From 0b78479f4178db6bf27a92d4296c7e9c21db697e Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Wed, 29 May 2019 10:15:23 +0800 Subject: [PATCH 1/9] Added sophosxg deploy hook New deploy hook for Sophos XG firewall appliance --- deploy/sophosxg.sh | 198 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) create mode 100644 deploy/sophosxg.sh diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh new file mode 100644 index 00000000..7fba5413 --- /dev/null +++ b/deploy/sophosxg.sh @@ -0,0 +1,198 @@ +#!/usr/bin/env sh +# +# This deploy script deploys to a Sophos XG appliance +# DEPLOY_SOPHOSXG_HOST="" +# DEPLOY_SOPHOSXG_USER="" +# DEPLOY_SOPHOSXG_PASSWORD="" +# DEPLOY_SOPHOSXG_NAME="domain" +# DEPLOY_SOPHOSXG_PFX_PASSWORD="s0ph0sXG" +# DEPLOY_SOPHOSXG_HTTPS_INSECURE="1" + +######## Public functions ##################### + +#action pfx user password name pfxpass host +sophosxg_do_req() { + + # does curl request to upload certificate to sophos appliance + + # check number of args + [ $# -eq 7 ] || return 1 + + # set vars + _do_req_action="$1" + _do_req_pfx="$2" + _do_req_user="$3" + _do_req_password="$4" + _do_req_name="$5" + _do_req_pfxpass="$6" + _do_req_host="$7" + + # create temp file for xml + _info "Creating request XML" + _do_req_xml="$(_mktemp)" + if [ ! -f "$_do_req_xml" ]; then + _err "Error creating temp file for XML" + return 1 + fi + + # create xml request + echo " + + + ${_do_req_user} + ${_do_req_password} + + + + UploadCertificate + ${_do_req_name} + ${_do_req_pfxpass} + pkcs12 + certificate.p12 + + + + +" > "$_do_req_xml" + + # dont verify certificate if HTTPS_INSECURE was set + if [ "$Le_Deploy_sophosxg_https_insecure" = "1" ] || [ "$HTTPS_INSECURE" ]; then + _sophosxg_curl="$_sophosxg_curl --insecure" + fi + + # do request with curl + $_sophosxg_curl --silent -F "reqxml=<$_do_req_xml" -F "file=@$_do_req_pfx;filename=certificate.p12" "https://$_do_req_host/webconsole/APIController?" | grep -q '' + ret=$? + + # remove xml file + rm -f "$_do_req_xml" + + return $ret +} + +#domain keyfile certfile cafile fullchain +sophosxg_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + # check for curl first + if _exists "curl"; then + _sophosxg_curl="curl --silent" + else + _err "curl is required" + return 1 + fi + + # Some defaults + DEFAULT_SOPHOSXG_PFX_PASSWORD="s0ph0sXG" + DEFAULT_SOPHOSXG_NAME="$_cdomain" + DEFAULT_SOPHOSXG_HTTPS_INSECURE="1" + + if [ -f "$DOMAIN_CONF" ]; then + # shellcheck disable=SC1090 + . "$DOMAIN_CONF" + fi + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # HOST is required + if [ -z "$DEPLOY_SOPHOSXG_HOST" ]; then + if [ -z "$Le_Deploy_sophosxg_host" ]; then + _err "DEPLOY_SOPHOSXG_HOST not defined." + return 1 + fi + else + Le_Deploy_sophosxg_host="$DEPLOY_SOPHOSXG_HOST" + _savedomainconf Le_Deploy_sophosxg_host "$Le_Deploy_sophosxg_host" + fi + + # USER is required + if [ -z "$DEPLOY_SOPHOSXG_USER" ]; then + if [ -z "$Le_Deploy_sophosxg_user" ]; then + _err "DEPLOY_SOPHOSXG_USER not defined." + return 1 + fi + else + Le_Deploy_sophosxg_user="$DEPLOY_SOPHOSXG_USER" + _savedomainconf Le_Deploy_sophosxg_user "$Le_Deploy_sophosxg_user" + fi + + # PASSWORD is required + if [ -z "$DEPLOY_SOPHOSXG_PASSWORD" ]; then + if [ -z "$Le_Deploy_sophosxg_password" ]; then + _err "DEPLOY_SOPHOSXG_PASSWORD not defined." + return 1 + fi + else + Le_Deploy_sophosxg_password="$DEPLOY_SOPHOSXG_PASSWORD" + _savedomainconf Le_Deploy_sophosxg_password "$Le_Deploy_sophosxg_password" + fi + + # PFX_PASSWORD is optional. If not provided then use