mv $DIR_CERT/certs/server-chain.pem.old $DIR_CERT/certs/server-chain.pem
42
	fi
35
	fi
43
	
-
 
44
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
36
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
45
 
-
 
46
	chown root:apache $DIR_CERT/private/alcasar.pem
37
	chown root:apache $DIR_CERT/private/alcasar.pem
47
	chmod 750 $DIR_CERT/private/alcasar.pem
38
	chmod 750 $DIR_CERT/private/alcasar.pem
48
}
39
}
49
 
40
 
50
function domainName() # change the domain name in the conf files
41
function domainName() # change the domain name in the conf files
51
{
42
{
52
	fqdn=$(openssl x509 -noout -subject -in $cert | sed -n '/^subject/s/^.*CN=//p' | cut -d'/' -f 1)
43
	fqdn=$(openssl x509 -noout -subject -nameopt multiline -in $DIR_CERT/certs/alcasar.crt | grep commonName|cut -d"=" -f2|tr -d ' ')
53
 
-
 
54
	#check if there is a wildcard in $fqdn
44
	#check if there is a wildcard in $fqdn
55
	if [[ $fqdn == *"*"* ]];
45
	if [[ $fqdn == *"*"* ]];
56
	then
46
	then
57
		hostname="alcasar"
47
		hostname="alcasar"
58
		fqdn=${fqdn/"*"/$hostname}
48
		fqdn=${fqdn/"*"/$hostname}
59
	else
49
	else
60
		hostname=$(echo $fqdn | cut -d'.' -f1)
50
		hostname=$(echo $fqdn | cut -d'.' -f1)
61
	fi
51
	fi
62
	domain=$(echo $fqdn | cut -d'.' -f2-)
52
	domain=$(echo $fqdn | cut -d'.' -f2-)
63
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
53
	echo "fqdn=$fqdn hostname=$hostname domain=$domain"
64
 
-
 
65
	#check fqdn format
54
	#check fqdn format
66
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
55
	if [[ "$fqdn" != "" && "$domain" != "" ]]; then
67
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
56
		$SED "s/^HOSTNAME=.*/HOSTNAME=$hostname/g" /usr/local/etc/alcasar.conf
68
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
57
		$SED "s/^DOMAIN=.*/DOMAIN=$domain/g" /usr/local/etc/alcasar.conf
69
		/usr/local/bin/alcasar-conf.sh --apply
58
#		/usr/local/bin/alcasar-conf.sh --apply
70
	fi
59
	fi
71
}
60
}
72
 
61
 
73
function certImport()
62
function certImport()
74
{
63
{
Line 80... Line 69...
80
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
69
	if [ ! -f "$DIR_CERT/private/alcasar.key.old" ]
81
	then
70
	then
82
		echo "Backup of old private key (alcasar.key)"
71
		echo "Backup of old private key (alcasar.key)"
83
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
72
		mv $DIR_CERT/private/alcasar.key $DIR_CERT/private/alcasar.key.old
84
	fi
73
	fi
85
 
-
 
86
	cp $cert $DIR_CERT/certs/alcasar.crt
74
	cp $cert $DIR_CERT/certs/alcasar.crt
87
	cp $key $DIR_CERT/private/alcasar.key
75
	cp $key $DIR_CERT/private/alcasar.key
88
 
-
 
89
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
76
	(cat $DIR_CERT/private/alcasar.key; echo; cat $DIR_CERT/certs/alcasar.crt) > $DIR_CERT/private/alcasar.pem
90
 
-
 
91
	chown root:apache $DIR_CERT/certs/alcasar.crt
77
	chown root:apache $DIR_CERT/certs/alcasar.crt
92
	chown root:apache $DIR_CERT/private/alcasar.key
78
	chown root:apache $DIR_CERT/private/alcasar.key
93
	chown root:apache $DIR_CERT/private/alcasar.pem
79
	chown root:apache $DIR_CERT/private/alcasar.pem
94
 
