#!/bin/bash ###################################################### # Name: refresh-NebulaCA # Description: Creates a new cert for a node based # on the node cert provided. # # Created By: HMSheets ###################################################### # Try Catch Functions function try() { [[ $- = *e* ]]; SAVED_OPT_E=$? set +e } function throw() { exit $1 } function catch() { export ex_code=$? (( $SAVED_OPT_E )) && set +e return $ex_code } function throwErrors() { set -e } function ignoreErrors() { set +e } # Parameter Eval Fuctions function invalid_args_msg () { echo "Invalid Parameter(s) Entered" exit } function help_msg () { echo "Usage of refresh-NebulaCA : refresh an existing nebula ca" echo " -n|--caname" echo " Name to use for the new CA. Used in the CA cert file and in the filename" echo " -r|--rootpath" echo " Root path of existing CA" echo " -f|--cafilename" echo " Filename of the existing CA" echo " -i|--issuer" echo " Name of the Org Issuing and authorizing the creation of the new Nebula CA" echo " -h|--help" echo " This help text, but you already knew that... right?!?!" exit } # Parameter Evaluation while loop POSITIONAL=() while [[ $# -gt 0 ]] do key="$1" case $key in -h|--help) help_msg ;; -n|--caname) CANAME="$2" shift # past argument shift # past value ;; -r|--rootpath) ROOTPATH="$2" shift # past argument shift # past value ;; -f|--cafilename) CAFILENAME="$2" shift # past argument shift # past value ;; # -k|--cakeyname) # CAKEYNAME="$2" # shift # past argument # shift # past value # ;; # -i|--issuer) # ISSUER="$2" # shift # past argument # shift # past value # ;; *) # unknown option invalid_args_msg #catch all ;; esac done set -- "${POSITIONAL[@]}" # restore positional parameters DATETIME=$(date '+%Y%m%d-%H%M%S') #CANAME=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s .[].details.name | sed 's/["]//g') #CAIPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.ips | sed 's/[]["]//g') #NODEGROUPS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${NODECERTNAME} -json | jq -s --compact-output .[].details.groups | sed 's/[]["]//g') # | sed 's/,/ /g')) CERTISCASTATUS=$(${ROOTPATH}/nebula-cert print -path ${ROOTPATH}/${CAFILENAME} -json | jq -s --compact-output .[].details.isCa) # Create new file name variable NEWFILENAME="${CANAME}_${DATETIME}" if [[ $CERTISCASTATUS == false ]]; then echo "Certificate is a Node Certificate. Try again by providing the CA Certificate." exit fi if [[ $CERTISCASTATUS == true ]]; then echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" echo "Node Name: ${CANAME}" #echo "Node IPs: ${ISSUER}" #echo "Node Groups: ${NODEGROUPS[@]}" echo "Certificate isCa Status: ${CERTISCASTATUS}" echo "DateTime: ${DATETIME}" echo "NEWFILENAME: ${NEWFILENAME}" echo "~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" try ( ${ROOTPATH}/nebula-cert sign -name ${CANAME} -out-crt ${ROOTPATH}/${NEWFILENAME}.crt -out-key ${ROOTPATH}/${NEWFILENAME}.key ) catch || { help_msg } fi