X-Git-Url: https://git.rapsys.eu/acme/blobdiff_plain/8232cc7e880b10720e10a634f70fbc1578960bff..8fb527417af9ab63580b652888e6700f7e97f4e0:/letsconf?ds=sidebyside diff --git a/letsconf b/letsconf index 9f3d9f1..72e7a11 100755 --- a/letsconf +++ b/letsconf @@ -1,91 +1,143 @@ -#! /usr/bin/php -. +# +# Copyright (C) 2016 - 2017 Raphaël Gertz -# Directory do not exists -if (!is_dir(dirname($argv[1]))) { - echo 'Directory '.dirname($argv[1]).' do not exists'."\n"; - exit(1); -} +# Best practice +use strict; +use warnings; + +# Load required modules +use JSON; +use Tie::IxHash; + +# Load POSIX +use POSIX qw(EXIT_SUCCESS EXIT_FAILURE); + +# XXX: Debug +use Data::Dumper; + +# Init redhat +my @redhat = (); -# Directory do not exists -if (file_exists($argv[1]) && !in_array(filetype($argv[1]), array('file','link'))) { - echo 'File '.$argv[1].' exists and is not a file'."\n"; - exit(1); +# Init debian +my @debian = (); + +# Init root +my %root = (); +tie(%root, 'Tie::IxHash', thumbprint => '/etc/acmepl/thumbprint', certificates => []); + +# Init prod +my $prod = 0; + +# Strip and enable prod +@ARGV = map { if ($_ eq '-p') { $prod = 1; (); } else { $_; } } @ARGV; + +# Strip and enable debug +for (my $i = 0; $i <= $#ARGV; $i++) { + # Match redhat types + if ($ARGV[$i] =~ /^(?:(\-r|\-\-redhat)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) { + if (defined($2)) { + push(@redhat, split(',', $2)); + # Extract next parameter + } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) { + push(@redhat, split(',', $1)); + $i++; + # Set default + } else { + push(@redhat, ('example.com')); + } + # Match debian types + } elsif ($ARGV[$i] =~ /^(?:(\-d|\-\-debian)(?:=([^-][a-zA-Z0-9_\.,-]+))?)$/) { + if (defined($2)) { + push(@debian, split(',', $2)); + # Extract next parameter + } elsif(defined($ARGV[$i+1]) && $ARGV[$i+1] =~ /^([^-][a-zA-Z0-9_\.,-]+)$/) { + push(@debian, split(',', $1)); + $i++; + # Set default + } else { + push(@debian, ('example.com')); + } + } } -# Symlink target do not exists -if (is_link($argv[1]) && !file_exists($argv[1])) { - # Read final link - $target = $argv[1]; - # Extract last link - do { - # Update to next link - $target = readlink($target); - } while (is_link($target)); - echo 'Symlink '.$argv[1].' target '.$target.' do not exists'."\n"; - exit(1); +# Show usage +if (scalar(@ARGV) < 1) { + print "Usage: $0 [(-d|--debian)[=example.com[,...]] [(-r|--redhat)[=example.com[,...]]] [...] > /etc/acmepl/config\n"; + exit EXIT_FAILURE; } -# Not writable -if ( - (is_file($argv[1]) && !is_writable($argv[1])) || - (!file_exists($argv[1]) && !is_writable(dirname($argv[1]))) -) { - echo 'Unable to open '.$argv[1].' for writing'."\n"; - exit(1); +# Append redhat style examples +foreach my $key (@redhat) { + tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', ( + # Public cert + #XXX: required + cert => '/etc/pki/tls/certs/'.$key.'.pem', + # Private key + #XXX: required + key => '/etc/pki/tls/private/'.$key.'.pem', + # Mail address + #XXX: required + mail => 'webmaster@'.$key, + # Root domain + #XXX: required + domain => 'www.'.$key, + # Domain list + #XXX: required + domains => [ + $key, + '...' + ], + # Production certificate + #XXX: optional + #XXX: set to 1 for production + prod => $prod + )); } -// Generate config -$config = json_encode( - // Root array - array( - // Certificate object - array( - // Public cert - //XXX: required - 'cert' => '/etc/pki/tls/certs/httpd.pem', - // Private key - //XXX: required - 'key' => '/etc/pki/tls/private/httpd.pem', - // Mail address - //XXX: required - 'mail' => 'example@example.com', - // Domain list - //XXX: required - 'domains' => array( - 'www.example.com', - 'example.com' - ), - // Production certificate - //XXX: optional - //XXX: set to 1 for production - 'prod' => 0 - ), - // Other certificate - array( - 'cert' => '/etc/ssl/certs/apache.crt', - 'key' => '/etc/ssl/private/apache.key', - 'mail' => 'example@example.com', - 'domains' => array( - 'other.example.com', - 'example.com' - ), - 'prod' => 0 - ), - #... - ) -); - -# Send to stdout -if ($argv[1] == '-') { - echo $config; -# Save to file -} else { - file_put_contents($argv[1], $config); +# Append debian style examples +foreach my $key (@debian) { + tie(%{$root{certificates}[$#{$root{certificates}}+1]}, 'Tie::IxHash', ( + # Public cert + #XXX: required + cert => '/etc/ssl/certs/'.$key.'.crt', + # Private key + #XXX: required + key => '/etc/ssl/private/'.$key.'.key', + # Mail address + #XXX: required + mail => 'webmaster@'.$key, + # Root domain + #XXX: required + domain => 'www.'.$key, + # Domain list + #XXX: required + domains => [ + $key, + '...' + ], + # Production certificate + #XXX: optional + #XXX: set to 1 for production + prod => $prod + )); } + +# Display configuration template +print to_json(\%root, {pretty => 1}); + +# Exit with success +exit EXIT_SUCCESS;