diff options
| -rwxr-xr-x | scripts/install-https | 23 | ||||
| -rw-r--r-- | src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java | 16 |
2 files changed, 30 insertions, 9 deletions
diff --git a/scripts/install-https b/scripts/install-https index 84a6184..bb17abc 100755 --- a/scripts/install-https +++ b/scripts/install-https @@ -1,11 +1,13 @@ #!/bin/bash -CERT="/etc/lighttpd/server.pem" +CERTFILE="/etc/lighttpd/server.pem" +CHAINFILE="/etc/lighttpd/chain.pem" op_disable () { - [ -e "$CERT" ] || exit 0 - rm -f -- "$CERT" || exit 1 + [ -e "$CERTFILE" ] || exit 0 + rm -f -- "$CERTFILE" || exit 1 + rm -f -- "$CHAINFILE" } op_test () @@ -31,21 +33,28 @@ op_test () op_import () { - [ $# -eq 2 ] || exit 1 + [ $# -lt 2 ] || exit 1 local K=$1 local C=$2 + local CHAIN=$3 [ -r "$K" ] || exit 2 [ -r "$C" ] || exit 3 + rm -f -- "$CHAINFILE" # Create server.pem - cat "$C" "$K" > "$CERT" - chmod 0600 "$CERT" || exit 4 + cat "$C" "$K" > "$CERTFILE" + chmod 0600 "$CERTFILE" || exit 4 rm -f -- "$C" "$K" + # If we have a chainfile, try to use it aswell + if [ -s "$CHAIN" ]; then + openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE" + fi } op_random () { [ -z "$1" ] && exit 1 - openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT" -out "$CERT" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 + rm -f -- "$CHAINFILE" + openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2 } OP=$1 diff --git a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java index 1b5e8e8..e3a06bf 100644 --- a/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java +++ b/src/main/java/org/openslx/taskmanager/tasks/LighttpdHttps.java @@ -17,6 +17,8 @@ public class LighttpdHttps extends AbstractTask private String importcert = null; @Expose private String importkey = null; + @Expose + private String importchain = null; @Expose private String proxyip = null; @@ -53,12 +55,17 @@ public class LighttpdHttps extends AbstractTask // Import supplied certificate and key. Test if they are valid first File tmpKey = null; File tmpCert = null; + File tmpChain = null; try { try { tmpKey = File.createTempFile( "bwlp-", ".pem" ); - tmpCert = File.createTempFile( "bwlp-", ".pem" ); Util.writeStringToFile( tmpCert, this.importcert ); + tmpCert = File.createTempFile( "bwlp-", ".pem" ); Util.writeStringToFile( tmpKey, this.importkey ); + if ( this.importchain != null && !this.importchain.isEmpty() ) { + tmpChain = File.createTempFile( "bwlp-", ".pem" ); + Util.writeStringToFile( tmpChain, this.importchain ); + } } catch ( Exception e ) { status.error = "Could not create temporary files!"; return false; @@ -69,7 +76,12 @@ public class LighttpdHttps extends AbstractTask status.error = "Given key and certificate do not match, or have invalid format (exit code: " + ret + ")"; return false; } - ret = Exec.sync( "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() ); + if ( tmpChain != null ) { + ret = Exec.sync( "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath(), + tmpChain.getAbsolutePath() ); + } else { + ret = Exec.sync( "sudo", "-n", "-u", "root", "/opt/taskmanager/scripts/install-https", "--import", tmpKey.getAbsolutePath(), tmpCert.getAbsolutePath() ); + } if ( ret != 0 ) { status.error = "import exited with code " + ret; return false; |