diff options
| author | Simon Rettberg | 2014-11-18 18:40:49 +0100 |
|---|---|---|
| committer | Simon Rettberg | 2014-11-18 18:40:49 +0100 |
| commit | ecb072b02e1a70555db0fdf4ed47375d3080a074 (patch) | |
| tree | 75db05621458eee14a96ff2d825a30072eb06e40 /scripts/install-https | |
| parent | Added class ProxyHandler for for configuring proxy settings system wide once ... (diff) | |
| download | tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.tar.gz tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.tar.xz tmlite-bwlp-ecb072b02e1a70555db0fdf4ed47375d3080a074.zip | |
Many improvements and additions:
- Added task+script for lighttpd https config
- Added task for reloading proxy config
- ldapsearch now supports searching for specific user
- DownloadFile now supports checking file integrity through optional gpg signature
Diffstat (limited to 'scripts/install-https')
| -rwxr-xr-x | scripts/install-https | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/scripts/install-https b/scripts/install-https new file mode 100755 index 0000000..84a6184 --- /dev/null +++ b/scripts/install-https @@ -0,0 +1,68 @@ +#!/bin/bash + +CERT="/etc/lighttpd/server.pem" + +op_disable () +{ + [ -e "$CERT" ] || exit 0 + rm -f -- "$CERT" || exit 1 +} + +op_test () +{ + [ $# -eq 2 ] || exit 1 + local K=$1 + local C=$2 + [ -r "$K" ] || exit 2 + [ -r "$C" ] || exit 3 + # Encrypt something, then decrypt again and compare + local TEST_IN=$(mktemp --tmpdir bwlp-XXXXXXXX) + local TEST_OUT=$(mktemp --tmpdir bwlp-XXXXXXXX) + local TEST_DIFF=$(mktemp --tmpdir bwlp-XXXXXXXX) + [ -z "$TEST_IN" ] && exit 4 + [ -z "$TEST_OUT" ] && exit 5 + [ -z "$TEST_DIFF" ] && exit 6 + date > "$TEST_IN" + openssl smime -encrypt -binary -aes-256-cbc -in "$TEST_IN" -out "$TEST_OUT" -outform DER "$C" || exit 7 + openssl smime -decrypt -binary -in "$TEST_OUT" -inform DER -out "$TEST_DIFF" -inkey "$K" || exit 8 + diff -q "$TEST_IN" "$TEST_DIFF" || exit 9 + exit 0 # No restart either way +} + +op_import () +{ + [ $# -eq 2 ] || exit 1 + local K=$1 + local C=$2 + [ -r "$K" ] || exit 2 + [ -r "$C" ] || exit 3 + # Create server.pem + cat "$C" "$K" > "$CERT" + chmod 0600 "$CERT" || exit 4 + rm -f -- "$C" "$K" +} + +op_random () +{ + [ -z "$1" ] && exit 1 + openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT" -out "$CERT" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 +} + +OP=$1 +shift + +case "$OP" in + --random) op_random "$@" ;; + --test) op_test "$@" ;; + --import) op_import "$@" ;; + --disable) op_disable ;; + *) + echo "Invalid operation: $1" + exit 1 + ;; +esac + +service lighttpd restart + +exit 0 + |