mirror of
https://github.com/outbackdingo/labca.git
synced 2026-01-27 10:19:34 +00:00
Let apply scripts collect their own data from config
Before, we passed the info on via environment variables
This commit is contained in:
Arjan H
12
gui/apply
12
gui/apply
@@ -2,13 +2,15 @@
|
||||
|
||||
set -e
|
||||
|
||||
PKI_PWD=$(pwd)
|
||||
export PKI_ROOT_CERT_BASE="$PKI_PWD/$PKI_ROOT_CERT_BASE"
|
||||
export PKI_INT_CERT_BASE="$PKI_PWD/$PKI_INT_CERT_BASE"
|
||||
baseDir=$(cd $(dirname $0) && pwd)
|
||||
dataDir="$baseDir/data"
|
||||
|
||||
export PKI_ROOT_CERT_BASE="$dataDir/root-ca"
|
||||
export PKI_INT_CERT_BASE="$dataDir/issuer/ca-int"
|
||||
|
||||
cd /wwwstatic
|
||||
|
||||
$PKI_PWD/apply-nginx
|
||||
$baseDir/apply-nginx
|
||||
|
||||
cp $PKI_ROOT_CERT_BASE.crl crl/
|
||||
cp $PKI_ROOT_CERT_BASE.pem certs/
|
||||
@@ -18,4 +20,4 @@ cp $PKI_INT_CERT_BASE.der certs/
|
||||
|
||||
|
||||
cd /boulder/labca
|
||||
$PKI_PWD/apply-boulder
|
||||
$baseDir/apply-boulder
|
||||
|
||||
@@ -2,6 +2,57 @@
|
||||
|
||||
set -e
|
||||
|
||||
baseDir=$(dirname $0)
|
||||
dataDir="$baseDir/data"
|
||||
|
||||
PKI_DNS=$(grep dns $dataDir/config.json | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
if [ "$PKI_DNS" == "" ]; then
|
||||
PKI_DNS="10.55.55.10:53"
|
||||
fi
|
||||
PKI_FQDN=$(grep fqdn $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_DOMAIN=$(echo $PKI_FQDN | perl -p0e 's/.*?\.//')
|
||||
PKI_DOMAIN_MODE=$(grep domain_mode $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_LOCKDOWN_DOMAINS=$(grep lockdown $dataDir/config.json | grep -v domain_mode | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_WHITELIST_DOMAINS=$(grep whitelist $dataDir/config.json | grep -v domain_mode | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_ROOT_CERT_BASE="$dataDir/root-ca"
|
||||
PKI_INT_CERT_BASE="$dataDir/issuer/ca-int"
|
||||
PKI_ISSUER_NAME_ID=$(grep issuer_name_id $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g')
|
||||
if [ -z "$PKI_ISSUER_NAME_ID" ] && [ -e "$PKI_INT_CERT_BASE.pem" ]; then
|
||||
nmid=$($baseDir/nameidtool $PKI_INT_CERT_BASE.pem)
|
||||
if [ $? == 0 ]; then
|
||||
PKI_ISSUER_NAME_ID=$nmid
|
||||
sed -i -e "s/\(^\s*\)\(\"keys\": {\)/\1\"issuer_name_id\": $PKI_ISSUER_NAME_ID,\n\1\2/g" $dataDir/config.json
|
||||
fi
|
||||
fi
|
||||
extended_timeout=$(grep extended_timeout $dataDir/config.json | grep true || echo "")
|
||||
if [ "$extended_timeout" != "" ]; then
|
||||
PKI_EXTENDED_TIMEOUT=1
|
||||
else
|
||||
PKI_EXTENDED_TIMEOUT=0
|
||||
fi
|
||||
enabled=$(grep "email\": {" $dataDir/config.json -A1 | grep enable | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
if [ "$enabled" == "true," ]; then
|
||||
PKI_EMAIL_SERVER=$(grep server $dataDir/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_EMAIL_PORT=$(grep port $dataDir/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_EMAIL_USER=$(grep user $dataDir/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_EMAIL_PASS=$(grep pass $dataDir/config.json | grep -v password | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
