[mirror_acme.sh.git] / deploy / peplink.sh

#!/usr/bin/env sh

# Script to deploy cert to Peplink Routers
#
# The following environment variables must be set:
#
# PEPLINK_Hostname - Peplink hostname
# PEPLINK_Username - Peplink username to login
# PEPLINK_Password - Peplink password to login
#
# The following environmental variables may be set if you don't like their
# default values:
#
# PEPLINK_Certtype - Certificate type to target for replacement
#                    defaults to "webadmin", can be one of:
#                      * "chub" (ContentHub)
#                      * "openvpn" (OpenVPN CA)
#                      * "portal" (Captive Portal SSL)
#                      * "webadmin" (Web Admin SSL)
#                      * "webproxy" (Proxy Root CA)
#                      * "wwan_ca" (Wi-Fi WAN CA)
#                      * "wwan_client" (Wi-Fi WAN Client)
# PEPLINK_Scheme   - defaults to "https"
# PEPLINK_Port     - defaults to "443"
#
#returns 0 means success, otherwise error.

########  Public functions #####################

_peplink_get_cookie_data() {
  grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
}

#domain keyfile certfile cafile fullchain
peplink_deploy() {

  _cdomain="$1"
  _ckey="$2"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug _cfullchain "$_cfullchain"
  _debug _ckey "$_ckey"

  # Get Hostname, Username and Password, but don't save until we successfully authenticate
  _getdeployconf PEPLINK_Hostname
  _getdeployconf PEPLINK_Username
  _getdeployconf PEPLINK_Password
  if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
    _err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
    return 1
  fi
  _debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
  _debug2 PEPLINK_Username "$PEPLINK_Username"
  _secure_debug2 PEPLINK_Password "$PEPLINK_Password"

  # Optional certificate type, scheme, and port for Peplink
  _getdeployconf PEPLINK_Certtype
  _getdeployconf PEPLINK_Scheme
  _getdeployconf PEPLINK_Port

  # Don't save the certificate type until we verify it exists and is supported
  _savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
  _savedeployconf PEPLINK_Port "$PEPLINK_Port"

  # Default vaules for certificate type, scheme, and port
  [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin"
  [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https"
  [ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443"

  _debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
  _debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
  _debug2 PEPLINK_Port "$PEPLINK_Port"

  _base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
  _debug _base_url "$_base_url"

  # Login, get the auth token from the cookie
  _info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
  encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)"
  encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)"
  response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
  auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
  _debug3 response "$response"
  _debug auth_token "$auth_token"

  if [ -z "$auth_token" ]; then
    _err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
    _err "Check your username and password."
    return 1
  fi

  _H1="Cookie: $auth_token"
  export _H1
  _debug2 H1 "${_H1}"

  # Now that we know the hostnameusername and password are good, save them
  _savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
  _savedeployconf PEPLINK_Username "$PEPLINK_Username"
  _savedeployconf PEPLINK_Password "$PEPLINK_Password"

  _info "Generate form POST request"

  encoded_key="$(_url_encode <"$_ckey")"
  encoded_fullchain="$(_url_encode <"$_cfullchain")"
  body="cert_type=$PEPLINK_Certtype&cert_uid=&section=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
  _debug3 body "$body"

  _info "Upload $PEPLINK_Certtype certificate to the Peplink"

  response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
  _debug3 response "$response"

