Tidying

0318ca8e · Bob Mottram · 0a72fa02 · 0318ca8e
Commit 0318ca8e authored 9 years ago by Bob Mottram
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -146,7 +146,9 @@ if [ ! -d /etc/ssl/mycerts ]; then
    mkdir /etc/ssl/mycerts
 fi

-if [ $LETSENCRYPT_HOSTNAME ]; then
+CERTFILE=$HOSTNAME
+
+function add_cert_letsencrypt {
    CERTFILE=$LETSENCRYPT_HOSTNAME

    if [ ! -d $INSTALL_DIR ]; then
@@ -170,7 +172,6 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
    systemctl stop nginx

    cd ${INSTALL_DIR}/letsencrypt
-    # TODO this requires user interaction - is there a non-interactive mode?
    ./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
    if [ ! "$?" = "0" ]; then
        echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
@@ -192,8 +193,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
    if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
        if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
            mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
-		else
-			rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+        else
+            rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
        fi
    fi
    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
@@ -202,8 +203,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
    if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
        if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
            mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
-		else
-			rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+        else
+            rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
        fi
    fi
    ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
@@ -217,8 +218,9 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
        echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
        exit 62878
    fi
-else
-    CERTFILE=$HOSTNAME
+}
+
+function add_cert_selfsigned {
    if [[ $ORGANISATION == "Freedombone-CA" ]]; then
        CERTFILE="ca-$HOSTNAME"
    fi
@@ -236,21 +238,39 @@ else
        echo $"Certificate for $CERTFILE could not be pinned"
        exit 62879
    fi
-fi
+}

-# generate DH params
-if [ ! $NODH ]; then
-    if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
-        ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+function generate_dh_params {
+    if [ ! $NODH ]; then
+        if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+            ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+        fi
    fi
-fi
+}

-if [ -f /etc/init.d/nginx ]; then
-    /etc/init.d/nginx reload
-fi
+function restart_web_server {
+    if [ -f /etc/init.d/nginx ]; then
+        /etc/init.d/nginx reload
+    fi
+}
+
+function make_cert_bundle {
+    # Create a bundle of your certificates
+    cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
+    tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+}
+
+function create_cert {
+    if [ $LETSENCRYPT_HOSTNAME ]; then
+        add_cert_letsencrypt
+    else
+        add_cert_selfsigned
+    fi
+}

-# Create a bundle of your certificates
-cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
-tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+create_cert
+generate_dh_params
+restart_web_server
+make_cert_bundle

 exit 0