From 0318ca8edf07457a51fe90c267aa671263023cd3 Mon Sep 17 00:00:00 2001
From: Bob Mottram <bob@robotics.uk.to>
Date: Sat, 12 Dec 2015 10:55:16 +0000
Subject: [PATCH] Tidying
---
src/freedombone-addcert | 60 +++++++++++++++++++++++++++--------------
1 file changed, 40 insertions(+), 20 deletions(-)
diff --git a/src/freedombone-addcert b/src/freedombone-addcert
index 8212446d5..822704ae7 100755
--- a/src/freedombone-addcert
+++ b/src/freedombone-addcert
@@ -146,7 +146,9 @@ if [ ! -d /etc/ssl/mycerts ]; then
mkdir /etc/ssl/mycerts
fi
-if [ $LETSENCRYPT_HOSTNAME ]; then
+CERTFILE=$HOSTNAME
+
+function add_cert_letsencrypt {
CERTFILE=$LETSENCRYPT_HOSTNAME
if [ ! -d $INSTALL_DIR ]; then
@@ -170,7 +172,6 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
systemctl stop nginx
cd ${INSTALL_DIR}/letsencrypt
- # TODO this requires user interaction - is there a non-interactive mode?
./letsencrypt-auto certonly --server $LETSENCRYPT_SERVER --standalone -d $LETSENCRYPT_HOSTNAME
if [ ! "$?" = "0" ]; then
echo $"Failed to install letsencrypt for domain $LETSENCRYPT_HOSTNAME"
@@ -192,8 +193,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
if [ -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key ]; then
if [ ! -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old ]; then
mv /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key.old
- else
- rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
+ else
+ rm -f /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
fi
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/privkey.pem /etc/ssl/private/${LETSENCRYPT_HOSTNAME}.key
@@ -202,8 +203,8 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
if [ -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem ]; then
if [ ! -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old ]; then
mv /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem.old
- else
- rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
+ else
+ rm -f /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
fi
fi
ln -s /etc/letsencrypt/live/${LETSENCRYPT_HOSTNAME}/fullchain.pem /etc/ssl/certs/${LETSENCRYPT_HOSTNAME}.pem
@@ -217,8 +218,9 @@ if [ $LETSENCRYPT_HOSTNAME ]; then
echo $"Certificate for $LETSENCRYPT_HOSTNAME could not be pinned"
exit 62878
fi
-else
- CERTFILE=$HOSTNAME
+}
+
+function add_cert_selfsigned {
if [[ $ORGANISATION == "Freedombone-CA" ]]; then
CERTFILE="ca-$HOSTNAME"
fi
@@ -236,21 +238,39 @@ else
echo $"Certificate for $CERTFILE could not be pinned"
exit 62879
fi
-fi
+}
-# generate DH params
-if [ ! $NODH ]; then
- if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
- ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+function generate_dh_params {
+ if [ ! $NODH ]; then
+ if [ ! -f /etc/ssl/certs/${CERTFILE}.dhparam ]; then
+ ${PROJECT_NAME}-dhparam -h ${CERTFILE} --fast yes
+ fi
fi
-fi
+}
-if [ -f /etc/init.d/nginx ]; then
- /etc/init.d/nginx reload
-fi
+function restart_web_server {
+ if [ -f /etc/init.d/nginx ]; then
+ /etc/init.d/nginx reload
+ fi
+}
+
+function make_cert_bundle {
+ # Create a bundle of your certificates
+ cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
+ tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+}
+
+function create_cert {
+ if [ $LETSENCRYPT_HOSTNAME ]; then
+ add_cert_letsencrypt
+ else
+ add_cert_selfsigned
+ fi
+}
-# Create a bundle of your certificates
-cat /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem > /etc/ssl/${PROJECT_NAME}-bundle.crt
-tar -czvf /etc/ssl/${PROJECT_NAME}-certs.tar.gz /etc/ssl/mycerts/*.crt /etc/ssl/mycerts/*.pem
+create_cert
+generate_dh_params
+restart_web_server
+make_cert_bundle
exit 0
--
GitLab