Initial

bin/v-generate-ssl-cert

@@ -0,0 +1,189 @@
+#!/bin/bash
+# info: generate self signed certificate and CSR request
+# options: DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]
+#
+# example: v-generate-ssl-cert example.com mail@yahoo.com USA California Monterey ACME.COM IT
+#
+# This function generates self signed SSL certificate and CSR request
+
+#----------------------------------------------------------#
+#                Variables & Functions                     #
+#----------------------------------------------------------#
+
+# Argument definition
+domain=$1
+domain=$(echo $domain | sed -e 's/\.*$//g' -e 's/^\.*//g')
+domain_alias=$domain
+email=$2
+country=$3
+state=$4
+city=$5
+org=$6
+org_unit=$7
+aliases=$8
+format=${9-shell}
+KEY_SIZE=4096
+DAYS=365
+
+# Includes
+# shellcheck source=/etc/hestiacp/hestia.conf
+source /etc/hestiacp/hestia.conf
+# shellcheck source=/usr/local/hestia/func/main.sh
+source $HESTIA/func/main.sh
+# load config file
+source_conf "$HESTIA/conf/hestia.conf"
+
+# Json function
+json_list_ssl() {
+	i='1' # iterator
+	echo '{'
+	echo -e "\t\"$domain\": {"
+	echo "        \"CRT\": \"$crt\","
+	echo "        \"KEY\": \"$key\","
+	echo "        \"CSR\": \"$csr\","
+	echo "        \"DIR\": \"$workdir\""
+	echo -e "\t}\n}"
+}
+
+# Shell function
+shell_list_ssl() {
+	if [ -n "$crt" ]; then
+		echo -e "$crt"
+	fi
+	if [ -n "$key" ]; then
+		echo -e "\n$key"
+	fi
+	if [ -n "$csr" ]; then
+		echo -e "\n$csr"
+	fi
+	echo -e "\nDirectory: $workdir"
+}
+
+# Additional argument formatting
+format_domain_idn
+if [[ "$email" = *[![:ascii:]]* ]]; then
+	email=$(idn2 --quiet $email)
+fi
+
+#----------------------------------------------------------#
+#                    Verifications                         #
+#----------------------------------------------------------#
+
+args_usage='DOMAIN EMAIL COUNTRY STATE CITY ORG UNIT [ALIASES] [FORMAT]'
+check_args '7' "$#" "$args_usage"
+is_format_valid 'domain' 'aliases' 'format' 'email'
+is_common_format_valid $country "country"
+is_common_format_valid $state "state"
+is_common_format_valid $org "org"
+is_common_format_valid $unit "unit"
+
+if [ ! -f '/etc/redhat-release' ]; then
+	release="$(lsb_release -s -r)"
+fi
+
+if [ -z "$email" ] && [ "$release" = "18.04" ]; then
+	echo "Email address is required"
+	exit 2
+fi
+if [ ! -f /root/.rnd ]; then
+	touch /root/.rnd
+fi
+
+# Perform verification if read-only mode is enabled
+check_hestia_demo_mode
+
+#----------------------------------------------------------#
+#                       Action                             #
+#----------------------------------------------------------#
+
+# Create temporary work directory
+workdir=$(mktemp -d)
+cd $workdir
+
+# Generate private key
+openssl genrsa "$KEY_SIZE" > "$domain.key" 2> /dev/null
+
+subj=""
+# Generate the CSR
+if [ -n "$email" ]; then
+	subj="/emailAddress=$email"
+fi
+
+subj="$subj/C=$country/ST=$state/L=$city/O=$org"
+subj="$subj/OU=$org_unit/CN=$domain_idn"
+
+if [ -z "$aliases" ]; then
+	openssl req -sha256 -new \
+		-batch \
+		-subj "$subj" \
+		-key $domain.key \
+		-out $domain.csr > /dev/null 2>&1
+else
+	for alias in $(echo $domain,$aliases | tr ',' '\n' | sort -u); do
+		if [[ "$alias" = *[![:ascii:]]* ]]; then
+			alias=$(idn2 --quiet $alias)
+		fi
+		dns_aliases="${dns_aliases}DNS:$alias,"
+	done
+	dns_aliases=$(echo $dns_aliases | sed "s/,$//")
+	if [ -e "/etc/ssl/openssl.cnf" ]; then
+		ssl_conf='/etc/ssl/openssl.cnf'
+	else
+		ssl_conf="/etc/pki/tls/openssl.cnf"
+	fi
+
+	openssl req -sha256 -new \
+		-batch \
+		-subj "$subj" \
+		-key $domain.key \
+		-reqexts SAN \
+		-config <(cat $ssl_conf \
+			<(printf "[SAN]\nsubjectAltName=$dns_aliases")) \
+		-out $domain.csr > /dev/null 2>&1
+fi
+
+# Generate the cert 1 year
+openssl x509 -req -sha256 \
+	-days $DAYS \
+	-in $domain.csr \
+	-signkey $domain.key \
+	-out $domain.crt > /dev/null 2>&1
+
+# Listing certificates
+if [ -e "$domain.crt" ]; then
+	crt=$(cat $domain.crt | sed ':a;N;$!ba;s/\n/\\n/g')
+fi
+
+if [ -e "$domain.key" ]; then
+	key=$(cat $domain.key | sed ':a;N;$!ba;s/\n/\\n/g')
+fi
+
+if [ -e "$domain.csr" ]; then
+	csr=$(cat $domain.csr | sed ':a;N;$!ba;s/\n/\\n/g')
+fi
+
+case $format in
+	json) json_list_ssl ;;
+	plain)
+		nohead=1
+		shell_list_ssl
+		;;
+	shell) shell_list_ssl ;;
+	*) check_args '1' '0' '[FORMAT]' ;;
+esac
+
+# Don't allow non root users view folder
+chmod 660 $workdir
+# Clean up the mess
+echo "rm -rf $workdir" | at -M "now +15 minute" > /dev/null 2>&1
+# Delete tmp dir
+#rm -rf $workdir
+
+#----------------------------------------------------------#
+#                       Hestia                             #
+#----------------------------------------------------------#
+
+# Logging
+log_event "$OK" "$ARGUMENTS"
+
+exit