| 1 | #!/bin/sh |
| 2 | # |
| 3 | # Install a signed certificate, placing a complimentary copy in the |
| 4 | # user's homedir. Also grant user domtool permissions. |
| 5 | # |
| 6 | # If the certificate comes from the USER's home directory, then don't |
| 7 | # place an extra copy there. |
| 8 | # |
| 9 | # Run this on deleuze as an admin. |
| 10 | # |
| 11 | # Usage: ca-install user domain cert-file.pem [key-file.pem] |
| 12 | |
| 13 | # Check arguments |
| 14 | if test -n "$5"; then |
| 15 | echo "Error: Too many arguments" |
| 16 | exit 1 |
| 17 | elif test -z "$3"; then |
| 18 | echo "Error: Not enough arguments" |
| 19 | exit 1 |
| 20 | else |
| 21 | USER=$1 |
| 22 | DOMAIN=$2 |
| 23 | CERT=$3 |
| 24 | KEY=$4 |
| 25 | fi |
| 26 | |
| 27 | # Sanity-check some paths |
| 28 | if test ! -f $CERT; then |
| 29 | echo "Error: Nonexistent or unreadable cert $CERT" |
| 30 | exit 1 |
| 31 | fi |
| 32 | if test -n "$KEY" && test ! -f $KEY; then |
| 33 | echo "Error: Nonexistent or unreadable key $KEY" |
| 34 | exit 1 |
| 35 | fi |
| 36 | |
| 37 | # Figure out destination for complimentary copy |
| 38 | APACHE_DEST=/etc/apache2/ssl/user/$DOMAIN.pem |
| 39 | USERHOME=$(getent passwd $USER | cut -d':' -f 6) |
| 40 | if test -n "$KEY"; then |
| 41 | DEST=$(dirname $KEY)/$DOMAIN.pem |
| 42 | else |
| 43 | DEST= |
| 44 | fi |
| 45 | |
| 46 | # Perform complimentary copy |
| 47 | if test -z "$DEST"; then |
| 48 | echo "No key specified, so skipping complimentary copy" |
| 49 | elif echo "$CERT" | grep "^$USERHOME" > /dev/null; then |
| 50 | echo "User already has a cert, skipping the complimentary copy" |
| 51 | elif test -f $DEST; then |
| 52 | echo "Not overwriting existing file $DEST" |
| 53 | else |
| 54 | echo "Copying signed certificate to user's home directory ..." |
| 55 | cp $CERT $DEST |
| 56 | chown $USER:nogroup $DEST |
| 57 | fi |
| 58 | echo |
| 59 | |
| 60 | # Determine whether we need to concatenate a private key |
| 61 | if grep "^-----BEGIN RSA PRIVATE KEY-----" $CERT > /dev/null; then |
| 62 | KEY= |
| 63 | else |
| 64 | if test -z "$KEY"; then |
| 65 | echo "Error: No private key is included with this certificate" |
| 66 | exit 1 |
| 67 | fi |
| 68 | fi |
| 69 | |
| 70 | # Copy complete certificate to mire |
| 71 | if test -z "$KEY"; then |
| 72 | echo "Installing cert to Apache SSL directory ..." |
| 73 | cat $CERT | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null |
| 74 | else |
| 75 | echo "Installing cert to Apache SSL directory, adding key ..." |
| 76 | cat $CERT $KEY | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null |
| 77 | fi |
| 78 | echo |
| 79 | |
| 80 | # Grant Domtool permissions |
| 81 | echo "Granting user Domtool permissions for the cert ..." |
| 82 | domtool-admin grant $USER cert $APACHE_DEST |