Added error handling to ssl_peer_add

back/lib/ssl_peer_add

@@ -19,16 +19,34 @@ CONFIG_FILE='/etc/wgapi/config'
 [ -f '/etc/ssl/openssl.cnf' ] || exit 5
 source "${CONFIG_FILE}"
 
-# TODO: Get username, hostname
+hostname="${1}"
+username="${2}"
+ipstring="${3}"
+
+printf 'Signing SSL certs for %s.%s.%s...\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"
 
 # Generate key
-/usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" >/dev/null 2>&1 || exit 7
-chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key"
+/usr/bin/openssl genrsa -out "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" >/dev/null 2>&1 || (
+	printf 'Failed to generate SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+)
+[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.key" ] || (
+	printf 'SSL key %s/%s/server.key was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+)
+chmod 400 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.key" || (
+	printf 'Failed to chmod SSL key %s/%s/server.key\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+)
 
 # Generate config
-san="\n[SAN]\nsubjectAltNames=DNS:${hostname}.${username}.${TLD},DNS:*.${hostname}.${username}.${TLD},${3}"
+san="\n[SAN]\nsubjectAltNames=DNS:${hostname:?}.${username:?}.${TLD:?},DNS:*.${hostname:?}.${username:?}.${TLD:?}"
+[ "${ipstring}" != "" ] && san="${san},${ipstring}"
 cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
-	> "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf"
+	> "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}.cnf" || (
+		printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
+		exit 7
+	)
 
 # Generate CSR
 /usr/bin/openssl req -new -sha256 -reqexts SAN \
@@ -36,7 +54,10 @@ cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
 	-out "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" \
 	-config "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" \
 	-subj "/O=${SSL_ORG}/OU=${username}/CN=${hostname}.${username}.${TLD}" \
-	>/dev/null 2>&1 || exit 7
+	>/dev/null 2>&1 || (
+		printf 'Failed to generate %s/%s.cnf\n' "${username}" "${hostname}" >>"${LOGFILE}"
+		exit 7
+	)
 
 # Generate cert
 /usr/bin/openssl x509 -req -sha256 -extensions SAN -CAcreateserial \
@@ -45,8 +66,20 @@ cat '/etc/ssl/openssl.cnf' <(printf '%s' "${san}") \
 	-CA "${SSL_CA_CERT}" -CAkey "${SSL_CA_KEY}" \
 	-passin "pass:${SSL_CA_PASS}" \
 	-out "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" \
-	-days "${SSL_DAYS}" >/dev/null 2>&1 || exit 7
-chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt"
+	-days "${SSL_DAYS}" >/dev/null 2>&1 || (
+		printf 'Failed to generate SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
+		exit 7
+	)
+[ -f "${SSL_CONFIG_DIR:?}/${username:?}/${hostname:?}/server.crt" ] || (
+	printf 'SSL key %s/%s/server.crt was not generated!\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+)
+chmod 644 "${SSL_CONFIG_DIR}/${username}/${hostname}/server.crt" || (
+	printf 'Failed to chmod SSL cert %s/%s/server.crt\n' "${username}" "${hostname}" >>"${LOGFILE}"
+	exit 7
+)
 
 # Remove old files
 rm "${SSL_CONFIG_DIR}/${username}/${hostname}.cnf" "${SSL_CONFIG_DIR}/${username}/${hostname}.csr" 2>/dev/null
+
+printf 'SSL certs for %s.%s.%s are ready\n' "${hostname}" "${username}" "${TLD}" >>"${LOGFILE}"