3 # Script to deploy cert to Peplink Routers
5 # The following environment variables must be set:
7 # PEPLINK_Hostname - Peplink hostname
8 # PEPLINK_Username - Peplink username to login
9 # PEPLINK_Password - Peplink password to login
11 # The following environmental variables may be set if you don't like their
14 # PEPLINK_Certtype - Certificate type to target for replacement
15 # defaults to "webadmin", can be one of:
16 # * "chub" (ContentHub)
17 # * "openvpn" (OpenVPN CA)
18 # * "portal" (Captive Portal SSL)
19 # * "webadmin" (Web Admin SSL)
20 # * "webproxy" (Proxy Root CA)
21 # * "wwan_ca" (Wi-Fi WAN CA)
22 # * "wwan_client" (Wi-Fi WAN Client)
23 # PEPLINK_Scheme - defaults to "https"
24 # PEPLINK_Port - defaults to "443"
26 #returns 0 means success, otherwise error.
28 ######## Public functions #####################
30 _peplink_get_cookie_data
() {
31 grep -i "\W$1=" |
grep -i "^Set-Cookie:" | _tail_n
1 | _egrep_o
"$1=[^;]*;" |
tr -d ';'
34 #domain keyfile certfile cafile fullchain
41 _debug _cdomain
"$_cdomain"
42 _debug _cfullchain
"$_cfullchain"
45 # Get Hostname, Username and Password, but don't save until we successfully authenticate
46 _getdeployconf PEPLINK_Hostname
47 _getdeployconf PEPLINK_Username
48 _getdeployconf PEPLINK_Password
49 if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
50 _err
"PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
53 _debug2 PEPLINK_Hostname
"$PEPLINK_Hostname"
54 _debug2 PEPLINK_Username
"$PEPLINK_Username"
55 _secure_debug2 PEPLINK_Password
"$PEPLINK_Password"
57 # Optional certificate type, scheme, and port for Peplink
58 _getdeployconf PEPLINK_Certtype
59 _getdeployconf PEPLINK_Scheme
60 _getdeployconf PEPLINK_Port
62 # Don't save the certificate type until we verify it exists and is supported
63 _savedeployconf PEPLINK_Scheme
"$PEPLINK_Scheme"
64 _savedeployconf PEPLINK_Port
"$PEPLINK_Port"
66 # Default vaules for certificate type, scheme, and port
67 [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype
="webadmin"
68 [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme
="https"
69 [ -n "${PEPLINK_Port}" ] || PEPLINK_Port
="443"
71 _debug2 PEPLINK_Certtype
"$PEPLINK_Certtype"
72 _debug2 PEPLINK_Scheme
"$PEPLINK_Scheme"
73 _debug2 PEPLINK_Port
"$PEPLINK_Port"
75 _base_url
="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
76 _debug _base_url
"$_base_url"
78 # Login, get the auth token from the cookie
79 _info
"Logging into $PEPLINK_Hostname:$PEPLINK_Port"
80 encoded_username
="$(printf "%s
" "$PEPLINK_Username" | _url_encode)"
81 encoded_password
="$(printf "%s
" "$PEPLINK_Password" | _url_encode)"
82 response
=$
(_post
"func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
83 auth_token
=$
(_peplink_get_cookie_data
"bauth" <"$HTTP_HEADER")
84 _debug3 response
"$response"
85 _debug auth_token
"$auth_token"
87 if [ -z "$auth_token" ]; then
88 _err
"Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
89 _err
"Check your username and password."
93 _H1
="Cookie: $auth_token"
97 # Now that we know the hostnameusername and password are good, save them
98 _savedeployconf PEPLINK_Hostname
"$PEPLINK_Hostname"
99 _savedeployconf PEPLINK_Username
"$PEPLINK_Username"
100 _savedeployconf PEPLINK_Password
"$PEPLINK_Password"
102 _info
"Generate form POST request"
104 encoded_key
="$(_url_encode <"$_ckey")"
105 encoded_fullchain
="$(_url_encode <"$_cfullchain")"
106 body
="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
109 _info
"Upload $PEPLINK_Certtype certificate to the Peplink"
111 response
=$
(_post
"$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
112 _debug3 response
"$response"
114 if echo "$response" |
grep 'Success' >/dev
/null
; then
115 # We've verified this certificate type is valid, so save it
116 _savedeployconf PEPLINK_Certtype
"$PEPLINK_Certtype"
117 _info
"Certificate was updated"
120 _err
"Unable to update certificate, error code $response"