From 696867a82f0c8152b27ed32045b1a532a882cfe0 Mon Sep 17 00:00:00 2001
From: ruben <ruben@dmz.skyfritt.net>
Date: Fri, 28 Feb 2025 21:25:33 +0100
Subject: [PATCH] Initial commit

---
 certman.sh | 153 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 153 insertions(+)
 create mode 100644 certman.sh

diff --git a/certman.sh b/certman.sh
new file mode 100644
index 0000000..f403c6e
--- /dev/null
+++ b/certman.sh
@@ -0,0 +1,153 @@
+#!/bin/bash
+
+# Certificate Management Script for Certwarden
+# Version: 1.0
+
+# Configuration
+CERTWARDEN_SERVER="your-certwarden-server.com"
+CERT_PATH="/etc/ssl/certs"
+KEY_PATH="/etc/ssl/private"
+TEMP_PATH="/tmp/cert_temp"
+
+# Color codes for output
+GREEN='\033[0;32m'
+RED='\033[0;31m'
+BLUE='\033[0;34m'
+NC='\033[0m' # No Color
+
+# Function to check if required commands exist
+check_requirements() {
+    local required_commands=("curl" "jq")
+    for cmd in "${required_commands[@]}"; do
+        if ! command -v "$cmd" &> /dev/null; then
+            echo -e "${RED}Error: Required command '$cmd' is not installed.${NC}"
+            echo "Please install it using your package manager."
+            exit 1
+        fi
+    done
+}
+
+# Function to validate API key format
+validate_api_key() {
+    local api_key=$1
+    if [[ ! $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]; then
+        return 1
+    fi
+    return 0
+}
+
+# Function to create directories if they don't exist
+setup_directories() {
+    mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH"
+    if [ $? -ne 0 ]; then
+        echo -e "${RED}Error: Failed to create required directories${NC}"
+        exit 1
+    fi
+}
+
+# Function to download certificate and key
+download_certificate() {
+    local cert_name=$1
+    local api_key=$2
+
+    echo -e "${BLUE}Downloading certificate for $cert_name...${NC}"
+
+    # Download certificate
+    if curl -fL -o "$TEMP_PATH/$cert_name.crt" \
+        -H "X-API-Key: $api_key" \
+        "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/certificates/$cert_name"; then
+        echo -e "${GREEN}Certificate downloaded successfully${NC}"
+    else
+        echo -e "${RED}Failed to download certificate${NC}"
+        return 1
+    fi
+
+    # Download private key
+    if curl -fL -o "$TEMP_PATH/$cert_name.key" \
+        -H "X-API-Key: $api_key" \
+        "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/privatekeys/$cert_name"; then
+        echo -e "${GREEN}Private key downloaded successfully${NC}"
+    else
+        echo -e "${RED}Failed to download private key${NC}"
+        return 1
+    fi
+
+    return 0
+}
+
+# Function to install certificate and key
+install_certificate() {
+    local cert_name=$1
+
+    # Move files to their final locations
+    if sudo mv "$TEMP_PATH/$cert_name.crt" "$CERT_PATH/" && \
+       sudo mv "$TEMP_PATH/$cert_name.key" "$KEY_PATH/"; then
+        echo -e "${GREEN}Certificate and key installed successfully${NC}"
+        
+        # Set appropriate permissions
+        sudo chmod 644 "$CERT_PATH/$cert_name.crt"
+        sudo chmod 600 "$KEY_PATH/$cert_name.key"
+        
+        return 0
+    else
+        echo -e "${RED}Failed to install certificate and key${NC}"
+        return 1
+    fi
+}
+
+# Main menu function
+main_menu() {
+    while true; do
+        echo -e "\n${BLUE}Certwarden Certificate Management${NC}"
+        echo "1. Download and install new certificate"
+        echo "2. List installed certificates"
+        echo "3. Check certificate expiration"
+        echo "4. Exit"
+        
+        read -p "Select an option (1-4): " choice
+
+        case $choice in
+            1)
+                read -p "Enter certificate name: " cert_name
+                read -p "Enter API key: " api_key
+
+                if ! validate_api_key "$api_key"; then
+                    echo -e "${RED}Invalid API key format${NC}"
+                    continue
+                fi
+
+                if download_certificate "$cert_name" "$api_key"; then
+                    install_certificate "$cert_name"
+                fi
+                ;;
+            2)
+                echo -e "\n${BLUE}Installed Certificates:${NC}"
+                ls -l "$CERT_PATH"/*.crt 2>/dev/null || echo "No certificates found"
+                ;;
+            3)
+                echo -e "\n${BLUE}Certificate Expiration Dates:${NC}"
+                for cert in "$CERT_PATH"/*.crt; do
+                    if [ -f "$cert" ]; then
+                        echo -n "$(basename "$cert"): "
+                        openssl x509 -enddate -noout -in "$cert"
+                    fi
+                done
+                ;;
+            4)
+                echo -e "${GREEN}Exiting...${NC}"
+                exit 0
+                ;;
+            *)
+                echo -e "${RED}Invalid option${NC}"
+                ;;
+        esac
+    done
+}
+
+# Script initialization
+check_requirements
+setup_directories
+
+# Start the script
+echo -e "${GREEN}Welcome to Certwarden Certificate Management${NC}"
+main_menu