Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2823 Commits
9 Branches
44 Tags
18 MiB
Tree: 1d344f78fb
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1d344f78fb'
${ noResults }
acme.sh/deploy/sophosxg.sh

188 lines
6.8 KiB
Raw Normal View History

Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
remove curl dependency
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
remove curl dependency
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
remove curl dependency
6 years ago
shellcheck error fix
6 years ago
remove curl dependency
6 years ago
shfmt spacing fix
6 years ago
remove curl dependency
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
remove curl dependency
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
remove curl dependency
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
Get rid of pasted garbage
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
Whitespace fixes
6 years ago
Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance
6 years ago
  1. #!/usr/bin/env sh
  2. #
  3. # This deploy script deploys to a Sophos XG appliance
  4. # DEPLOY_SOPHOSXG_HOST="<NO DEFAULT - REQUIRED - host:port>"
  5. # DEPLOY_SOPHOSXG_USER="<NO DEFAULT - REQUIRED - string>"
  6. # DEPLOY_SOPHOSXG_PASSWORD="<NO DEFAULT - REQUIRED - string>"
  7. # DEPLOY_SOPHOSXG_NAME="domain"
  8. # DEPLOY_SOPHOSXG_PFX_PASSWORD="s0ph0sXG"
  9. # DEPLOY_SOPHOSXG_HTTPS_INSECURE="1"
  11. ######## Public functions #####################
  13. #action pfx user password name pfxpass host
  14. sophosxg_do_req() {
  15. # check number of args
  16. [ $# -eq 7 ] || return 1
  18. # set vars
  19. _do_req_action="$1"
  20. _do_req_pfx="$2"
  21. _do_req_user="$3"
  22. _do_req_password="$4"
  23. _do_req_name="$5"
  24. _do_req_pfxpass="$6"
  25. _do_req_host="$7"
  27. # static values - as variables in case these need to change
  28. _do_req_boundary="SOPHOSXGPOST"
  29. _do_req_certfile="certificate.p12"
  31. # dont verify certs if config set
  32. _do_req_old_HTTPS_INSECURE="${HTTPS_INSECURE}"
  33. if [ "${Le_Deploy_sophosxg_https_insecure}" = "1" ]; then
  34. HTTPS_INSECURE="1"
  35. fi
  37. # build POST body
  38. _do_req_post="$(printf '%s--%s\r\n' "" "${_do_req_boundary}")"
  39. _do_req_post="$(printf '%sContent-Type: application/xml; charset=utf-8\r\n' "${_do_req_post}")"
  40. _do_req_post="$(printf '%sContent-Disposition: form-data; name="reqxml"\r\n' "${_do_req_post}")"
  41. _do_req_post="$(printf '%s<Request>\r\n' "${_do_req_post}")"
  42. _do_req_post="$(printf '%s<Login>\r\n' "${_do_req_post}")"
  43. _do_req_post="$(printf '%s<Username>%s</Username><Password>%s</Password>\r\n' "${_do_req_post}" "${_do_req_user}" "${_do_req_password}")"
  44. _do_req_post="$(printf '%s</Login>\r\n' "${_do_req_post}")"
  45. _do_req_post="$(printf '%s<Set operation="%s">\r\n' "${_do_req_post}" "${_do_req_action}")"
  46. _do_req_post="$(printf '%s<Certificate>\r\n' "${_do_req_post}")"
  47. _do_req_post="$(printf '%s<Name>%s</Name>\r\n' "${_do_req_post}" "${_do_req_name}")"
  48. _do_req_post="$(printf '%s<Action>UploadCertificate</Action>\r\n' "${_do_req_post}")"
  49. _do_req_post="$(printf '%s<CertificateFormat>pkcs12</CertificateFormat>\r\n' "${_do_req_post}")"
  50. _do_req_post="$(printf '%s<Password>%s</Password>\r\n' "${_do_req_post}" "${_do_req_pfxpass}")"
  51. _do_req_post="$(printf '%s<CertificateFile>%s</CertificateFile>\r\n' "${_do_req_post}" "${_do_req_certfile}")"
  52. _do_req_post="$(printf '%s</Certificate>\r\n' "${_do_req_post}")"
  53. _do_req_post="$(printf '%s</Set>\r\n' "${_do_req_post}")"
  54. _do_req_post="$(printf '%s</Request>\r\n' "${_do_req_post}")"
  55. _do_req_post="$(printf '%s--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")"
  56. _do_req_post="$(printf '%sContent-Type: application/octet-stream\r\n' "${_do_req_post}")"
  57. _do_req_post="$(printf '%sContent-Disposition: form-data; filename="%s"; name="file"\r\n' "${_do_req_post}" "${_do_req_certfile}")"
  58. _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "$(_base64 <"${_do_req_pfx}")")"
  59. _do_req_post="$(printf '%s--%s--\r\n' "${_do_req_post}" "${_do_req_boundary}")"
  61. # do POST
  62. _post "${_do_req_post}" "https://${_do_req_host}/webconsole/APIController?" "" "POST" "multipart/form-data; boundary=${_do_req_boundary}"
  63. ret=$?