pwd=""
|
||||
if [ -e $baseDir/bin/labca-gui ]; then
|
||||
pwd=$([ -e ] && $baseDir/bin/labca-gui -d $PKI_EMAIL_PASS || echo "")
|
||||
elif [ -e $baseDir/bin/labca-gui_prev ]; then
|
||||
pwd=$([ -e ] && $baseDir/bin/labca-gui_prev -d $PKI_EMAIL_PASS || echo "")
|
||||
fi
|
||||
PKI_EMAIL_PASS=$pwd
|
||||
PKI_EMAIL_FROM=$(grep from $dataDir/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
else
|
||||
PKI_EMAIL_SERVER="localhost"
|
||||
PKI_EMAIL_PORT="9380"
|
||||
PKI_EMAIL_USER="cert-manager@example.com"
|
||||
PKI_EMAIL_PASS="password"
|
||||
PKI_EMAIL_FROM="Expiry bot <test@example.com>"
|
||||
fi
|
||||
|
||||
|
||||
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va.json
|
||||
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va-remote-a.json
|
||||
perl -i -p0e "s/(\"dnsResolvers\": \[\n).*?(\s+\],)/\1 \"$PKI_DNS\"\2/igs" config/va-remote-b.json
|
||||
@@ -131,16 +182,20 @@ rm -f test-root.pem
|
||||
rm -f test-root.der
|
||||
rm -f test-root.p8
|
||||
|
||||
cp -p $PKI_INT_CERT_BASE.key test-ca.key
|
||||
cp -p $PKI_INT_CERT_BASE.key.der test-ca.key.der
|
||||
cp -p $PKI_INT_CERT_BASE.pem test-ca.pem
|
||||
openssl rsa -in $PKI_INT_CERT_BASE.key -pubout > test-ca.pubkey.pem 2>/dev/null || openssl ec -in $PKI_INT_CERT_BASE.key -pubout > test-ca.pubkey.pem
|
||||
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in test-ca.key -out test-ca.p8
|
||||
cp -p $PKI_ROOT_CERT_BASE.key test-root.key
|
||||
cp -p $PKI_ROOT_CERT_BASE.key.der test-root.key.der
|
||||
cp -p $PKI_ROOT_CERT_BASE.pem test-root.pem
|
||||
openssl rsa -in $PKI_ROOT_CERT_BASE.key -pubout > test-root.pubkey.pem 2>/dev/null || openssl ec -in $PKI_ROOT_CERT_BASE.key -pubout > test-root.pubkey.pem
|
||||
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in test-root.key -out test-root.p8
|
||||
if [ -e $PKI_INT_CERT_BASE.key ]; then
|
||||
cp -p $PKI_INT_CERT_BASE.key test-ca.key
|
||||
cp -p $PKI_INT_CERT_BASE.key.der test-ca.key.der
|
||||
cp -p $PKI_INT_CERT_BASE.pem test-ca.pem
|
||||
openssl rsa -in $PKI_INT_CERT_BASE.key -pubout > test-ca.pubkey.pem 2>/dev/null || openssl ec -in $PKI_INT_CERT_BASE.key -pubout > test-ca.pubkey.pem
|
||||
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in test-ca.key -out test-ca.p8
|
||||
fi
|
||||
if [ -e $PKI_ROOT_CERT_BASE.key ]; then
|
||||
cp -p $PKI_ROOT_CERT_BASE.key test-root.key
|
||||
cp -p $PKI_ROOT_CERT_BASE.key.der test-root.key.der
|
||||
cp -p $PKI_ROOT_CERT_BASE.pem test-root.pem
|
||||
openssl rsa -in $PKI_ROOT_CERT_BASE.key -pubout > test-root.pubkey.pem 2>/dev/null || openssl ec -in $PKI_ROOT_CERT_BASE.key -pubout > test-root.pubkey.pem
|
||||
openssl pkcs8 -topk8 -inform PEM -outform PEM -nocrypt -in test-root.key -out test-root.p8
|
||||
fi
|
||||
|
||||
chown -R `ls -l PKI.md | cut -d" " -f 3,4 | sed 's/ /:/g'` .
