Switch to if statements to kill script on failure
parent
e57c523d60
commit
16c924e103
|
@ -12,19 +12,19 @@
|
||||||
|
|
||||||
|
|
||||||
CONFIG_FILE='/etc/wgapi/config'
|
CONFIG_FILE='/etc/wgapi/config'
|
||||||
[ ${#} -eq 0 ] || (
|
if ! [ ${#} -eq 3 ]; then
|
||||||
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
printf 'ERROR! Invalid number of arguments to %s: %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||||
exit 3
|
exit 3
|
||||||
)
|
fi
|
||||||
[ -f "${CONFIG_FILE}" ] || (
|
if ! [ -f "${CONFIG_FILE}" ]; then
|
||||||
printf 'ERROR! %s couldnt find %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
printf 'ERROR! %s couldnt find %s\n' "${0}" "${*}" >>"${LOGFILE}"
|
||||||
exit 4
|
exit 4
|
||||||
)
|
)
|
||||||
[ -x '/usr/bin/openssl' ] || (
|
if ! [ -x '/usr/bin/openssl' ]; then
|
||||||
printf 'ERROR! /usr/bin/openssl not found!\n' >>"${LOGFILE}"
|
printf 'ERROR! /usr/bin/openssl not found!\n' >>"${LOGFILE}"
|
||||||
exit 5
|
exit 5
|
||||||
)
|
)
|
||||||
[ -f '/etc/ssl/openssl.cnf' ] || (
|
if ! [ -f '/etc/ssl/openssl.cnf' ]; then
|
||||||
printf 'ERROR! /etc/ssl/openssl.cnf not found!\n' >>"${LOGFILE}"
|
printf 'ERROR! /etc/ssl/openssl.cnf not found!\n' >>"${LOGFILE}"
|
||||||
exit 5
|
exit 5
|
||||||
)
|
)
|
||||||
|
@ -37,60 +37,60 @@ ipstring="${3}"
|
||||||
printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
||||||
|
|
||||||
# Generate key
|
# Generate key
|
||||||
sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1 || (
|
if ! sudo /usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1; then
|
||||||
printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ] || (
|
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ]; then
|
||||||
printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" || (
|
if ! sudo chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"; then
|
||||||
printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
|
|
||||||
# Generate config
|
# Generate config
|
||||||
san="\n[SAN]\nsubjectAltNames=DNS:${hostname:?}.${username:?}.${TLD:?},DNS:*.${hostname:?}.${username:?}.${TLD:?}"
|
san="\n[SAN]\nsubjectAltNames=DNS:${hostname:?}.${username:?}.${TLD:?},DNS:*.${hostname:?}.${username:?}.${TLD:?}"
|
||||||
[ "${ipstring}" != "" ] && san="${san},${ipstring}"
|
[ "${ipstring}" != "" ] && san="${san},${ipstring}"
|
||||||
cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
|
if ! cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
|
||||||
> "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf" || (
|
> "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf"; then
|
||||||
printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
|
|
||||||
# Generate CSR
|
# Generate CSR
|
||||||
sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
|
if ! sudo /usr/bin/openssl req -new -sha256 -reqexts SAN \
|
||||||
-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
|
-key "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" \
|
||||||
-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
||||||
-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
||||||
-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
|
-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
|
||||||
>/dev/null 2>&1 || (
|
>/dev/null 2>&1; then
|
||||||
printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
|
|
||||||
# Generate cert
|
# Generate cert
|
||||||
sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
if ! sudo /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
|
||||||
-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
-extfile "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
|
||||||
-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
-in "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
|
||||||
-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
|
-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
|
||||||
-passin "pass:${SSL_CA_PASS}" \
|
-passin "pass:${SSL_CA_PASS}" \
|
||||||
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
|
||||||
-days "${SSL_DAYS}" >/dev/null 2>&1 || (
|
-days "${SSL_DAYS}" >/dev/null 2>&1; then
|
||||||
printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ] || (
|
if ! [ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ]; then
|
||||||
printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" || (
|
if ! sudo chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"; then
|
||||||
printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
|
||||||
exit 7
|
exit 7
|
||||||
)
|
fi
|
||||||
|
|
||||||
# Remove old files
|
# Remove old files
|
||||||
sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null
|
if sudo rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null
|
||||||
|
|
||||||
printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
|
Loading…
Reference in New Issue