#!/bin/bash if [ -f .env ]; then source .env else echo "No .env file found." fi GREEN='\033[0;32m' RED='\033[0;31m' BLUE='\033[0;34m' NC='\033[0m' # No Color check_requirements() { local required_commands=("curl" "jq") for cmd in "${required_commands[@]}"; do if ! command -v "$cmd" &> /dev/null; then echo -e "${RED}Error: Required command '$cmd' is not installed.${NC}" echo "Please install it using your package manager." exit 1 fi done } validate_api_key() { local api_key=$1 if [[ ! $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]; then return 1 fi return 0 } setup_directories() { if ! mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH"; then echo -e "${RED}Error: Failed to create required directories${NC}" exit 1 fi } download_certificate() { local cert_name=$1 local api_key=$2 echo -e "${BLUE}Downloading certificate for $cert_name...${NC}" # Download certificate if curl -fL -o "$TEMP_PATH/$cert_name.crt" \ -H "X-API-Key: $api_key" \ "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/certificates/$cert_name"; then echo -e "${GREEN}Certificate downloaded successfully${NC}" else echo -e "${RED}Failed to download certificate${NC}" return 1 fi # Download private key if curl -fL -o "$TEMP_PATH/$cert_name.key" \ -H "X-API-Key: $api_key" \ "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/privatekeys/$cert_name"; then echo -e "${GREEN}Private key downloaded successfully${NC}" else echo -e "${RED}Failed to download private key${NC}" return 1 fi return 0 } install_certificate() { local cert_name=$1 # Move files to their final locations if sudo mv "$TEMP_PATH/$cert_name.crt" "$CERT_PATH/" && \ sudo mv "$TEMP_PATH/$cert_name.key" "$KEY_PATH/"; then echo -e "${GREEN}Certificate and key installed successfully${NC}" # Set appropriate permissions sudo chmod 644 "$CERT_PATH/$cert_name.crt" sudo chmod 600 "$KEY_PATH/$cert_name.key" return 0 else echo -e "${RED}Failed to install certificate and key${NC}" return 1 fi } # Main menu function main_menu() { # If in auto mode and we have cert name and API key, process automatically if [ "$AUTO_MODE" = "true" ] && [ -n "$CERT_NAME" ] && [ -n "$API_KEY" ]; then if validate_api_key "$API_KEY"; then if download_certificate "$CERT_NAME" "$API_KEY"; then install_certificate "$CERT_NAME" fi else echo -e "${RED}Invalid API key format in .env file${NC}" fi exit 0 fi while true; do echo -e "\n${BLUE}Certwarden Certificate Management${NC}" echo "1. Download and install new certificate" echo "2. List installed certificates" echo "3. Check certificate expiration" echo "4. Exit" read -r -p "Select an option (1-4): " choice case $choice in 1) if [ -z "$CERT_NAME" ]; then read -r -p "Enter certificate name: " CERT_NAME fi if [ -z "$API_KEY" ]; then read -r -p "Enter API key: " API_KEY fi if ! validate_api_key "$API_KEY"; then echo -e "${RED}Invalid API key format${NC}" continue fi if download_certificate "$CERT_NAME" "$API_KEY"; then install_certificate "$CERT_NAME" fi ;; 2) echo -e "\n${BLUE}Installed Certificates:${NC}" ls -l "$CERT_PATH"/*.crt 2>/dev/null || echo "No certificates found" ;; 3) echo -e "\n${BLUE}Certificate Expiration Dates:${NC}" for cert in "$CERT_PATH"/*.crt; do if [ -f "$cert" ]; then echo -n "$(basename "$cert"): " openssl x509 -enddate -noout -in "$cert" fi done ;; 4) echo -e "${GREEN}Exiting...${NC}" exit 0 ;; *) echo -e "${RED}Invalid option${NC}" ;; esac done } # Script initialization check_requirements setup_directories # Start the script echo -e "${GREEN}Welcome to Certwarden Certificate Management${NC}" main_menu