Mark Challoner
4 years ago
1 changed files with 123 additions and 0 deletions
@ -0,0 +1,123 @@
|
||||
#!/usr/bin/env sh |
||||
|
||||
# Script to deploy cert to Peplink Routers |
||||
# |
||||
# The following environment variables must be set: |
||||
# |
||||
# PEPLINK_Hostname - Peplink hostname |
||||
# PEPLINK_Username - Peplink username to login |
||||
# PEPLINK_Password - Peplink password to login |
||||
# |
||||
# The following environmental variables may be set if you don't like their |
||||
# default values: |
||||
# |
||||
# PEPLINK_Certtype - Certificate type to target for replacement |
||||
# defaults to "webadmin", can be one of: |
||||
# * "chub" (ContentHub) |
||||
# * "openvpn" (OpenVPN CA) |
||||
# * "portal" (Captive Portal SSL) |
||||
# * "webadmin" (Web Admin SSL) |
||||
# * "webproxy" (Proxy Root CA) |
||||
# * "wwan_ca" (Wi-Fi WAN CA) |
||||
# * "wwan_client" (Wi-Fi WAN Client) |
||||
# PEPLINK_Scheme - defaults to "https" |
||||
# PEPLINK_Port - defaults to "443" |
||||
# |
||||
#returns 0 means success, otherwise error. |
||||
|
||||
######## Public functions ##################### |
||||
|
||||
_peplink_get_cookie_data() { |
||||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' |
||||
} |
||||
|
||||
#domain keyfile certfile cafile fullchain |
||||
peplink_deploy() { |
||||
|
||||
_cdomain="$1" |
||||
_ckey="$2" |
||||
_cfullchain="$5" |
||||
|
||||
_debug _cdomain "$_cdomain" |
||||
_debug _cfullchain "$_cfullchain" |
||||
_debug _ckey "$_ckey" |
||||
|
||||
# Get Hostname, Username and Password, but don't save until we successfully authenticate |
||||
_getdeployconf PEPLINK_Hostname |
||||
_getdeployconf PEPLINK_Username |
||||
_getdeployconf PEPLINK_Password |
||||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then |
||||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" |
||||
return 1 |
||||
fi |
||||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
_debug2 PEPLINK_Username "$PEPLINK_Username" |
||||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password" |
||||
|
||||
# Optional certificate type, scheme, and port for Peplink |
||||
_getdeployconf PEPLINK_Certtype |
||||
_getdeployconf PEPLINK_Scheme |
||||
_getdeployconf PEPLINK_Port |
||||
|
||||
# Don't save the certificate type until we verify it exists and is supported |
||||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
_savedeployconf PEPLINK_Port "$PEPLINK_Port" |
||||
|
||||
# Default vaules for certificate type, scheme, and port |
||||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" |
||||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" |
||||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" |
||||
|
||||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme" |
||||
_debug2 PEPLINK_Port "$PEPLINK_Port" |
||||
|
||||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" |
||||
_debug _base_url "$_base_url" |
||||
|
||||
# Login, get the auth token from the cookie |
||||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" |
||||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" |
||||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" |
||||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") |
||||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") |
||||
_debug3 response "$response" |
||||
_debug auth_token "$auth_token" |
||||
|
||||
if [ -z "$auth_token" ]; then |
||||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." |
||||
_err "Check your username and password." |
||||
return 1 |
||||
fi |
||||
|
||||
_H1="Cookie: $auth_token" |
||||
export _H1 |
||||
_debug2 H1 "${_H1}" |
||||
|
||||
# Now that we know the hostnameusername and password are good, save them |
||||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" |
||||
_savedeployconf PEPLINK_Username "$PEPLINK_Username" |
||||
_savedeployconf PEPLINK_Password "$PEPLINK_Password" |
||||
|
||||
_info "Generate form POST request" |
||||
|
||||
encoded_key="$(_url_encode <"$_ckey")" |
||||
encoded_fullchain="$(_url_encode <"$_cfullchain")" |
||||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" |
||||
_debug3 body "$body" |
||||
|
||||
_info "Upload $PEPLINK_Certtype certificate to the Peplink" |
||||
|
||||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") |
||||
_debug3 response "$response" |
||||
|
||||
if echo "$response" | grep 'Success' >/dev/null; then |
||||
# We've verified this certificate type is valid, so save it |
||||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" |
||||
_info "Certificate was updated" |
||||
return 0 |
||||
else |
||||
_err "Unable to update certificate, error code $response" |
||||
return 1 |
||||
fi |
||||
} |
||||
Loading…
Reference in new issue