mirror of
https://github.com/plantroon/acme.sh.git
synced 2024-12-21 12:41:41 +00:00
Add Peplink deploy hook
This commit is contained in:
parent
44615c6fa2
commit
61549b4a74
123
deploy/peplink.sh
Normal file
123
deploy/peplink.sh
Normal file
@ -0,0 +1,123 @@
|
||||
#!/usr/bin/env sh
|
||||
|
||||
# Script to deploy cert to Peplink Routers
|
||||
#
|
||||
# The following environment variables must be set:
|
||||
#
|
||||
# PEPLINK_Hostname - Peplink hostname
|
||||
# PEPLINK_Username - Peplink username to login
|
||||
# PEPLINK_Password - Peplink password to login
|
||||
#
|
||||
# The following environmental variables may be set if you don't like their
|
||||
# default values:
|
||||
#
|
||||
# PEPLINK_Certtype - Certificate type to target for replacement
|
||||
# defaults to "webadmin", can be one of:
|
||||
# * "chub" (ContentHub)
|
||||
# * "openvpn" (OpenVPN CA)
|
||||
# * "portal" (Captive Portal SSL)
|
||||
# * "webadmin" (Web Admin SSL)
|
||||
# * "webproxy" (Proxy Root CA)
|
||||
# * "wwan_ca" (Wi-Fi WAN CA)
|
||||
# * "wwan_client" (Wi-Fi WAN Client)
|
||||
# PEPLINK_Scheme - defaults to "https"
|
||||
# PEPLINK_Port - defaults to "443"
|
||||
#
|
||||
#returns 0 means success, otherwise error.
|
||||
|
||||
######## Public functions #####################
|
||||
|
||||
_peplink_get_cookie_data() {
|
||||
grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
|
||||
}
|
||||
|
||||
#domain keyfile certfile cafile fullchain
|
||||
peplink_deploy() {
|
||||
|
||||
_cdomain="$1"
|
||||
_ckey="$2"
|
||||
_cfullchain="$5"
|
||||
|
||||
_debug _cdomain "$_cdomain"
|
||||
_debug _cfullchain "$_cfullchain"
|
||||
_debug _ckey "$_ckey"
|
||||
|
||||
# Get Hostname, Username and Password, but don't save until we successfully authenticate
|
||||
_getdeployconf PEPLINK_Hostname
|
||||
_getdeployconf PEPLINK_Username
|
||||
_getdeployconf PEPLINK_Password
|
||||
if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
|
||||
_err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
|
||||
return 1
|
||||
fi
|
||||
_debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
|
||||
_debug2 PEPLINK_Username "$PEPLINK_Username"
|
||||
_secure_debug2 PEPLINK_Password "$PEPLINK_Password"
|
||||
|
||||
# Optional certificate type, scheme, and port for Peplink
|
||||
_getdeployconf PEPLINK_Certtype
|
||||
_getdeployconf PEPLINK_Scheme
|
||||
_getdeployconf PEPLINK_Port
|
||||
|
||||
# Don't save the certificate type until we verify it exists and is supported
|
||||
_savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
|
||||
_savedeployconf PEPLINK_Port "$PEPLINK_Port"
|
||||
|
||||
# Default vaules for certificate type, scheme, and port
|
||||
[ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin"
|
||||
[ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https"
|
||||
[ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443"
|
||||
|
||||
_debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
|
||||
_debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
|
||||
_debug2 PEPLINK_Port "$PEPLINK_Port"
|
||||
|
||||
_base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
|
||||
_debug _base_url "$_base_url"
|
||||
|
||||
# Login, get the auth token from the cookie
|
||||
_info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
|
||||
encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)"
|
||||
encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)"
|
||||
response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
|
||||
auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
|
||||
_debug3 response "$response"
|
||||
_debug auth_token "$auth_token"
|
||||
|
||||
if [ -z "$auth_token" ]; then
|
||||
_err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
|
||||
_err "Check your username and password."
|
||||
return 1
|
||||
fi
|
||||
|
||||
_H1="Cookie: $auth_token"
|
||||
export _H1
|
||||
_debug2 H1 "${_H1}"
|
||||
|
||||
# Now that we know the hostnameusername and password are good, save them
|
||||
_savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
|
||||
_savedeployconf PEPLINK_Username "$PEPLINK_Username"
|
||||
_savedeployconf PEPLINK_Password "$PEPLINK_Password"
|
||||
|
||||
_info "Generate form POST request"
|
||||
|
||||
encoded_key="$(_url_encode <"$_ckey")"
|
||||
encoded_fullchain="$(_url_encode <"$_cfullchain")"
|
||||
body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
|
||||
_debug3 body "$body"
|
||||
|
||||
_info "Upload $PEPLINK_Certtype certificate to the Peplink"
|
||||
|
||||
response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
|
||||
_debug3 response "$response"
|
||||
|
||||
if echo "$response" | grep 'Success' >/dev/null; then
|
||||
# We've verified this certificate type is valid, so save it
|
||||
_savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
|
||||
_info "Certificate was updated"
|
||||
return 0
|
||||
else
|
||||
_err "Unable to update certificate, error code $response"
|
||||
return 1
|
||||
fi
|
||||
}
|
Loading…
Reference in New Issue
Block a user