|
||||
|
||||
|
||||
@@ -2,40 +2,67 @@
|
||||
|
||||
set -e
|
||||
|
||||
baseDir=$(dirname $0)
|
||||
dataDir="$baseDir/data"
|
||||
|
||||
PKI_WEB_TITLE=$(grep web_title $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
if [ "$PKI_WEB_TITLE" == "" ]; then
|
||||
export PKI_WEB_TITLE="LabCA"
|
||||
fi
|
||||
PKI_ROOT_CERT_BASE="$dataDir/root-ca"
|
||||
PKI_INT_CERT_BASE="$dataDir/issuer/ca-int"
|
||||
PKI_ISSUER_NAME_ID=$(grep issuer_name_id $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g')
|
||||
if [ -z "$PKI_ISSUER_NAME_ID" ] && [ -e "$PKI_INT_CERT_BASE.pem" ]; then
|
||||
nmid=$($baseDir/nameidtool $PKI_INT_CERT_BASE.pem)
|
||||
if [ $? == 0 ]; then
|
||||
PKI_ISSUER_NAME_ID=$nmid
|
||||
sed -i -e "s/\(^\s*\)\(\"keys\": {\)/\1\"issuer_name_id\": $PKI_ISSUER_NAME_ID,\n\1\2/g" $dataDir/config.json
|
||||
fi
|
||||
fi
|
||||
PKI_DEFAULT_O=$(grep organization $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
PKI_FQDN=$(grep fqdn $dataDir/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
|
||||
|
||||
sed -i -e "s|<title>.*</title>|<title>$PKI_WEB_TITLE</title>|g" 502.html
|
||||
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" 502.html
|
||||
|
||||
PKI_ROOT_DN=$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -subject | sed -e "s/subject= //")
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" certs/index.html
|
||||
PKI_ROOT_VALIDITY="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" certs/index.html
|
||||
PKI_ROOT_CRL_VALIDITY=""
|
||||
if [ -e "$PKI_ROOT_CERT_BASE.crl" ]; then
|
||||
PKI_ROOT_CRL_VALIDITY="$(openssl crl -noout -in $PKI_ROOT_CERT_BASE.crl -lastupdate | sed -e "s/.*=/Last Update: /")<br/> $(openssl crl -noout -in $PKI_ROOT_CERT_BASE.crl -nextupdate | sed -e "s/.*=/Next Update: /")"
|
||||
if [ -e $PKI_ROOT_CERT_BASE.pem ]; then
|
||||
PKI_ROOT_DN=$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -subject | sed -e "s/subject= //")
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" certs/index.html
|
||||
PKI_ROOT_VALIDITY="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" certs/index.html
|
||||
PKI_ROOT_CRL_VALIDITY=""
|
||||
if [ -e "$PKI_ROOT_CERT_BASE.crl" ]; then
|
||||
PKI_ROOT_CRL_VALIDITY="$(openssl crl -noout -in $PKI_ROOT_CERT_BASE.crl -lastupdate | sed -e "s/.*=/Last Update: /")<br/> $(openssl crl -noout -in $PKI_ROOT_CERT_BASE.crl -nextupdate | sed -e "s/.*=/Next Update: /")"
|
||||
fi
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_CRL_VALIDITY -->.*<\!-- END PKI_ROOT_CRL_VALIDITY -->|<\!-- BEGIN PKI_ROOT_CRL_VALIDITY -->$PKI_ROOT_CRL_VALIDITY<\!-- END PKI_ROOT_CRL_VALIDITY -->|g" certs/index.html
|
||||
fi
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_CRL_VALIDITY -->.*<\!-- END PKI_ROOT_CRL_VALIDITY -->|<\!-- BEGIN PKI_ROOT_CRL_VALIDITY -->$PKI_ROOT_CRL_VALIDITY<\!-- END PKI_ROOT_CRL_VALIDITY -->|g" certs/index.html
