100 lines
2.8 KiB

  1. #!/usr/bin/env sh
  2. #Here is a script to deploy cert to unifi server.
  3. #returns 0 means success, otherwise error.
  4. #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
  5. #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise"
  6. #DEPLOY_UNIFI_RELOAD="service unifi restart"
  7. ######## Public functions #####################
  8. #domain keyfile certfile cafile fullchain
  9. unifi_deploy() {
  10. _cdomain="$1"
  11. _ckey="$2"
  12. _ccert="$3"
  13. _cca="$4"
  14. _cfullchain="$5"
  15. _debug _cdomain "$_cdomain"
  16. _debug _ckey "$_ckey"
  17. _debug _ccert "$_ccert"
  18. _debug _cca "$_cca"
  19. _debug _cfullchain "$_cfullchain"
  20. if ! _exists keytool; then
  21. _err "keytool not found"
  22. return 1
  23. fi
  24. DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
  25. _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}"
  26. DEFAULT_UNIFI_KEYPASS="aircontrolenterprise"
  27. _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}"
  28. DEFAULT_UNIFI_RELOAD="service unifi restart"
  29. _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}"
  30. _debug _unifi_keystore "$_unifi_keystore"
  31. if [ ! -f "$_unifi_keystore" ]; then
  32. if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then
  33. _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE"
  34. return 1
  35. else
  36. _err "It seems that the specified unifi keystore is not valid, please check."
  37. return 1
  38. fi
  39. fi
  40. if [ ! -w "$_unifi_keystore" ]; then
  41. _err "The file $_unifi_keystore is not writable, please change the permission."
  42. return 1
  43. fi
  44. _info "Generate import pkcs12"
  45. _import_pkcs12="$(_mktemp)"
  46. _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
  47. if [ "$?" != "0" ]; then
  48. _err "Oops, error creating import pkcs12, please report bug to us."
  49. return 1
  50. fi
  51. _info "Modify unifi keystore: $_unifi_keystore"
  52. if keytool -importkeystore \
  53. -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
  54. -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
  55. -alias unifi -noprompt; then
  56. _info "Import keystore success!"
  57. rm "$_import_pkcs12"
  58. else
  59. _err "Import unifi keystore error, please report bug to us."
  60. rm "$_import_pkcs12"
  61. return 1
  62. fi
  63. _info "Run reload: $_reload"
  64. if eval "$_reload"; then
  65. _info "Reload success!"
  66. if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
  67. _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
  68. else
  69. _cleardomainconf DEPLOY_UNIFI_KEYSTORE
  70. fi
  71. if [ "$DEPLOY_UNIFI_KEYPASS" ]; then
  72. _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
  73. else
  74. _cleardomainconf DEPLOY_UNIFI_KEYPASS
  75. fi
  76. if [ "$DEPLOY_UNIFI_RELOAD" ]; then
  77. _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
  78. else
  79. _cleardomainconf DEPLOY_UNIFI_RELOAD
  80. fi
  81. return 0
  82. else
  83. _err "Reload error"
  84. return 1
  85. fi
  86. return 0
  87. }