-
 
95
	chmod 750 $DIR_CERT/certs/alcasar.crt
80
	chmod 750 $DIR_CERT/certs/alcasar.crt
96
	chmod 750 $DIR_CERT/private/alcasar.key
81
	chmod 750 $DIR_CERT/private/alcasar.key
97
	chmod 750 $DIR_CERT/private/alcasar.pem
82
	chmod 750 $DIR_CERT/private/alcasar.pem
98
 
-
 
99
	if [ "$sc" != "" ]
83
	if [ "$sc" != "" ]
100
	then
84
	then
101
		echo "cert-chain exists"
85
		echo "cert-chain exists"
102
		if [ ! -f "$DIR_CERT/certs/server-chain.crt.old" ]
86
		if [ ! -f "$DIR_CERT/certs/server-chain.pem.old" ]
103
		then
87
		then
104
			echo "Backup of old cert-chain (server-chain.crt)"
88
			echo "Backup of old cert-chain (server-chain.pem)"
105
			mv $DIR_CERT/certs/server-chain.crt $DIR_CERT/certs/server-chain.crt.old
89
			mv $DIR_CERT/certs/server-chain.pem $DIR_CERT/certs/server-chain.pem.old
106
		fi
90
		fi
107
		cp $sc $DIR_CERT/certs/server-chain.crt
91
		cp $sc $DIR_CERT/certs/server-chain.pem
108
		chown root:apache $DIR_CERT/certs/server-chain.crt
92
		chown root:apache $DIR_CERT/certs/server-chain.pem
109
		chmod 750 $DIR_CERT/certs/server-chain.crt
93
		chmod 750 $DIR_CERT/certs/server-chain.pem
110
	fi
94
	fi
111
}
95
}
112
 
96
 
113
 
97
 
114
if [ $nb_args -eq 0 ]
98
if [ $nb_args -eq 0 ]
Line 162... Line 146...
162
			if [ ! -f "$sc" ]
146
			if [ ! -f "$sc" ]
163
			then
147
			then
164
				echo "Server-chain certificate not found"
148
				echo "Server-chain certificate not found"
165
				exit 1
149
				exit 1
166
			fi
150
			fi
167
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ]
151
			if [ ${sc: -4} != ".crt" ] && [ ${sc: -4} != ".cer" ] && [ ${sc: -4} != ".pem" ]
168
			then
152
			then
169
				echo "Invalid server-chain certificate file"
153
				echo "Invalid server-chain certificate file"
170
				exit 1
154
				exit 1
171
			fi
155
			fi
172
			echo "Importing certificate $cert with private key $key and server-chain $sc"
156
			echo "Importing certificate $cert with private key $key and server-chain $sc"
173
		fi
157
		fi
174
		domainName $cert
-
 
175
		certImport $cert $key $sc
158
		certImport 
176
		for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
-
 
177
		do
-
 
178
			echo "restarting $services"; systemctl restart $services; sleep 1
-
 
179
		done
159
		domainName
180
		;;
160
		;;
181
	-d)
161
	-d)
182
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
162
		if [ -f "/etc/pki/tls/certs/alcasar.crt.old" -a -f "/etc/pki/tls/private/alcasar.key.old" ]
183
		then
163
		then
184
			echo "Restoring default certificate"
164
			echo "Restoring default certificate"
185
			defaultCert
165
			defaultCert
186
			defaultNdd
166
			domainName
187
			for services in chilli unbound unbound-blackhole unbound-blacklist unbound-whitelist dnsmasq-whitelist lighttpd
-
 
188
			do
-
 
189
				echo "restarting $services"; systemctl restart $services; sleep 1
167
		else echo "No default cert found"
190
			done
-
 
191
		fi
168
		fi
192
		;;
169
		;;
193
	*)
170
	*)
194
		echo -e "$usage"
171
		echo -e "$usage"
195
		;;
172
		;;