2 com="$SSH_ORIGINAL_COMMAND"
3 if [[ "$UID" == 0 ]]; then
4 echo "Run script as non-root-user"
7 if [[ "$com" == "ask quiz certs" ]]; then
9 # In argument 1 is the path of the certificates to update: $1.crt and $1.key
10 function update_cert {
12 if [[ -f $name.crt ]] && openssl x509 -checkend $((365*24*60*60)) -in $name.crt > /dev/null; then
16 openssl req -newkey rsa:4096 -subj "/CN=will-be-ignored" -nodes -out $folder/web.req -keyout $folder/web.key 2>/dev/null
19 if [[ "$response" == "SUCCESS" ]]; then
20 # read certificate count
22 printf '' > $folder/web.crt
23 for ((i=0;i<len;i++)); do
24 # read one certificate
25 openssl x509 -out $folder/web1.crt
26 cat $folder/web1.crt >> $folder/web.crt
29 crt=$(openssl x509 -in $folder/web.crt -noout -modulus)
30 key=$(openssl rsa -in $folder/web.key -noout -modulus)
31 if [[ $crt == $key ]]; then
33 cp $folder/web.crt $name.crt
34 chmod +r $folder/web.key
35 cp $folder/web.key $name.key
40 printf "%s\n" "$response"
44 update_cert "modules/quiz/files/web"
45 update_cert "modules/quiz/files/client"
46 update_cert "modules/gigi/files/gigi"
47 update_cert "modules/gigi/files/client"
49 [[ -f $folder/web.crt ]] && rm $folder/web.crt
50 [[ -f $folder/web.req ]] && rm $folder/web.req
51 [[ -f $folder/web.key ]] && rm $folder/web.key
53 elif [[ "$com" == "reload quiz certs" ]]; then
54 sudo puppet apply /etc/puppet/code/environments/production/manifests --verbose
55 sudo lxc-attach -n front-nginx -- puppet agent --verbose --test
56 sudo lxc-attach -n quiz -- puppet agent --verbose --test
57 sudo lxc-attach -n gigi -- puppet agent --verbose --test
58 elif [[ "$com" == "update crls" ]]; then
59 if ! tar xv -C /data/crl; then
64 mkdir -p /data/crl/htdocs/g2
65 for i in /data/crl/*.crl; do
66 if ! [[ -h /data/crl/htdocs/g2/${i#/data/crl/} ]]; then
67 ln -vs /data-crl/${i#/data/crl/} /data/crl/htdocs/g2/${i#/data/crl/}
71 for i in /data/gigi-crl/*/ca.crl; do
72 j=$(echo $i | sed "s#^/data/gigi-crl/\([a-zA-Z]*\)_\([0-9]*\)_\([0-9]\)/ca.crl#\2/\1-\3.crl#")
73 mkdir -p /data/crl/htdocs/g2/$(dirname $j)
74 if ! [[ -h /data/crl/htdocs/g2/$j ]]; then
75 ln -vs /data-crl-gigi/${i#/data/gigi-crl/} /data/crl/htdocs/g2/$j
79 mkdir -p /data/crl/crt-htdocs/g2
80 for i in modules/nre/files/config/ca/*; do
81 [[ $i == *_* ]] && continue
82 if ! [[ -f /data/crl/crt-htdocs/g2/$(basename $i) ]]; then
83 cp -v $i /data/crl/crt-htdocs/g2/$(basename $i)
86 for i in /data/gigi-crl/*/ca.crt; do
87 j=$(echo $i | sed "s#^/data/gigi-crl/\([a-zA-Z]*\)_\([0-9]*\)_\([0-9]\)/ca.crt#\2/\1-\3.crt#")
88 mkdir -p /data/crl/crt-htdocs/g2/$(dirname $j)
89 if ! [[ -h /data/crl/crt-htdocs/g2/$j ]]; then
90 ln -vs /data-crl-gigi/${i#/data/gigi-crl/} /data/crl/crt-htdocs/g2/$j