#!/usr/bin/env sh # Script to deploy cert to Peplink Routers # # The following environment variables must be set: # # PEPLINK_Hostname - Peplink hostname # PEPLINK_Username - Peplink username to login # PEPLINK_Password - Peplink password to login # # The following environmental variables may be set if you don't like their # default values: # # PEPLINK_Certtype - Certificate type to target for replacement # defaults to "webadmin", can be one of: # * "chub" (ContentHub) # * "openvpn" (OpenVPN CA) # * "portal" (Captive Portal SSL) # * "webadmin" (Web Admin SSL) # * "webproxy" (Proxy Root CA) # * "wwan_ca" (Wi-Fi WAN CA) # * "wwan_client" (Wi-Fi WAN Client) # PEPLINK_Scheme - defaults to "https" # PEPLINK_Port - defaults to "443" # #returns 0 means success, otherwise error. ######## Public functions ##################### _peplink_get_cookie_data() { grep -i "\W$1=" | grep -i "^Set-Cookie:" | _tail_n 1 | _egrep_o "$1=[^;]*;" | tr -d ';' } #domain keyfile certfile cafile fullchain peplink_deploy() { _cdomain="$1" _ckey="$2" _cfullchain="$5" _debug _cdomain "$_cdomain" _debug _cfullchain "$_cfullchain" _debug _ckey "$_ckey" # Get Hostname, Username and Password, but don't save until we successfully authenticate _getdeployconf PEPLINK_Hostname _getdeployconf PEPLINK_Username _getdeployconf PEPLINK_Password if [ -z "${PEPLINK_Hostname:-}" ] || [ -z "${PEPLINK_Username:-}" ] || [ -z "${PEPLINK_Password:-}" ]; then _err "PEPLINK_Hostname & PEPLINK_Username & PEPLINK_Password must be set" return 1 fi _debug2 PEPLINK_Hostname "$PEPLINK_Hostname" _debug2 PEPLINK_Username "$PEPLINK_Username" _secure_debug2 PEPLINK_Password "$PEPLINK_Password" # Optional certificate type, scheme, and port for Peplink _getdeployconf PEPLINK_Certtype _getdeployconf PEPLINK_Scheme _getdeployconf PEPLINK_Port # Don't save the certificate type until we verify it exists and is supported _savedeployconf PEPLINK_Scheme "$PEPLINK_Scheme" _savedeployconf PEPLINK_Port "$PEPLINK_Port" # Default vaules for certificate type, scheme, and port [ -n "${PEPLINK_Certtype}" ] || PEPLINK_Certtype="webadmin" [ -n "${PEPLINK_Scheme}" ] || PEPLINK_Scheme="https" [ -n "${PEPLINK_Port}" ] || PEPLINK_Port="443" _debug2 PEPLINK_Certtype "$PEPLINK_Certtype" _debug2 PEPLINK_Scheme "$PEPLINK_Scheme" _debug2 PEPLINK_Port "$PEPLINK_Port" _base_url="$PEPLINK_Scheme://$PEPLINK_Hostname:$PEPLINK_Port" _debug _base_url "$_base_url" # Login, get the auth token from the cookie _info "Logging into $PEPLINK_Hostname:$PEPLINK_Port" encoded_username="$(printf "%s" "$PEPLINK_Username" | _url_encode)" encoded_password="$(printf "%s" "$PEPLINK_Password" | _url_encode)" response=$(_post "func=login&username=$encoded_username&password=$encoded_password" "$_base_url/cgi-bin/MANGA/api.cgi") auth_token=$(_peplink_get_cookie_data "bauth" <"$HTTP_HEADER") _debug3 response "$response" _debug auth_token "$auth_token" if [ -z "$auth_token" ]; then _err "Unable to authenticate to $PEPLINK_Hostname:$PEPLINK_Port using $PEPLINK_Scheme." _err "Check your username and password." return 1 fi _H1="Cookie: $auth_token" export _H1 _debug2 H1 "${_H1}" # Now that we know the hostnameusername and password are good, save them _savedeployconf PEPLINK_Hostname "$PEPLINK_Hostname" _savedeployconf PEPLINK_Username "$PEPLINK_Username" _savedeployconf PEPLINK_Password "$PEPLINK_Password" _info "Generate form POST request" encoded_key="$(_url_encode <"$_ckey")" encoded_fullchain="$(_url_encode <"$_cfullchain")" body="cert_type=$PEPLINK_Certtype&cert_uid=§ion=CERT_modify&key_pem=$encoded_key&key_pem_passphrase=&key_pem_passphrase_confirm=&cert_pem=$encoded_fullchain" _debug3 body "$body" _info "Upload $PEPLINK_Certtype certificate to the Peplink" response=$(_post "$body" "$_base_url/cgi-bin/MANGA/admin.cgi") _debug3 response "$response" if echo "$response" | grep 'Success' >/dev/null; then # We've verified this certificate type is valid, so save it _savedeployconf PEPLINK_Certtype "$PEPLINK_Certtype" _info "Certificate was updated" return 0 else _err "Unable to update certificate, error code $response" return 1 fi }