|
||||
|
||||
PKI_INT_DN=$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -subject | sed -e "s/subject= //")
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_DN -->.*<\!-- END PKI_INT_DN -->|<\!-- BEGIN PKI_INT_DN -->$PKI_INT_DN<\!-- END PKI_INT_DN -->|g" certs/index.html
|
||||
PKI_INT_VALIDITY="$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_VALIDITY -->.*<\!-- END PKI_INT_VALIDITY -->|<\!-- BEGIN PKI_INT_VALIDITY -->$PKI_INT_VALIDITY<\!-- END PKI_INT_VALIDITY -->|g" certs/index.html
|
||||
PKI_INT_CRL_LINK=""
|
||||
PKI_INT_CRL_VALIDITY=""
|
||||
if [ -e "crl/$PKI_ISSUER_NAME_ID.crl" ]; then
|
||||
PKI_INT_CRL_LINK="<a class=\"public\" href=\"../crl/$PKI_ISSUER_NAME_ID.crl\">$PKI_ISSUER_NAME_ID.crl</a></td>"
|
||||
PKI_INT_CRL_VALIDITY="$(openssl crl -noout -inform der -in crl/$PKI_ISSUER_NAME_ID.crl -lastupdate | sed -e "s/.*=/Last Update: /")<br/> $(openssl crl -noout -inform der -in crl/$PKI_ISSUER_NAME_ID.crl -nextupdate | sed -e "s/.*=/Next Update: /")"
|
||||
if [ -e $PKI_INT_CERT_BASE.pem ]; then
|
||||
PKI_INT_DN=$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -subject | sed -e "s/subject= //")
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_DN -->.*<\!-- END PKI_INT_DN -->|<\!-- BEGIN PKI_INT_DN -->$PKI_INT_DN<\!-- END PKI_INT_DN -->|g" certs/index.html
|
||||
PKI_INT_VALIDITY="$(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -startdate | sed -e "s/.*=/Not Before: /")<br/> $(openssl x509 -noout -in $PKI_INT_CERT_BASE.pem -enddate | sed -e "s/.*=/Not After: /")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_VALIDITY -->.*<\!-- END PKI_INT_VALIDITY -->|<\!-- BEGIN PKI_INT_VALIDITY -->$PKI_INT_VALIDITY<\!-- END PKI_INT_VALIDITY -->|g" certs/index.html
|
||||
PKI_INT_CRL_LINK=""
|
||||
PKI_INT_CRL_VALIDITY=""
|
||||
if [ -e "crl/$PKI_ISSUER_NAME_ID.crl" ]; then
|
||||
PKI_INT_CRL_LINK="<a class=\"public\" href=\"../crl/$PKI_ISSUER_NAME_ID.crl\">$PKI_ISSUER_NAME_ID.crl</a></td>"
|
||||
PKI_INT_CRL_VALIDITY="$(openssl crl -noout -inform der -in crl/$PKI_ISSUER_NAME_ID.crl -lastupdate | sed -e "s/.*=/Last Update: /")<br/> $(openssl crl -noout -inform der -in crl/$PKI_ISSUER_NAME_ID.crl -nextupdate | sed -e "s/.*=/Next Update: /")"
|
||||
fi
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_CRL_LINK -->.*<\!-- END PKI_INT_CRL_LINK -->|<\!-- BEGIN PKI_INT_CRL_LINK -->$PKI_INT_CRL_LINK<\!-- END PKI_INT_CRL_LINK -->|g" certs/index.html
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_CRL_VALIDITY -->.*<\!-- END PKI_INT_CRL_VALIDITY -->|<\!-- BEGIN PKI_INT_CRL_VALIDITY -->$PKI_INT_CRL_VALIDITY<\!-- END PKI_INT_CRL_VALIDITY -->|g" certs/index.html
|
||||
fi
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_CRL_LINK -->.*<\!-- END PKI_INT_CRL_LINK -->|<\!-- BEGIN PKI_INT_CRL_LINK -->$PKI_INT_CRL_LINK<\!-- END PKI_INT_CRL_LINK -->|g" certs/index.html
