2022-08-29 01:04:37 -06:00
|
|
|
#!/bin/bash
|
|
|
|
# FILE: wgapi:back/lib/ssl/peer/add
|
|
|
|
# DESCRIPTION: Create SSL certs for a new host
|
2022-08-29 11:42:13 -06:00
|
|
|
# USAGE: add hostname username ipstring
|
2022-09-06 20:57:41 -06:00
|
|
|
# ERRORS:
|
|
|
|
# 3: Bad usage
|
|
|
|
# 4: config file not found
|
|
|
|
# 5: openssl or config not found
|
|
|
|
# 6: not root
|
|
|
|
# 7: openssl failed
|
2022-08-29 01:04:37 -06:00
|
|
|
|
2022-09-06 20:57:41 -06:00
|
|
|
|
|
|
|
|
|
|
|
CONFIG_FILE='/etc/wgapi/config'
|
|
|
|
[ ${#} -eq 0 ] || exit 3
|
2022-09-08 21:15:30 -06:00
|
|
|
(( EUID == 0 )) || exit 6
|
2022-09-06 20:57:41 -06:00
|
|
|
[ -f "${CONFIG_FILE}" ] || exit 4
|
|
|
|
[ -x '/usr/bin/openssl' ] || exit 5
|
|
|
|
[ -f '/etc/ssl/openssl.cnf' ] || exit 5
|
|
|
|
source "${CONFIG_FILE}"
|
2022-08-29 11:42:13 -06:00
|
|
|
|
2022-09-08 21:15:30 -06:00
|
|
|
# TODO: Get username, hostname
|
|
|
|
|
2022-08-29 11:42:13 -06:00
|
|
|
# Generate key
|
2022-09-06 20:57:41 -06:00
|
|
|
/usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >/dev/null 2>&1 || exit 7
|
2022-08-29 11:42:13 -06:00
|
|
|
chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"
|
|
|
|
|
|
|
|
# Generate config
|
2022-09-08 21:15:30 -06:00
|
|
|
san="\n[SAN]\nsubjectAltNames=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD},${3}"
|
|
|
|
cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
|
2022-08-29 11:42:13 -06:00
|
|
|
> "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"
|
|
|
|
|
|
|
|
# Generate CSR
|
2022-09-06 20:57:41 -06:00
|
|
|
/usr/bin/openssl req -new -sha256 -reqexts SAN \
|
2022-08-29 11:42:13 -06:00
|
|
|
-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
|
2022-09-08 21:15:30 -06:00
|
|
|
-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
2022-08-29 11:42:13 -06:00
|
|
|
-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
|
|
|
-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
|
2022-09-06 20:57:41 -06:00
|
|
|
>/dev/null 2>&1 || exit 7
|
2022-08-29 11:42:13 -06:00
|
|
|
|
|
|
|
# Generate cert
|
2022-09-06 20:57:41 -06:00
|
|
|
/usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
2022-08-29 11:42:13 -06:00
|
|
|
-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
|
|
|
-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
|
|
|
-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
|
|
|
|
-passin "pass:${SSL_CA_PASS}" \
|
2022-09-08 21:15:30 -06:00
|
|
|
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
2022-09-06 20:57:41 -06:00
|
|
|
-days "${SSL_DAYS}" >/dev/null 2>&1 || exit 7
|
2022-08-29 11:42:13 -06:00
|
|
|
chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"
|
|
|
|
|
|
|
|
# Remove old files
|
|
|
|
rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null
|