make-account-for-fyodor-user: Professionalize
[clinton/scripts.git] / ca-install
CommitLineData
4c237a24 1#!/bin/sh
2#
3# Install a signed certificate, placing a complimentary copy in the
4# user's homedir. Also grant user domtool permissions.
5#
6# If the certificate comes from the USER's home directory, then don't
7# place an extra copy there.
8#
9# Run this on deleuze as an admin.
10#
11# Usage: ca-install user domain cert-file.pem [key-file.pem]
12
13# Check arguments
14if test -n "$5"; then
15 echo "Error: Too many arguments"
16 exit 1
17elif test -z "$3"; then
18 echo "Error: Not enough arguments"
19 exit 1
20else
21 USER=$1
22 DOMAIN=$2
23 CERT=$3
24 KEY=$4
25fi
26
27# Sanity-check some paths
28if test ! -f $CERT; then
29 echo "Error: Nonexistent or unreadable cert $CERT"
30 exit 1
31fi
32if test -n "$KEY" && test ! -f $KEY; then
33 echo "Error: Nonexistent or unreadable key $KEY"
34 exit 1
35fi
36
37# Figure out destination for complimentary copy
38APACHE_DEST=/etc/apache2/ssl/user/$DOMAIN.pem
39USERHOME=$(getent passwd $USER | cut -d':' -f 6)
40if test -n "$KEY"; then
41 DEST=$(dirname $KEY)/$DOMAIN.pem
42else
43 DEST=
44fi
45
46# Perform complimentary copy
47if test -z "$DEST"; then
48 echo "No key specified, so skipping complimentary copy"
49elif echo "$CERT" | grep "^$USERHOME" > /dev/null; then
50 echo "User already has a cert, skipping the complimentary copy"
51elif test -f $DEST; then
52 echo "Not overwriting existing file $DEST"
53else
54 echo "Copying signed certificate to user's home directory ..."
55 cp $CERT $DEST
56 chown $USER:nogroup $DEST
57fi
58echo
59
60# Determine whether we need to concatenate a private key
61if grep "^-----BEGIN RSA PRIVATE KEY-----" $CERT > /dev/null; then
62 KEY=
63else
64 if test -z "$KEY"; then
65 echo "Error: No private key is included with this certificate"
66 exit 1
67 fi
68fi
69
70# Copy complete certificate to mire
71if test -z "$KEY"; then
72 echo "Installing cert to Apache SSL directory ..."
73 cat $CERT | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null
74else
75 echo "Installing cert to Apache SSL directory, adding key ..."
76 cat $CERT $KEY | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null
77fi
78echo
79
80# Grant Domtool permissions
81echo "Granting user Domtool permissions for the cert ..."
82domtool-admin grant $USER cert $APACHE_DEST