|
||||
sed -i -e "s|<\!-- BEGIN PKI_INT_CRL_VALIDITY -->.*<\!-- END PKI_INT_CRL_VALIDITY -->|<\!-- BEGIN PKI_INT_CRL_VALIDITY -->$PKI_INT_CRL_VALIDITY<\!-- END PKI_INT_CRL_VALIDITY -->|g" certs/index.html
|
||||
|
||||
sed -i -e "s|<title>.*</title>|<title>Certificates \| $PKI_WEB_TITLE</title>|g" certs/index.html
|
||||
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" certs/index.html
|
||||
|
||||
sed -i -e "s|<\!-- BEGIN PKI_COMPANY_NAME -->.*<\!-- END PKI_COMPANY_NAME -->|<\!-- BEGIN PKI_COMPANY_NAME -->$PKI_DEFAULT_O<\!-- END PKI_COMPANY_NAME -->|g" cps/index.html
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_DN -->.*<\!-- END PKI_ROOT_DN -->|<\!-- BEGIN PKI_ROOT_DN -->$PKI_ROOT_DN<\!-- END PKI_ROOT_DN -->|g" cps/index.html
|
||||
PKI_ROOT_FINGERPRINT="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -fingerprint | sed -e "s/.*=//" | sed -e "s/.\{21\}/&\\\n/g")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->.*<\!-- END PKI_ROOT_FINGERPRINT -->|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->$PKI_ROOT_FINGERPRINT<\!-- END PKI_ROOT_FINGERPRINT -->|g" cps/index.html
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" cps/index.html
|
||||
if [ -e $PKI_ROOT_CERT_BASE.pem ]; then
|
||||
PKI_ROOT_FINGERPRINT="$(openssl x509 -noout -in $PKI_ROOT_CERT_BASE.pem -fingerprint | sed -e "s/.*=//" | sed -e "s/.\{21\}/&\\\n/g")"
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->.*<\!-- END PKI_ROOT_FINGERPRINT -->|<\!-- BEGIN PKI_ROOT_FINGERPRINT -->$PKI_ROOT_FINGERPRINT<\!-- END PKI_ROOT_FINGERPRINT -->|g" cps/index.html
|
||||
sed -i -e "s|<\!-- BEGIN PKI_ROOT_VALIDITY -->.*<\!-- END PKI_ROOT_VALIDITY -->|<\!-- BEGIN PKI_ROOT_VALIDITY -->$PKI_ROOT_VALIDITY<\!-- END PKI_ROOT_VALIDITY -->|g" cps/index.html
|
||||
fi
|
||||
|
||||
sed -i -e "s|<title>.*</title>|<title>CPS \| $PKI_WEB_TITLE</title>|g" cps/index.html
|
||||
sed -i -e "s|<\!-- BEGIN WEBTITLE -->.*<\!-- END WEBTITLE -->|<\!-- BEGIN WEBTITLE -->$PKI_WEB_TITLE<\!-- END WEBTITLE -->|g" cps/index.html
|
||||
|
||||
55
gui/main.go
55
gui/main.go
@@ -1735,50 +1735,6 @@ func randToken() string {
|
||||
}
|
||||
|
||||
func _applyConfig() error {
|
||||
os.Setenv("PKI_ROOT_CERT_BASE", "data/root-ca")
|
||||
os.Setenv("PKI_INT_CERT_BASE", "data/issuer/ca-int")
|
||||
os.Setenv("PKI_DEFAULT_O", viper.GetString("labca.organization"))
|
||||
if viper.GetString("labca.web_title") == "" {
|
||||
os.Setenv("PKI_WEB_TITLE", "LabCA")
|
||||
} else {
|
||||
os.Setenv("PKI_WEB_TITLE", viper.GetString("labca.web_title"))
|
||||
}
|
||||
os.Setenv("PKI_DNS", viper.GetString("labca.dns"))
|
||||
domain := viper.GetString("labca.fqdn")
|
||||
os.Setenv("PKI_FQDN", domain)
|
||||
pos := strings.Index(domain, ".")
