diff --git a/back/lib/ssl_peer_add b/back/lib/ssl_peer_add index cbecd3b..8718e79 100755 --- a/back/lib/ssl_peer_add +++ b/back/lib/ssl_peer_add @@ -12,19 +12,19 @@ CONFIG_FILE='/etc/wgapi/config' -[ ${#} -eq 0 ] || ( +if ! [ ${#} -eq 3 ]; then printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}" exit 3 -) -[ -f "${CONFIG_FILE}" ] || ( +fi +if ! [ -f "${CONFIG_FILE}" ]; then printf 'ERROR! %s couldnt find %s\n' "${0}" "${*}" >>"${LOGFILE}" exit 4 ) -[ -x '/usr/bin/openssl' ] || ( +if ! [ -x '/usr/bin/openssl' ]; then printf 'ERROR! /usr/bin/openssl not found!\n' >>"${LOGFILE}" exit 5 ) -[ -f '/etc/ssl/openssl.cnf' ] || ( +if ! [ -f '/etc/ssl/openssl.cnf' ]; then printf 'ERROR! /etc/ssl/openssl.cnf not found!\n' >>"${LOGFILE}" exit 5 ) @@ -37,60 +37,60 @@ ipstring="${3}" printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}" # Generate key -sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1 || ( +if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1; then printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -) -[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ] || ( +fi +if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -) -sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" || ( +fi +if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"; then printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -) +fi # Generate config san="\n[SAN]\nsubjectAltNames=DNS:${hostname:?}.${username:?}.${TLD:?},DNS:*.${hostname:?}.${username:?}.${TLD:?}" [ "${ipstring}" != "" ] && san="${san},${ipstring}" -cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \ - > "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf" || ( +if ! cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \ +> "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf"; then printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 - ) +fi # Generate CSR -sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \ +if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \ -key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \ -out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \ -config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \ -subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \ - >/dev/null 2>&1 || ( + >/dev/null 2>&1; then printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 - ) +fi # Generate cert -sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \ +if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \ -extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \ -in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \ -CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \ -passin "pass:${SSL_CA_PASS}" \ -out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \ - -days "${SSL_DAYS}" >/dev/null 2>&1 || ( + -days "${SSL_DAYS}" >/dev/null 2>&1; then printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 - ) -[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ] || ( +fi +if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -) -sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" || ( +fi +if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}" exit 7 -) +fi # Remove old files -sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null +if sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}" \ No newline at end of file