|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133 |
- #!/bin/bash
- ######################################################
- # Name: refresh-NebulaCA
- # Description: Creates a new cert for a node based
- # on the node cert provided.
- #
- # Created By: HMSheets
- ######################################################
-
- # Try Catch Functions
- function try()
- {
- [[ $- = *e* ]]; SAVED_OPT_E=$?
- set +e
- }
-
- function throw()
- {
- exit $1
- }
-
- function catch()
- {
- export ex_code=$?
- (( $SAVED_OPT_E )) && set +e
- return $ex_code
- }
-
- function throwErrors()
- {
- set -e
- }
-
- function ignoreErrors()
- {
- set +e
- }
-
- # Parameter Eval Fuctions
- function invalid_args_msg () {
- echo "Invalid Parameter(s) Entered"
- exit
- }
-
- function help_msg () {
- echo "Usage of refresh-NebulaCA <flags>: refresh an existing nebula ca"
- echo " -n|--caname"
- echo " Name to use for the new CA. Used in the CA cert file and in the filename"
- echo " -r|--rootpath"
- echo " Root path of existing CA"
- echo " -f|--cafilename"
- echo " Filename of the existing CA"
- echo " -i|--issuer"
- echo " Name of the Org Issuing and authorizing the creation of the new Nebula CA"
- echo " -h|--help"
- echo " This help text, but you already knew that... right?!?!"
- exit
- }
-
- # Parameter Evaluation while loop
- POSITIONAL=()
- while [[ $# -gt 0 ]]
- do
- key="$1"
-
- case $key in
- -h|--help)
- help_msg
- ;;
- -n|--caname)
- CANAME="$2"
- shift # past argument
- shift # past value
- ;;
- -r|--rootpath)
- ROOTPATH="$2"
- shift # past argument
- shift # past value
- ;;
- -f|--cafilename)
- CAFILENAME="$2"
- shift # past argument
- shift # past value
- ;;
- # -k|--cakeyname)
- # CAKEYNAME="$2"
- # shift # past argument
- # shift # past value
- # ;;
- # -i|--issuer)
- # ISSUER="$2"
- # shift # past argument
- # shift # past value
- # ;;
- *) # unknown option
- invalid_args_msg #catch all
- ;;
- esac
- done
- set -- "${POSITIONAL[@]}" # restore positional parameters
-
- DATETIME=$(date '+%Y%m%d-%H%M%S')
-
- #CANAME=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s .[].details.name | sed 's/["]//g')
- #CAIPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.ips | sed 's/[]["]//g')
- #NODEGROUPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.groups | sed 's/[]["]//g') # | sed 's/,/ /g'))
- CERTISCASTATUS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${CAFILENAME} -json | jq -s --compact-output .[].details.isCa)
-
- # Create new file name variable
- NEWFILENAME="${CANAME}_${DATETIME}"
-
- if [[ $CERTISCASTATUS == false ]]; then
- echo "Certificate is a Node Certificate. Try again by providing the CA Certificate."
- exit
- fi
-
- if [[ $CERTISCASTATUS == true ]]; then
- echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
- echo "Node Name: ${CANAME}"
- #echo "Node IPs: ${ISSUER}"
- #echo "Node Groups: ${NODEGROUPS[@]}"
- echo "Certificate isCa Status: ${CERTISCASTATUS}"
- echo "DateTime: ${DATETIME}"
- echo "NEWFILENAME: ${NEWFILENAME}"
- echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~"
- try
- (
- ${ROOTPATH}/nebula-cert sign -name ${CANAME} -out-crt ${ROOTPATH}/${NEWFILENAME}.crt -out-key ${ROOTPATH}/${NEWFILENAME}.key
- )
- catch || {
- help_msg
- }
- fi
|