Adding initial deploy script for openhabian

deploy/openhabian.sh

@@ -0,0 +1,97 @@
+#!/usr/bin/env sh
+
+# Config variables
+# DEPLOY_OPENHABIAN_KEYPASS : This should be default most of the time since a custom password requires openhab config changes
+# DEPLOY_OPENHABIAN_KEYSTORE : This should generate based on existing openhab env vars.
+
+openhabian_deploy() {
+
+    # Name parameters
+    _cdomain="$1"
+    _ckey="$2"
+    _ccert="$3"
+    _cca="$4"
+    _cfullchain="$5"
+
+    _debug _cdomain "$_cdomain"
+    _debug _ckey "$_ckey"
+    _debug _ccert "$_ccert"
+    _debug _cca "$_cca"
+    _debug _cfullchain "$_cfullchain"
+
+    # TODO: Load from config using _getdeployconf and print with _debug2
+    # Unclear if this is needed in this case.
+
+    # Define configurable options
+    _openhab_keystore=${DEPLOY_OPENHABIAN_KEYSTORE:-${OPENHAB_USERDATA}/etc/keystore}
+    _openhab_keypass="${DEPLOY_OPENHABIAN_KEYPASS:-openhab}"
+
+    # Take a backup of the old keystore
+    cp "${_openhab_keystore}" "${_openhab_keystore}.bak"
+
+    # Verify Dependencies/PreReqs
+    if ! _exists keytool; then
+        _err "keytool not found, please install keytool"
+        return 1
+    fi
+    if [ ! -w "$_openhab_keystore" ]; then
+        _err "The file $_openhab_keystore is not writable, please change the permission."
+        return 1
+    fi
+
+    # Generate PKCS12 keystore
+    _new_pkcs12="$(_mktemp)"
+    # _toPkcs doesn't support -nodes param
+    if ${ACME_OPENSSL_BIN:-openssl} pkcs12 \
+        -export \
+        -inkey "$_ckey" \
+        -in "$_ccert" \
+        -certfile "$_cca" \
+        -name mykey \
+        -out "$_new_pkcs12" \
+        -nodes -passout "pass:$_openhab_keypass"; then
+        _debug "Successfully created pkcs keystore"
+    else
+        _err "Error generating pkcs12."
+        _err "Please re-run with --debug and report a bug."
+        rm "$_new_pkcs12"
+        return 1
+    fi
+
+    # Remove old cert from existing keychain
+    if keytool -delete \
+        -alias mykey \
+        -deststorepass "$_openhab_keypass" \
+        -keystore "$_openhab_keystore"; then
+        _debug "Successfully deleted old key"
+    else
+        _err "Error deleting old key"
+        _err "Please re-run with --debug and report a bug."
+        rm "$_new_pkcs12"
+        return 1
+    fi
+
+    # Add new certificate to keychain
+    if keytool -importkeystore \
+        -srckeystore "$_new_pkcs12" \
+        -srcstoretype PKCS12 \
+        -srcstorepass "$_openhab_keypass" \
+        -alias mykey \
+        -destkeystore "$_openhab_keystore" \
+        -deststoretype jks \
+        -deststorepass "$_openhab_keypass" \
+        -destalias mykey; then
+        _debug "Successfully imported key"
+    else
+        _err "Failure when importing key"
+        _err "Please re-run with --debug and report a bug."
+        rm "$_new_pkcs12"
+        return 1
+    fi
+
+    # TODO: Reload/restart openhab to pick up new key
+    # Unifi script passes a reload cmd to handle reloading.
+    # Consider also stopping openhab before touching the keystore
+
+    rm "$_new_pkcs12"
+}