#!/bin/bash # Certificate Management Script for Certwarden # Version: 1.0 # Configuration CERTWARDEN_SERVER="your-certwarden-server.com" CERT_PATH="/etc/ssl/certs" KEY_PATH="/etc/ssl/private" TEMP_PATH="/tmp/cert_temp" # Color codes for output GREEN='\033[0;32m' RED='\033[0;31m' BLUE='\033[0;34m' NC='\033[0m' # No Color # Function to check if required commands exist check_requirements() { local required_commands=("curl" "jq") for cmd in "${required_commands[@]}"; do if ! command -v "$cmd" &> /dev/null; then echo -e "${RED}Error: Required command '$cmd' is not installed.${NC}" echo "Please install it using your package manager." exit 1 fi done } # Function to validate API key format validate_api_key() { local api_key=$1 if [[ ! $api_key =~ ^[A-Za-z0-9_-]{32,}$ ]]; then return 1 fi return 0 } # Function to create directories if they don't exist setup_directories() { mkdir -p "$CERT_PATH" "$KEY_PATH" "$TEMP_PATH" if [ $? -ne 0 ]; then echo -e "${RED}Error: Failed to create required directories${NC}" exit 1 fi } # Function to download certificate and key download_certificate() { local cert_name=$1 local api_key=$2 echo -e "${BLUE}Downloading certificate for $cert_name...${NC}" # Download certificate if curl -fL -o "$TEMP_PATH/$cert_name.crt" \ -H "X-API-Key: $api_key" \ "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/certificates/$cert_name"; then echo -e "${GREEN}Certificate downloaded successfully${NC}" else echo -e "${RED}Failed to download certificate${NC}" return 1 fi # Download private key if curl -fL -o "$TEMP_PATH/$cert_name.key" \ -H "X-API-Key: $api_key" \ "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/privatekeys/$cert_name"; then echo -e "${GREEN}Private key downloaded successfully${NC}" else echo -e "${RED}Failed to download private key${NC}" return 1 fi return 0 } # Function to install certificate and key install_certificate() { local cert_name=$1 # Move files to their final locations if sudo mv "$TEMP_PATH/$cert_name.crt" "$CERT_PATH/" && \ sudo mv "$TEMP_PATH/$cert_name.key" "$KEY_PATH/"; then echo -e "${GREEN}Certificate and key installed successfully${NC}" # Set appropriate permissions sudo chmod 644 "$CERT_PATH/$cert_name.crt" sudo chmod 600 "$KEY_PATH/$cert_name.key" return 0 else echo -e "${RED}Failed to install certificate and key${NC}" return 1 fi } # Main menu function main_menu() { while true; do echo -e "\n${BLUE}Certwarden Certificate Management${NC}" echo "1. Download and install new certificate" echo "2. List installed certificates" echo "3. Check certificate expiration" echo "4. Exit" read -p "Select an option (1-4): " choice case $choice in 1) read -p "Enter certificate name: " cert_name read -p "Enter API key: " api_key if ! validate_api_key "$api_key"; then echo -e "${RED}Invalid API key format${NC}" continue fi if download_certificate "$cert_name" "$api_key"; then install_certificate "$cert_name" fi ;; 2) echo -e "\n${BLUE}Installed Certificates:${NC}" ls -l "$CERT_PATH"/*.crt 2>/dev/null || echo "No certificates found" ;; 3) echo -e "\n${BLUE}Certificate Expiration Dates:${NC}" for cert in "$CERT_PATH"/*.crt; do if [ -f "$cert" ]; then echo -n "$(basename "$cert"): " openssl x509 -enddate -noout -in "$cert" fi done ;; 4) echo -e "${GREEN}Exiting...${NC}" exit 0 ;; *) echo -e "${RED}Invalid option${NC}" ;; esac done } # Script initialization check_requirements setup_directories # Start the script echo -e "${GREEN}Welcome to Certwarden Certificate Management${NC}" main_menu