|
||||
if pos > -1 {
|
||||
pos = pos + 1
|
||||
domain = domain[pos:]
|
||||
}
|
||||
os.Setenv("PKI_DOMAIN", domain)
|
||||
os.Setenv("PKI_DOMAIN_MODE", viper.GetString("labca.domain_mode"))
|
||||
os.Setenv("PKI_LOCKDOWN_DOMAINS", viper.GetString("labca.lockdown"))
|
||||
os.Setenv("PKI_WHITELIST_DOMAINS", viper.GetString("labca.whitelist"))
|
||||
os.Setenv("PKI_ISSUER_NAME_ID", viper.GetString("issuer_name_id"))
|
||||
if viper.GetBool("labca.extended_timeout") {
|
||||
os.Setenv("PKI_EXTENDED_TIMEOUT", "1")
|
||||
} else {
|
||||
os.Setenv("PKI_EXTENDED_TIMEOUT", "0")
|
||||
}
|
||||
if viper.GetBool("labca.email.enable") {
|
||||
os.Setenv("PKI_EMAIL_SERVER", viper.GetString("labca.email.server"))
|
||||
os.Setenv("PKI_EMAIL_PORT", viper.GetString("labca.email.port"))
|
||||
os.Setenv("PKI_EMAIL_USER", viper.GetString("labca.email.user"))
|
||||
res, err := _decrypt(viper.GetString("labca.email.pass"))
|
||||
if err != nil {
|
||||
log.Println("WARNING: could not decrypt stored password: " + err.Error())
|
||||
}
|
||||
os.Setenv("PKI_EMAIL_PASS", string(res))
|
||||
os.Setenv("PKI_EMAIL_FROM", viper.GetString("labca.email.from"))
|
||||
} else {
|
||||
os.Setenv("PKI_EMAIL_SERVER", "localhost")
|
||||
os.Setenv("PKI_EMAIL_PORT", "9380")
|
||||
os.Setenv("PKI_EMAIL_USER", "cert-master@example.com")
|
||||
os.Setenv("PKI_EMAIL_PASS", "password")
|
||||
os.Setenv("PKI_EMAIL_FROM", "Expiry bot <test@example.com>")
|
||||
}
|
||||
|
||||
_, err := exeCmd("./apply")
|
||||
if err != nil {
|
||||
fmt.Println("")
|
||||
@@ -2803,6 +2759,7 @@ func init() {
|
||||
init := flag.Bool("init", false, "Initialize the application for running standalone, create/update the config file")
|
||||
port := flag.Int("port", 0, "Port to listen on (default 3000 when using init)")
|
||||
versionFlag := flag.Bool("version", false, "Show version number and exit")
|
||||
decrypt := flag.String("d", "", "Decrypt a value")
|
||||
flag.Parse()
|
||||
|
||||
if *versionFlag {
|
||||
@@ -2829,6 +2786,16 @@ func init() {
|
||||
panic(fmt.Errorf("fatal error config file: '%s'", err))
|
||||
}
|
||||
|
||||
if *decrypt != "" {
|
||||
plain, err := _decrypt(*decrypt)
|
||||
if err == nil {
|
||||
fmt.Println(string(plain))
|
||||
os.Exit(0)
|
||||
} else {
|
||||
os.Exit(1)
|
||||
}
|
||||
}
|
||||
|
||||
var err error
|
||||
if *init || viper.GetBool("standalone") {
|
||||
tmpls, err = templates.New().ParseEmbed(embeddedTemplates, "templates/")
|
||||
|
||||
67
install
67
install
@@ -314,7 +314,7 @@ has_domain() {
|
||||
# existing configuration or full hostname.
|
||||
get_fqdn() {
|
||||
local cfgFile="$adminDir/data/config.json"
|
||||
local cfgFqdn=$(grep fqdn $cfgFile 2>/dev/null | grep -v LABCA_FQDN | cut -d ":" -f 2- | tr -d " \",")
|
||||
local cfgFqdn=$(grep fqdn $cfgFile 2>/dev/null | grep -v LABCA_FQDN | cut -d ":" -f 2- | tr -d " \"," || echo "")
|
||||
LABCA_FQDN=${cfgFqdn:-$(hostname -f)}
|
||||
|
||||
while [ "$cfgFqdn" == "" ]; do
|
||||
@@ -492,8 +492,6 @@ static_web() {
|
||||
mkdir -p crl
|
||||
[ -e cert ] || ln -s certs cert
|
||||
cp -rp $cloneDir/gui/static/* .
