Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5302 Commits
8 Branches
42 Tags
22 MiB
Tree: 558e706bde
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '558e706bde'
${ noResults }
acme.sh/deploy/peplink.sh

123 lines
4.3 KiB
Raw Normal View History

Add Peplink deploy hook
4 years ago
  1. #!/usr/bin/env sh
  3. # Script to deploy cert to Peplink Routers
  4. #
  5. # The following environment variables must be set:
  6. #
  7. # PEPLINK_Hostname - Peplink hostname
  8. # PEPLINK_Username - Peplink username to login
  9. # PEPLINK_Password - Peplink password to login
  10. #
  11. # The following environmental variables may be set if you don't like their
  12. # default values:
  13. #
  14. # PEPLINK_Certtype - Certificate type to target for replacement
  15. # defaults to "webadmin", can be one of:
  16. # * "chub" (ContentHub)
  17. # * "openvpn" (OpenVPN CA)
  18. # * "portal" (Captive Portal SSL)
  19. # * "webadmin" (Web Admin SSL)
  20. # * "webproxy" (Proxy Root CA)
  21. # * "wwan_ca" (Wi-Fi WAN CA)
  22. # * "wwan_client" (Wi-Fi WAN Client)
  23. # PEPLINK_Scheme - defaults to "https"
  24. # PEPLINK_Port - defaults to "443"
  25. #
  26. #returns 0 means success, otherwise error.
  28. ######## Public functions #####################
  30. _peplink_get_cookie_data() {
  31. grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';'
  32. }
  34. #domain keyfile certfile cafile fullchain
  35. peplink_deploy() {
  37. _cdomain="$1"
  38. _ckey="$2"
  39. _cfullchain="$5"
  41. _debug _cdomain "$_cdomain"
  42. _debug _cfullchain "$_cfullchain"
  43. _debug _ckey "$_ckey"
  45. # Get Hostname, Username and Password, but don't save until we successfully authenticate
  46. _getdeployconf PEPLINK_Hostname
  47. _getdeployconf PEPLINK_Username
  48. _getdeployconf PEPLINK_Password
  49. if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then
  50. _err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set"
  51. return 1
  52. fi
  53. _debug2 PEPLINK_Hostname "$PEPLINK_Hostname"
  54. _debug2 PEPLINK_Username "$PEPLINK_Username"
  55. _secure_debug2 PEPLINK_Password "$PEPLINK_Password"
  57. # Optional certificate type, scheme, and port for Peplink
  58. _getdeployconf PEPLINK_Certtype
  59. _getdeployconf PEPLINK_Scheme
  60. _getdeployconf PEPLINK_Port
  62. # Don't save the certificate type until we verify it exists and is supported
  63. _savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme"
  64. _savedeployconf PEPLINK_Port "$PEPLINK_Port"
  66. # Default vaules for certificate type, scheme, and port
  67. [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin"
  68. [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https"
  69. [ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443"
  71. _debug2 PEPLINK_Certtype "$PEPLINK_Certtype"
  72. _debug2 PEPLINK_Scheme "$PEPLINK_Scheme"
  73. _debug2 PEPLINK_Port "$PEPLINK_Port"
  75. _base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port"
  76. _debug _base_url "$_base_url"
  78. # Login, get the auth token from the cookie
  79. _info "Logging into $PEPLINK_Hostname:$PEPLINK_Port"
  80. encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)"
  81. encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)"
  82. response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi")
  83. auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER")
  84. _debug3 response "$response"
  85. _debug auth_token "$auth_token"
  87. if [ -z "$auth_token" ]; then
  88. _err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme."
  89. _err "Check your username and password."
  90. return 1
  91. fi
  93. _H1="Cookie: $auth_token"
  94. export _H1
  95. _debug2 H1 "${_H1}"
  97. # Now that we know the hostnameusername and password are good, save them
  98. _savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname"
  99. _savedeployconf PEPLINK_Username "$PEPLINK_Username"
  100. _savedeployconf PEPLINK_Password "$PEPLINK_Password"
  102. _info "Generate form POST request"
  104. encoded_key="$(_url_encode <"$_ckey")"
  105. encoded_fullchain="$(_url_encode <"$_cfullchain")"
  106. body="cert_type=$PEPLINK_Certtype&cert_uid=&section=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain"
  107. _debug3 body "$body"
  109. _info "Upload $PEPLINK_Certtype certificate to the Peplink"
  111. response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi")
  112. _debug3 response "$response"
  114. if echo "$response" | grep 'Success' >/dev/null; then
  115. # We've verified this certificate type is valid, so save it
  116. _savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype"
  117. _info "Certificate was updated"
  118. return 0
  119. else
  120. _err "Unable to update certificate, error code $response"
  121. return 1
  122. fi
  123. }