  65. # reset HTTP_INSECURE
  66. HTTPS_INSECURE="${_do_req_old_HTTPS_INSECURE}"
  68. # return result of POST
  69. return $ret
  70. }
  72. #domain keyfile certfile cafile fullchain
  73. sophosxg_deploy() {
  74. _cdomain="$1"
  75. _ckey="$2"
  76. _ccert="$3"
  77. _cca="$4"
  78. _cfullchain="$5"
  80. # Some defaults
  81. DEFAULT_SOPHOSXG_PFX_PASSWORD="s0ph0sXG"
  82. DEFAULT_SOPHOSXG_NAME="$_cdomain"
  83. DEFAULT_SOPHOSXG_HTTPS_INSECURE="1"
  85. if [ -f "$DOMAIN_CONF" ]; then
  86. # shellcheck disable=SC1090
  87. . "$DOMAIN_CONF"
  88. fi
  90. _debug _cdomain "$_cdomain"
  91. _debug _ckey "$_ckey"
  92. _debug _ccert "$_ccert"
  93. _debug _cca "$_cca"
  94. _debug _cfullchain "$_cfullchain"
  96. # HOST is required
  97. if [ -z "$DEPLOY_SOPHOSXG_HOST" ]; then
  98. if [ -z "$Le_Deploy_sophosxg_host" ]; then
  99. _err "DEPLOY_SOPHOSXG_HOST not defined."
  100. return 1
  101. fi
  102. else
  103. Le_Deploy_sophosxg_host="$DEPLOY_SOPHOSXG_HOST"
  104. _savedomainconf Le_Deploy_sophosxg_host "$Le_Deploy_sophosxg_host"
  105. fi
  107. # USER is required
  108. if [ -z "$DEPLOY_SOPHOSXG_USER" ]; then
  109. if [ -z "$Le_Deploy_sophosxg_user" ]; then
  110. _err "DEPLOY_SOPHOSXG_USER not defined."
  111. return 1
  112. fi
  113. else
  114. Le_Deploy_sophosxg_user="$DEPLOY_SOPHOSXG_USER"
  115. _savedomainconf Le_Deploy_sophosxg_user "$Le_Deploy_sophosxg_user"
  116. fi
  118. # PASSWORD is required
  119. if [ -z "$DEPLOY_SOPHOSXG_PASSWORD" ]; then
  120. if [ -z "$Le_Deploy_sophosxg_password" ]; then
  121. _err "DEPLOY_SOPHOSXG_PASSWORD not defined."
  122. return 1
  123. fi
  124. else
  125. Le_Deploy_sophosxg_password="$DEPLOY_SOPHOSXG_PASSWORD"
  126. _savedomainconf Le_Deploy_sophosxg_password "$Le_Deploy_sophosxg_password"
  127. fi
  129. # PFX_PASSWORD is optional. If not provided then use default
  130. if [ -n "$DEPLOY_SOPHOSXG_PFX_PASSWORD" ]; then
  131. Le_Deploy_sophosxg_pfx_password="$DEPLOY_SOPHOSXG_PFX_PASSWORD"
  132. _savedomainconf Le_Deploy_sophosxg_pfx_password "$Le_Deploy_sophosxg_pfx_password"
  133. elif [ -z "$Le_Deploy_sophosxg_pfx_password" ]; then
  134. Le_Deploy_sophosxg_pfx_password="$DEFAULT_SOPHOSXG_PFX_PASSWORD"
  135. fi
  137. # NAME is optional. If not provided then use $_cdomain
  138. if [ -n "$DEPLOY_SOPHOSXG_NAME" ]; then
  139. Le_Deploy_sophosxg_name="$DEPLOY_SOPHOSXG_NAME"
  140. _savedomainconf Le_Deploy_sophosxg_name "$Le_Deploy_sophosxg_name"
  141. elif [ -z "$Le_Deploy_sophosxg_name" ]; then
  142. Le_Deploy_sophosxg_name="$DEFAULT_SOPHOSXG_NAME"
  143. fi
  145. # HTTPS_INSECURE is optional. Defaults to 1 (true)
  146. if [ -n "$DEPLOY_SOPHOSXG_HTTPS_INSECURE" ]; then
  147. Le_Deploy_sophosxg_https_insecure="$DEPLOY_SOPHOSXG_HTTPS_INSECURE"
  148. _savedomainconf Le_Deploy_sophosxg_https_insecure "$Le_Deploy_sophosxg_https_insecure"
  149. elif [ -z "$Le_Deploy_sophosxg_https_insecure" ]; then
  150. Le_Deploy_sophosxg_https_insecure="$DEFAULT_SOPHOSXG_HTTPS_INSECURE"
  151. fi
  153. # create temp pkcs12 file
  154. _info "Generating pkcs12 file"
  155. _import_pkcs12="$(_mktemp)"
  156. if [ ! -f "$_import_pkcs12" ]; then
  157. _err "Error creating temp file for pkcs12"
  158. return 1
  159. fi
  160. if ! _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$Le_Deploy_sophosxg_pfx_password"; then
  161. _err "Error exporting to pkcs12"
  162. [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12"
  163. return 1
  164. fi
  166. # do upload of cert via HTTP POST - attempt to "update" and on failure try "add"
  167. _req_action_success="no"
  168. for _req_action in update add; do
  169. _info "Uploading certificate: $_req_action"
  170. if sophosxg_do_req "$_req_action" "$_import_pkcs12" "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" "$Le_Deploy_sophosxg_name" "$Le_Deploy_sophosxg_pfx_password" "$Le_Deploy_sophosxg_host"; then
  171. _req_action_success="yes"
  172. break
  173. fi
  174. _info "$_req_action failed"
  175. done
  177. # clean up pfx
  178. [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12"
  180. # check final result
  181. if [ "$_req_action_success" = "no" ]; then
  182. _err "Upload failed permanently"
  183. return 1
  184. fi
  186. return 0
  188. }