4c237a24 |
1 | #!/bin/sh |
2 | # |
3 | # Install a signed certificate, placing a complimentary copy in the |
4 | # user's homedir. Also grant user domtool permissions. |
5 | # |
6 | # If the certificate comes from the USER's home directory, then don't |
7 | # place an extra copy there. |
8 | # |
9 | # Run this on deleuze as an admin. |
10 | # |
11 | # Usage: ca-install user domain cert-file.pem [key-file.pem] |
12 | |
13 | # Check arguments |
14 | if test -n "$5"; then |
15 | echo "Error: Too many arguments" |
16 | exit 1 |
17 | elif test -z "$3"; then |
18 | echo "Error: Not enough arguments" |
19 | exit 1 |
20 | else |
21 | USER=$1 |
22 | DOMAIN=$2 |
23 | CERT=$3 |
24 | KEY=$4 |
25 | fi |
26 | |
27 | # Sanity-check some paths |
28 | if test ! -f $CERT; then |
29 | echo "Error: Nonexistent or unreadable cert $CERT" |
30 | exit 1 |
31 | fi |
32 | if test -n "$KEY" && test ! -f $KEY; then |
33 | echo "Error: Nonexistent or unreadable key $KEY" |
34 | exit 1 |
35 | fi |
36 | |
37 | # Figure out destination for complimentary copy |
38 | APACHE_DEST=/etc/apache2/ssl/user/$DOMAIN.pem |
39 | USERHOME=$(getent passwd $USER | cut -d':' -f 6) |
40 | if test -n "$KEY"; then |
41 | DEST=$(dirname $KEY)/$DOMAIN.pem |
42 | else |
43 | DEST= |
44 | fi |
45 | |
46 | # Perform complimentary copy |
47 | if test -z "$DEST"; then |
48 | echo "No key specified, so skipping complimentary copy" |
49 | elif echo "$CERT" | grep "^$USERHOME" > /dev/null; then |
50 | echo "User already has a cert, skipping the complimentary copy" |
51 | elif test -f $DEST; then |
52 | echo "Not overwriting existing file $DEST" |
53 | else |
54 | echo "Copying signed certificate to user's home directory ..." |
55 | cp $CERT $DEST |
56 | chown $USER:nogroup $DEST |
57 | fi |
58 | echo |
59 | |
60 | # Determine whether we need to concatenate a private key |
61 | if grep "^-----BEGIN RSA PRIVATE KEY-----" $CERT > /dev/null; then |
62 | KEY= |
63 | else |
64 | if test -z "$KEY"; then |
65 | echo "Error: No private key is included with this certificate" |
66 | exit 1 |
67 | fi |
68 | fi |
69 | |
70 | # Copy complete certificate to mire |
71 | if test -z "$KEY"; then |
72 | echo "Installing cert to Apache SSL directory ..." |
73 | cat $CERT | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null |
74 | else |
75 | echo "Installing cert to Apache SSL directory, adding key ..." |
76 | cat $CERT $KEY | ssh mire.hcoop.net sudo tee $APACHE_DEST > /dev/null |
77 | fi |
78 | echo |
79 | |
80 | # Grant Domtool permissions |
81 | echo "Granting user Domtool permissions for the cert ..." |
82 | domtool-admin grant $USER cert $APACHE_DEST |