124 lines
4.3 KiB
Bash
124 lines
4.3 KiB
Bash
#!/usr/bin/env sh
|
|
|
|
# Script to deploy cert to Peplink Routers
|
|
#
|
|
# The following environment variables must be set:
|
|
#
|
|
# PEPLINK_Hostname - Peplink hostname
|
|
# PEPLINK_Username - Peplink username to login
|
|
# PEPLINK_Password - Peplink password to login
|
|
#
|
|
# The following environmental variables may be set if you don't like their
|
|
# default values:
|
|
#
|
|
# PEPLINK_Certtype - Certificate type to target for replacement
|
|
# defaults to "webadmin", can be one of:
|
|
# * "chub" (ContentHub)
|
|
# * "openvpn" (OpenVPN CA)
|
|
# * "portal" (Captive Portal SSL)
|
|
# * "webadmin" (Web Admin SSL)
|
|
# * "webproxy" (Proxy Root CA)
|
|
# * "wwan_ca" (Wi-Fi WAN CA)
|
|
# * "wwan_client" (Wi-Fi WAN Client)
|
|
# PEPLINK_Scheme - defaults to "https"
|
|
# PEPLINK_Port - defaults to "443"
|
|
#
|
|
#returns 0 means success, otherwise error.
|
|
|
|
######## Public functions #####################
|
|
|
|
_peplink_get_cookie_data() {
|
|
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
|
|
}
|
|
|
|
#domain keyfile certfile cafile fullchain
|
|
peplink_deploy() {
|
|
|
|
_cdomain="$1"
|
|
_ckey="$2"
|
|
_cfullchain="$5"
|
|
|
|
_debug _cdomain "$_cdomain"
|
|
_debug _cfullchain "$_cfullchain"
|
|
_debug _ckey "$_ckey"
|
|
|
|
# Get Hostname, Username and Password, but don't save until we successfully authenticate
|
|
_getdeployconf PEPLINK_Hostname
|
|
_getdeployconf PEPLINK_Username
|
|
_getdeployconf PEPLINK_Password
|
|
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
|
|
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
|
|
return 1
|
|
fi
|
|
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
|
|
_debug2 PEPLINK_Username "$PEPLINK_Username"
|
|
_secure_debug2 PEPLINK_Password "$PEPLINK_Password"
|
|
|
|
# Optional certificate type, scheme, and port for Peplink
|
|
_getdeployconf PEPLINK_Certtype
|
|
_getdeployconf PEPLINK_Scheme
|
|
_getdeployconf PEPLINK_Port
|
|
|
|
# Don't save the certificate type until we verify it exists and is supported
|
|
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
|
|
_savedeployconf PEPLINK_Port "$PEPLINK_Port"
|
|
|
|
# Default vaules for certificate type, scheme, and port
|
|
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin"
|
|
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https"
|
|
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443"
|
|
|
|
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
|
|
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
|
|
_debug2 PEPLINK_Port "$PEPLINK_Port"
|
|
|
|
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
|
|
_debug _base_url "$_base_url"
|
|
|
|
# Login, get the auth token from the cookie
|
|
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
|
|
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)"
|
|
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)"
|
|
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
|
|
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
|
|
_debug3 response "$response"
|
|
_debug auth_token "$auth_token"
|
|
|
|
if [ -z "$auth_token" ]; then
|
|
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
|
|
_err "Check your username and password."
|
|
return 1
|
|
fi
|
|
|
|
_H1="Cookie: $auth_token"
|
|
export _H1
|
|
_debug2 H1 "${_H1}"
|
|
|
|
# Now that we know the hostnameusername and password are good, save them
|
|
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
|
|
_savedeployconf PEPLINK_Username "$PEPLINK_Username"
|
|
_savedeployconf PEPLINK_Password "$PEPLINK_Password"
|
|
|
|
_info "Generate form POST request"
|
|
|
|
encoded_key="$(_url_encode <"$_ckey")"
|
|
encoded_fullchain="$(_url_encode <"$_cfullchain")"
|
|
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
|
|
_debug3 body "$body"
|
|
|
|
_info "Upload $PEPLINK_Certtype certificate to the Peplink"
|
|
|
|
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
|
|
_debug3 response "$response"
|
|
|
|
if echo "$response" | grep 'Success' >/dev/null; then
|
|
# We've verified this certificate type is valid, so save it
|
|
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
|
|
_info "Certificate was updated"
|
|
return 0
|
|
else
|
|
_err "Unable to update certificate, error code $response"
|
|
return 1
|
|
fi
|
|
}
|