]>
Commit | Line | Data |
---|---|---|
61549b4a MC |
1 | #!/usr/bin/env sh |
2 | ||
3 | # Script to deploy cert to Peplink Routers | |
4 | # | |
5 | # The following environment variables must be set: | |
6 | # | |
7 | # PEPLINK_Hostname - Peplink hostname | |
8 | # PEPLINK_Username - Peplink username to login | |
9 | # PEPLINK_Password - Peplink password to login | |
10 | # | |
11 | # The following environmental variables may be set if you don't like their | |
12 | # default values: | |
13 | # | |
14 | # PEPLINK_Certtype - Certificate type to target for replacement | |
15 | # defaults to "webadmin", can be one of: | |
16 | # * "chub" (ContentHub) | |
17 | # * "openvpn" (OpenVPN CA) | |
18 | # * "portal" (Captive Portal SSL) | |
19 | # * "webadmin" (Web Admin SSL) | |
20 | # * "webproxy" (Proxy Root CA) | |
21 | # * "wwan_ca" (Wi-Fi WAN CA) | |
22 | # * "wwan_client" (Wi-Fi WAN Client) | |
23 | # PEPLINK_Scheme - defaults to "https" | |
24 | # PEPLINK_Port - defaults to "443" | |
25 | # | |
26 | #returns 0 means success, otherwise error. | |
27 | ||
28 | ######## Public functions ##################### | |
29 | ||
30 | _peplink_get_cookie_data() { | |
31 | grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' | |
32 | } | |
33 | ||
34 | #domain keyfile certfile cafile fullchain | |
35 | peplink_deploy() { | |
36 | ||
37 | _cdomain="$1" | |
38 | _ckey="$2" | |
39 | _cfullchain="$5" | |
40 | ||
41 | _debug _cdomain "$_cdomain" | |
42 | _debug _cfullchain "$_cfullchain" | |
43 | _debug _ckey "$_ckey" | |
44 | ||
45 | # Get Hostname, Username and Password, but don't save until we successfully authenticate | |
46 | _getdeployconf PEPLINK_Hostname | |
47 | _getdeployconf PEPLINK_Username | |
48 | _getdeployconf PEPLINK_Password | |
49 | if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then | |
50 | _err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" | |
51 | return 1 | |
52 | fi | |
53 | _debug2 PEPLINK_Hostname "$PEPLINK_Hostname" | |
54 | _debug2 PEPLINK_Username "$PEPLINK_Username" | |
55 | _secure_debug2 PEPLINK_Password "$PEPLINK_Password" | |
56 | ||
57 | # Optional certificate type, scheme, and port for Peplink | |
58 | _getdeployconf PEPLINK_Certtype | |
59 | _getdeployconf PEPLINK_Scheme | |
60 | _getdeployconf PEPLINK_Port | |
61 | ||
62 | # Don't save the certificate type until we verify it exists and is supported | |
63 | _savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" | |
64 | _savedeployconf PEPLINK_Port "$PEPLINK_Port" | |
65 | ||
66 | # Default vaules for certificate type, scheme, and port | |
67 | [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" | |
68 | [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" | |
69 | [ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" | |
70 | ||
71 | _debug2 PEPLINK_Certtype "$PEPLINK_Certtype" | |
72 | _debug2 PEPLINK_Scheme "$PEPLINK_Scheme" | |
73 | _debug2 PEPLINK_Port "$PEPLINK_Port" | |
74 | ||
75 | _base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" | |
76 | _debug _base_url "$_base_url" | |
77 | ||
78 | # Login, get the auth token from the cookie | |
79 | _info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" | |
80 | encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" | |
81 | encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" | |
82 | response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") | |
83 | auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") | |
84 | _debug3 response "$response" | |
85 | _debug auth_token "$auth_token" | |
86 | ||
87 | if [ -z "$auth_token" ]; then | |
88 | _err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." | |
89 | _err "Check your username and password." | |
90 | return 1 | |
91 | fi | |
92 | ||
93 | _H1="Cookie: $auth_token" | |
94 | export _H1 | |
95 | _debug2 H1 "${_H1}" | |
96 | ||
97 | # Now that we know the hostnameusername and password are good, save them | |
98 | _savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" | |
99 | _savedeployconf PEPLINK_Username "$PEPLINK_Username" | |
100 | _savedeployconf PEPLINK_Password "$PEPLINK_Password" | |
101 | ||
102 | _info "Generate form POST request" | |
103 | ||
104 | encoded_key="$(_url_encode <"$_ckey")" | |
105 | encoded_fullchain="$(_url_encode <"$_cfullchain")" | |
106 | body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" | |
107 | _debug3 body "$body" | |
108 | ||
109 | _info "Upload $PEPLINK_Certtype certificate to the Peplink" | |
110 | ||
111 | response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") | |
112 | _debug3 response "$response" | |
113 | ||
114 | if echo "$response" | grep 'Success' >/dev/null; then | |
115 | # We've verified this certificate type is valid, so save it | |
116 | _savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" | |
117 | _info "Certificate was updated" | |
118 | return 0 | |
119 | else | |
120 | _err "Unable to update certificate, error code $response" | |
121 | return 1 | |
122 | fi | |
123 | } |