  if echo "$response" | grep 'Success' >/dev/null; then
    # We've verified this certificate type is valid, so save it
    _savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
    _info "Certificate was updated"
    return 0
  else
    _err "Unable to update certificate, error code $response"
    return 1
  fi
}
Commit	Line	Data
61549b4a MC	1	#!/usr/bin/env sh
	2
	3	# Script to deploy cert to Peplink Routers
	4	#
	5	# The following environment variables must be set:
	6	#
	7	# PEPLINK_Hostname - Peplink hostname
	8	# PEPLINK_Username - Peplink username to login
	9	# PEPLINK_Password - Peplink password to login
	10	#
	11	# The following environmental variables may be set if you don't like their
	12	# default values:
	13	#
	14	# PEPLINK_Certtype - Certificate type to target for replacement
	15	# defaults to "webadmin", can be one of:
	16	# * "chub" (ContentHub)
	17	# * "openvpn" (OpenVPN CA)
	18	# * "portal" (Captive Portal SSL)
	19	# * "webadmin" (Web Admin SSL)
	20	# * "webproxy" (Proxy Root CA)
	21	# * "wwan_ca" (Wi-Fi WAN CA)
	22	# * "wwan_client" (Wi-Fi WAN Client)
	23	# PEPLINK_Scheme - defaults to "https"
	24	# PEPLINK_Port - defaults to "443"
	25	#
	26	#returns 0 means success, otherwise error.
	27
	28	######## Public functions #####################
	29
	30	_peplink_get_cookie_data() {
	31	grep -i "\W$1=" \| grep -i "^Set-Cookie:" \| _tail_n 1 \| _egrep_o "$1=[^;]*;" \| tr -d ';'
	32	}
	33
	34	#domain keyfile certfile cafile fullchain
	35	peplink_deploy() {
	36
	37	_cdomain="$1"
	38	_ckey="$2"
	39	_cfullchain="$5"
	40
	41	_debug _cdomain "$_cdomain"
	42	_debug _cfullchain "$_cfullchain"
	43	_debug _ckey "$_ckey"
	44
	45	# Get Hostname, Username and Password, but don't save until we successfully authenticate
	46	_getdeployconf PEPLINK_Hostname
	47	_getdeployconf PEPLINK_Username
	48	_getdeployconf PEPLINK_Password
	49	if [ -z "${PEPLINK_Hostname:-}" ] \|\| [ -z "${PEPLINK_Username:-}" ] \|\| [ -z "${PEPLINK_Password:-}" ]; then
	50	_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
	51	return 1
	52	fi
	53	_debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
	54	_debug2 PEPLINK_Username "$PEPLINK_Username"
	55	_secure_debug2 PEPLINK_Password "$PEPLINK_Password"
	56
	57	# Optional certificate type, scheme, and port for Peplink
	58	_getdeployconf PEPLINK_Certtype
	59	_getdeployconf PEPLINK_Scheme
	60	_getdeployconf PEPLINK_Port
	61
	62	# Don't save the certificate type until we verify it exists and is supported
	63	_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
	64	_savedeployconf PEPLINK_Port "$PEPLINK_Port"
65
66	# Default vaules for certificate type, scheme, and port
67	[ -n "${PEPLINK_Certtype}" ] \|\| PEPLINK_Certtype="webadmin"
68	[ -n "${PEPLINK_Scheme}" ] \|\| PEPLINK_Scheme="https"
69	[ -n "${PEPLINK_Port}" ] \|\| PEPLINK_Port="443"
70
71	_debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
72	_debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
73	_debug2 PEPLINK_Port "$PEPLINK_Port"
74
75	_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
76	_debug _base_url "$_base_url"
77
78	# Login, get the auth token from the cookie
79	_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
80	encoded_username="$(printf "%s" "$PEPLINK_Username" \| _url_encode)"
81	encoded_password="$(printf "%s" "$PEPLINK_Password" \| _url_encode)"
82	response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
83	auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
84	_debug3 response "$response"
85	_debug auth_token "$auth_token"
86
87	if [ -z "$auth_token" ]; then
88	_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
89	_err "Check your username and password."
90	return 1
91	fi
92
93	_H1="Cookie: $auth_token"
94	export _H1
95	_debug2 H1 "${_H1}"
96
97	# Now that we know the hostnameusername and password are good, save them
98	_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
99	_savedeployconf PEPLINK_Username "$PEPLINK_Username"
100	_savedeployconf PEPLINK_Password "$PEPLINK_Password"
101
102	_info "Generate form POST request"
103
104	encoded_key="$(_url_encode <"$_ckey")"
105	encoded_fullchain="$(_url_encode <"$_cfullchain")"
106	body="cert_type=$PEPLINK_Certtype&cert_uid=&section=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
107	_debug3 body "$body"
108
109	_info "Upload $PEPLINK_Certtype certificate to the Peplink"
110
111	response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
112	_debug3 response "$response"
113
114	if echo "$response" \| grep 'Success' >/dev/null; then
115	# We've verified this certificate type is valid, so save it
116	_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
117	_info "Certificate was updated"
118	return 0
119	else
120	_err "Unable to update certificate, error code $response"
121	return 1
122	fi
123	}