|
||||
sed -i -e "s|<\!-- BEGIN LABCA_CPS_LOCATION -->.*<\!-- END LABCA_CPS_LOCATION -->|<\!-- BEGIN LABCA_CPS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/cps/\">http://$LABCA_FQDN/cps/</a><\!-- END LABCA_CPS_LOCATION -->|g" cps/index.html
|
||||
sed -i -e "s|<\!-- BEGIN LABCA_CERTS_LOCATION -->.*<\!-- END LABCA_CERTS_LOCATION -->|<\!-- BEGIN LABCA_CERTS_LOCATION --><a class=\"public\" href=\"http://$LABCA_FQDN/certs/\">http://$LABCA_FQDN/certs/</a><\!-- END LABCA_CERTS_LOCATION -->|g" cps/index.html
|
||||
[ -e $adminDir/data/root-ca.crl ] && cp $adminDir/data/root-ca.crl crl/ || true
|
||||
[ -e $adminDir/data/root-ca.pem ] && cp $adminDir/data/root-ca.pem certs/ || true
|
||||
[ -e $adminDir/data/root-ca.der ] && cp $adminDir/data/root-ca.der certs/ || true
|
||||
@@ -502,27 +500,6 @@ static_web() {
|
||||
|
||||
local have_config=$(grep restarted $adminDir/data/config.json | grep true)
|
||||
if [ "$have_config" != "" ]; then
|
||||
export PKI_ROOT_CERT_BASE="$adminDir/data/root-ca"
|
||||
export PKI_INT_CERT_BASE="$adminDir/data/issuer/ca-int"
|
||||
export PKI_DEFAULT_O=$(grep organization $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_FQDN=$LABCA_FQDN
|
||||
export PKI_WEB_TITLE=$(grep web_title $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
if [ "$PKI_WEB_TITLE" == "" ]; then
|
||||
export PKI_WEB_TITLE="LabCA"
|
||||
fi
|
||||
|
||||
export PKI_ISSUER_NAME_ID=$(grep issuer_name_id $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g')
|
||||
if [ -z "$PKI_ISSUER_NAME_ID" ] && [ -e "$adminDir/data/issuer/ca-int.pem" ]; then
|
||||
local img=$(grep "&boulder_image" $boulderDir/docker-compose.yml | sed -e "s/.*boulder_image \(.*\)/\1/")
|
||||
eval img=$img
|
||||
docker run --rm -v $cloneDir/utils:/utils -w /utils $img go build nameidtool.go &>>$installLog
|
||||
nmid=$($cloneDir/utils/nameidtool $adminDir/data/issuer/ca-int.pem)
|
||||
if [ $? == 0 ]; then
|
||||
export PKI_ISSUER_NAME_ID=$nmid
|
||||
sed -i -e "s/\(^\s*\)\(\"keys\": {\)/\1\"issuer_name_id\": $PKI_ISSUER_NAME_ID,\n\1\2/g" /home/labca/admin/data/config.json
|
||||
fi
|
||||
fi
|
||||
|
||||
$adminDir/apply-nginx
|
||||
fi
|
||||
|
||||
@@ -698,44 +675,6 @@ config_boulder() {
|
||||
|
||||
local have_config=$(grep restarted $adminDir/data/config.json | grep true)
|
||||
if [ "$have_config" != "" ]; then
|
||||
export PKI_ROOT_CERT_BASE="$adminDir/data/root-ca"
|
||||
export PKI_INT_CERT_BASE="$adminDir/data/issuer/ca-int"
|
||||
export PKI_DNS=$(grep dns $adminDir/data/config.json | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_FQDN=$(grep fqdn $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_DOMAIN=$(echo $PKI_FQDN | perl -p0e 's/.*?\.//')
|
||||
