|
@@ -1 +1,111 @@ |
|
|
#!/bin/bash |
|
|
|
|
|
|
|
|
#!/bin/bash |
|
|
|
|
|
###################################################### |
|
|
|
|
|
# Name: refresh-NebulaCA |
|
|
|
|
|
# Description: Creates a new cert for a node based |
|
|
|
|
|
# on the node cert provided. |
|
|
|
|
|
# |
|
|
|
|
|
# Created By: HMSheets |
|
|
|
|
|
###################################################### |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
POSITIONAL=() |
|
|
|
|
|
while [[ $# -gt 0 ]] |
|
|
|
|
|
do |
|
|
|
|
|
key="$1" |
|
|
|
|
|
|
|
|
|
|
|
case $key in |
|
|
|
|
|
-n|--caname) |
|
|
|
|
|
CANAME="$2" |
|
|
|
|
|
shift # past argument |
|
|
|
|
|
shift # past value |
|
|
|
|
|
;; |
|
|
|
|
|
-r|--rootpath) |
|
|
|
|
|
ROOTPATH="$2" |
|
|
|
|
|
shift # past argument |
|
|
|
|
|
shift # past value |
|
|
|
|
|
;; |
|
|
|
|
|
-f|--cafilename) |
|
|
|
|
|
CAFILENAME="$2" |
|
|
|
|
|
shift # past argument |
|
|
|
|
|
shift # past value |
|
|
|
|
|
;; |
|
|
|
|
|
# -k|--cakeyname) |
|
|
|
|
|
# CAKEYNAME="$2" |
|
|
|
|
|
# shift # past argument |
|
|
|
|
|
# shift # past value |
|
|
|
|
|
# ;; |
|
|
|
|
|
-i|--issuer) |
|
|
|
|
|
ISSUER="$2" |
|
|
|
|
|
shift # past argument |
|
|
|
|
|
shift # past value |
|
|
|
|
|
;; |
|
|
|
|
|
*) # unknown option |
|
|
|
|
|
POSITIONAL+=("$1") # save it in an array for later |
|
|
|
|
|
shift # past argument |
|
|
|
|
|
;; |
|
|
|
|
|
esac |
|
|
|
|
|
done |
|
|
|
|
|
set -- "${POSITIONAL[@]}" # restore positional parameters |
|
|
|
|
|
|
|
|
|
|
|
# Additional Parameter Evaluation |
|
|
|
|
|
while [ -n "$1" ]; do # while loop starts |
|
|
|
|
|
|
|
|
|
|
|
case "$1" in |
|
|
|
|
|
|
|
|
|
|
|
-h) help_msg ;; # help |
|
|
|
|
|
|
|
|
|
|
|
--h) help_msg ;; # help |
|
|
|
|
|
|
|
|
|
|
|
*) invalid_args_msg ;; #catch all |
|
|
|
|
|
|
|
|
|
|
|
esac |
|
|
|
|
|
|
|
|
|
|
|
shift |
|
|
|
|
|
|
|
|
|
|
|
done |
|
|
|
|
|
|
|
|
|
|
|
invalid_args_msg () { |
|
|
|
|
|
echo "Invalid Parameter(s) Entered: $1" |
|
|
|
|
|
exit |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
help_msg () { |
|
|
|
|
|
echo "Usage of refresh-NebulaCA <flags>: refresh an existing nebula ca" |
|
|
|
|
|
echo " -n|--caname" |
|
|
|
|
|
echo " Name to use for the new CA. Used in the CA cert file and in the filename" |
|
|
|
|
|
echo " -r|--rootpath" |
|
|
|
|
|
echo " Root path of existing CA" |
|
|
|
|
|
echo " -f|--cafilename" |
|
|
|
|
|
echo " Filename of the existing CA" |
|
|
|
|
|
echo " -i|--issuer" |
|
|
|
|
|
echo " Name of the Org Issuing and authorizing the creation of the new Nebula CA" |
|
|
|
|
|
echo " -h|--help" |
|
|
|
|
|
echo " This help text, but you already knew that... right?!?!" |
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
DATETIME=$(date '+%Y%m%d-%H%M%S') |
|
|
|
|
|
|
|
|
|
|
|
#CANAME=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s .[].details.name | sed 's/["]//g') |
|
|
|
|
|
#CAIPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.ips | sed 's/[]["]//g') |
|
|
|
|
|
#NODEGROUPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.groups | sed 's/[]["]//g') # | sed 's/,/ /g')) |
|
|
|
|
|
CERTISCASTATUS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${CAFILENAME} -json | jq -s --compact-output .[].details.isCa) |
|
|
|
|
|
|
|
|
|
|
|
# Create new file name variable |
|
|
|
|
|
NEWFILENAME="${CANAME}_${DATETIME}" |
|
|
|
|
|
|
|
|
|
|
|
if [[ $CERTISCASTATUS == false ]]; then |
|
|
|
|
|
echo "Certificate is a Node Certificate. Try again by providing the CA Certificate." |
|
|
|
|
|
exit |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
if [[ $CERTISCASTATUS == true ]]; then |
|
|
|
|
|
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" |
|
|
|
|
|
echo "Node Name: ${CANAME}" |
|
|
|
|
|
echo "Node IPs: ${ISSUER}" |
|
|
|
|
|
#echo "Node Groups: ${NODEGROUPS[@]}" |
|
|
|
|
|
echo "Certificate isCa Status: ${CERTISCASTATUS}" |
|
|
|
|
|
echo "DateTime: ${DATETIME}" |
|
|
|
|
|
echo "NEWFILENAME: ${NEWFILENAME}" |
|
|
|
|
|
echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" |
|
|
|
|
|
${ROOTPATH}/nebula-cert sign -name ${CANAME} -out-crt ${ROOTPATH}/${NEWFILENAME}.crt -out-key ${ROOTPATH}/${NEWFILENAME}.key |
|
|
|
|
|
fi |