From 251297130280ffb18fe869dc47da0e4b0c260fca Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Fri, 12 Jan 2018 10:44:29 +0100
Subject: [https/backup] Store cert only in separate .pem for further use

---
 scripts/install-https | 33 ++++++++++++++++++---------------
 scripts/system-backup |  4 +++-
 2 files changed, 21 insertions(+), 16 deletions(-)

(limited to 'scripts')

diff --git a/scripts/install-https b/scripts/install-https
index 121fb0e..ecb1b0a 100755
--- a/scripts/install-https
+++ b/scripts/install-https
@@ -1,14 +1,15 @@
 #!/bin/bash
 
-declare -rg CERTFILE="/etc/lighttpd/server.pem"
-declare -rg CHAINFILE="/etc/lighttpd/chain.pem"
+declare -rg CERT_KEY_FILE="/etc/lighttpd/server.pem"
+declare -rg PUB_CERT_FILE="/etc/lighttpd/pub-cert.pem"
+declare -rg CHAIN_FILE="/etc/lighttpd/chain.pem"
 declare -rg REDIR_FLAG="/etc/lighttpd/redirect.flag"
 
 op_disable ()
 {
-	[ -e "$CERTFILE" ] || exit 0
-	rm -f -- "$CERTFILE" || exit 1
-	rm -f -- "$CHAINFILE"
+	[ -e "$CERT_KEY_FILE" ] || exit 0
+	rm -f -- "$CERT_KEY_FILE" || exit 1
+	rm -f -- "$CHAIN_FILE"
 }
 
 op_test ()
@@ -40,31 +41,33 @@ op_import ()
 	local CHAIN=$3
 	[ -r "$K" ] || exit 2
 	[ -r "$C" ] || exit 3
-	rm -f -- "$CHAINFILE"
+	rm -f -- "$CHAIN_FILE"
 	# Create server.pem
-	cat "$C" "$K" > "$CERTFILE"
-	chmod 0600 "$CERTFILE" || exit 4
+	cat "$C" "$K" > "$CERT_KEY_FILE"
+	chmod 0600 "$CERT_KEY_FILE" || exit 4
 	rm -f -- "$C" "$K"
 	# If we have a chainfile, try to use it aswell
 	if [ -s "$CHAIN" ]; then
-		openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAINFILE"
+		openssl x509 -noout -hash -in "$CHAIN" >/dev/null 2>&1 && cp "$CHAIN" "$CHAIN_FILE"
 	fi
-	generate_dh
+	post_setup_hook
 	return 0
 }
 
 op_random ()
 {
 	[ -z "$1" ] && exit 1
-	rm -f -- "$CHAINFILE"
-	openssl req -x509 -new -newkey rsa:4096 -keyout "$CERTFILE" -out "$CERTFILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2
-	chmod 0600 "$CERTFILE" || exit 3
-	generate_dh
+	rm -f -- "$CHAIN_FILE"
+	openssl req -x509 -new -newkey rsa:4096 -keyout "$CERT_KEY_FILE" -out "$CERT_KEY_FILE" -days 5000 -nodes -subj "/C=DE/ST=Nowhere/L=Springfield/O=bwLehrpool/CN=$1" || exit 2
+	chmod 0600 "$CERT_KEY_FILE" || exit 3
+	post_setup_hook
 	return 0
 }
 
-generate_dh ()
+post_setup_hook ()
 {
+	rm -f -- "$PUB_CERT_FILE"
+	openssl x509 -outform pem -in "$CERT_KEY_FILE" -out "$PUB_CERT_FILE"
 	local DHPARAM="/etc/lighttpd/dhparam.pem"
 	if ! [ -s "$DHPARAM" ]; then
 		echo "Generating DH parameters (this takes a while)..."
diff --git a/scripts/system-backup b/scripts/system-backup
index 780463e..9d65cd2 100755
--- a/scripts/system-backup
+++ b/scripts/system-backup
@@ -28,7 +28,7 @@ FILELIST="
 	/opt/openslx/configs
 	/etc/lighttpd/server.pem
 	/etc/lighttpd/chain.pem
-	/srv/openslx/www/boot/default/config.tgz
+	/etc/lighttpd/pub-cert.pem
 "
 
 tar --ignore-failed-read -k -c -p -z -f files.tgz $FILELIST # no quotes here!
@@ -56,6 +56,8 @@ if ! mv backup.tgz "$FILE"; then
 	exit 1
 fi
 
+rm -rf -- /root/backup/1*
+
 echo "Location: $FILE"
 exit 0
 
-- 
cgit v1.2.3-55-g7522