export PKI_DOMAIN_MODE=$(grep domain_mode $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_LOCKDOWN_DOMAINS=$(grep lockdown $adminDir/data/config.json | grep -v domain_mode | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_WHITELIST_DOMAINS=$(grep whitelist $adminDir/data/config.json | grep -v domain_mode | sed -e 's/.*:[ ]*//' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_ISSUER_NAME_ID=$(grep issuer_name_id $adminDir/data/config.json | sed -e 's/.*:[ ]*//' | sed -e 's/,//g' | sed -e 's/\"//g')
|
||||
if [ -z "$PKI_ISSUER_NAME_ID" ] && [ -e "$adminDir/data/issuer/ca-int.pem" ]; then
|
||||
local img=$(grep "&boulder_image" $boulderDir/docker-compose.yml | sed -e "s/.*boulder_image \(.*\)/\1/")
|
||||
eval img=$img
|
||||
docker run --rm -v $cloneDir/utils:/utils -w /utils $img go build nameidtool.go &>>$installLog
|
||||
nmid=$($cloneDir/utils/nameidtool $adminDir/data/issuer/ca-int.pem)
|
||||
if [ $? == 0 ]; then
|
||||
export PKI_ISSUER_NAME_ID=$nmid
|
||||
sed -i -e "s/\(^\s*\)\(\"keys\": {\)/\1\"issuer_name_id\": $PKI_ISSUER_NAME_ID,\n\1\2/g" /home/labca/admin/data/config.json
|
||||
fi
|
||||
fi
|
||||
|
||||
enabled=$(grep "email\": {" $adminDir/data/config.json -A1 | grep enable | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
if [ "$enabled" == "true," ]; then
|
||||
export PKI_EMAIL_SERVER=$(grep server $adminDir/data/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_EMAIL_PORT=$(grep port $adminDir/data/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_EMAIL_USER=$(grep user $adminDir/data/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
export PKI_EMAIL_FROM=$(grep from $adminDir/data/config.json | head -1 | perl -p0e 's/.*?:\s+(.*)/\1/' | sed -e 's/\",//g' | sed -e 's/\"//g')
|
||||
else
|
||||
export PKI_EMAIL_SERVER="localhost"
|
||||
export PKI_EMAIL_PORT="9380"
|
||||
export PKI_EMAIL_USER="cert-manager@example.com"
|
||||
export PKI_EMAIL_FROM="Expiry bot <test@example.com>"
|
||||
fi
|
||||
|
||||
local extended_timeout=$(grep extended_timeout $adminDir/data/config.json | grep true)
|
||||
if [ "$extended_timeout" != "" ]; then
|
||||
export PKI_EXTENDED_TIMEOUT=1
|
||||
fi
|
||||
|
||||
$adminDir/apply-boulder &>>$installLog
|
||||
else
|
||||
chown -R labca:labca "$boulderLabCADir"
|
||||
@@ -787,13 +726,13 @@ startup() {
|
||||
|
||||
cd "$boulderDir"
|
||||
cnt=$(docker-compose ps | wc -l)
|
||||
if [ "$cnt" == "2" ]; then
|
||||
if [ "$cnt" -le "2" ]; then
|
||||
msg="Download docker images and build containers"
|
||||
fi
|
||||
msg_info "$msg (this will take a while!!)"
|
||||
|
||||
docker-compose pull -q &>>$installLog
|
||||
cnt=$(count $PS_CONTROL)
|
||||
cnt=$(count $PS_CONTROL || echo "0")
|
||||
docker-compose stop boulder bmysql labca nginx bconsul &>>$installLog || true
|
||||
for ct in boulder_bhsm_1 boulder_bredis_1 boulder_bredis_2 boulder_bredis_3 boulder_bredis_4 boulder_bredis_5 boulder_bredis_6; do
|
||||
[ -z "$(docker ps | grep $ct)" ] || docker stop $ct &>>$installLog
|
||||
|
||||
Reference in New Issue
Block a user