45 lines
1.6 KiB
Bash
Executable file
45 lines
1.6 KiB
Bash
Executable file
#!/bin/sh
|
|
|
|
set -euo pipefail
|
|
|
|
SECRET_JSON="$(@curl@/bin/curl \
|
|
-H "X-Vault-Request: true" \
|
|
--unix-socket "/run/tokend/sock" \
|
|
"http://localhost:8200/v1/kv/data/apps/sslrenew-raritan")"
|
|
|
|
if [[ "$(@jq@/bin/jq .errors <(echo "$SECRET_JSON") 2>/dev/null)" != "null" ]]; then
|
|
@jq@/bin/jq .errors <(echo "$SECRET_JSON") >&2
|
|
exit 1
|
|
fi
|
|
|
|
RARITAN_USERNAME="$(@jq@/bin/jq -r .data.data.username <(echo "$SECRET_JSON"))"
|
|
RARITAN_PASSWORD="$(@jq@/bin/jq -r .data.data.password <(echo "$SECRET_JSON"))"
|
|
|
|
CERTIFICATE_JSON="$(@curl@/bin/curl \
|
|
-H "X-Vault-Request: true" \
|
|
-X PUT \
|
|
-d "{\"common_name\": \"${CERTIFICATE_DOMAIN}\"}" \
|
|
--unix-socket "/run/tokend/sock" \
|
|
"http://localhost:8200/v1/acme/certs/${CERTIFICATE_ROLE}")"
|
|
|
|
if [[ "$(@jq@/bin/jq .errors <(echo "$CERTIFICATE_JSON") 2>/dev/null)" != "null" ]]; then
|
|
@jq@/bin/jq .errors <(echo "$CERTIFICATE_JSON") >&2
|
|
exit 1
|
|
fi
|
|
|
|
temp_dir=$(mktemp -d)
|
|
trap "rm -rf $temp_dir" INT TERM HUP EXIT
|
|
|
|
@jq@/bin/jq -r .data.cert <(echo "$CERTIFICATE_JSON") > "$temp_dir/cert.pem"
|
|
@jq@/bin/jq -r .data.private_key <(echo "$CERTIFICATE_JSON") > "$temp_dir/pkey.pem"
|
|
|
|
@curl@/bin/curl -k \
|
|
--user "${RARITAN_USERNAME}:${RARITAN_PASSWORD}" \
|
|
-F cert_file=@"$temp_dir/cert.pem" \
|
|
-F key_file=@"$temp_dir/pkey.pem" \
|
|
"https://${RARITAN_IP}/cgi-bin/server_ssl_cert_upload.cgi"
|
|
@curl@/bin/curl -k \
|
|
--user "${RARITAN_USERNAME}:${RARITAN_PASSWORD}" \
|
|
"https://${RARITAN_IP}/bulk" \
|
|
-H 'Content-Type: application/json; charset=UTF-8' \
|
|
--data-binary '{"jsonrpc":"2.0","method":"performBulk","params":{"requests":[{"rid":"/server_ssl_cert","json":{"jsonrpc":"2.0","method":"installPendingKeyPair","params":null,"id":1}}]},"id":2}'
|