default + if [ -n "$DEPLOY_SOPHOSXG_PFX_PASSWORD" ]; then + Le_Deploy_sophosxg_pfx_password="$DEPLOY_SOPHOSXG_PFX_PASSWORD" + _savedomainconf Le_Deploy_sophosxg_pfx_password "$Le_Deploy_sophosxg_pfx_password" + elif [ -z "$Le_Deploy_sophosxg_pfx_password" ]; then + Le_Deploy_sophosxg_pfx_password="$DEFAULT_SOPHOSXG_PFX_PASSWORD" + fi + + # NAME is optional. If not provided then use $_cdomain + if [ -n "$DEPLOY_SOPHOSXG_NAME" ]; then + Le_Deploy_sophosxg_name="$DEPLOY_SOPHOSXG_NAME" + _savedomainconf Le_Deploy_sophosxg_name "$Le_Deploy_sophosxg_name" + elif [ -z "$Le_Deploy_sophosxg_name" ]; then + Le_Deploy_sophosxg_name="$DEFAULT_SOPHOSXG_NAME" + fi + + # HTTPS_INSECURE is optional. Defaults to 1 (true) + if [ -n "$DEPLOY_SOPHOSXG_HTTPS_INSECURE" ]; then + Le_Deploy_sophosxg_https_insecure="$DEPLOY_SOPHOSXG_HTTPS_INSECURE" + _savedomainconf Le_Deploy_sophosxg_https_insecure "$Le_Deploy_sophosxg_https_insecure" + elif [ -z "$Le_Deploy_sophosxg_https_insecure" ]; then + Le_Deploy_sophosxg_https_insecure="$DEFAULT_SOPHOSXG_HTTPS_INSECURE" + fi + + # create temp pkcs12 file + _info "Generating pkcs12 file" + _import_pkcs12="$(_mktemp)" + if [ ! -f "$_import_pkcs12" ]; then + _err "Error creating temp file for pkcs12" + return 1 + fi + if ! _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$Le_Deploy_sophosxg_pfx_password"; then + _err "Error exporting to pkcs12" + [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12" + return 1 + fi + + # do upload of cert - attempt to "update" and on failure try "add" + _req_action_success="no" + for _req_action in update add; do + _info "Uploading certificate: $_req_action" + + if sophosxg_do_req "$_req_action" "$_import_pkcs12" "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" "$Le_Deploy_sophosxg_name" "$Le_Deploy_sophosxg_pfx_password" "$Le_Deploy_sophosxg_host"; then + _req_action_success="yes" + break + fi + _info "$_req_action failed" + done + + # clean up pfx + [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12" + + # check final result + if [ "$_req_action_success" = "no" ]; then + _err "Upload failed permanently" + return 1 + fi + + return 0 + +} From c7e6ba43686e91c3cdf8b85ecd96b014ac18006c Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Wed, 29 May 2019 11:03:44 +0800 Subject: [PATCH 2/9] Whitespace fixes --- deploy/sophosxg.sh | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index 7fba5413..fe5a97d5 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -53,7 +53,7 @@ sophosxg_do_req() { -" > "$_do_req_xml" +"> "$_do_req_xml" # dont verify certificate if HTTPS_INSECURE was set if [ "$Le_Deploy_sophosxg_https_insecure" = "1" ] || [ "$HTTPS_INSECURE" ]; then @@ -176,7 +176,6 @@ sophosxg_deploy() { _req_action_success="no" for _req_action in update add; do _info "Uploading certificate: $_req_action" - if sophosxg_do_req "$_req_action" "$_import_pkcs12" "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" "$Le_Deploy_sophosxg_name" "$Le_Deploy_sophosxg_pfx_password" "$Le_Deploy_sophosxg_host"; then _req_action_success="yes" break @@ -193,6 +192,6 @@ sophosxg_deploy() { return 1 fi - return 0 + return 0 } From d3e0b5f66f4bfd8a24f13efc177258fc142af7c7 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Wed, 29 May 2019 11:06:43 +0800 Subject: [PATCH 3/9] shfmt fix --- deploy/sophosxg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index fe5a97d5..a79f2743 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -53,7 +53,7 @@ sophosxg_do_req() { -"> "$_do_req_xml" +" >"$_do_req_xml" # dont verify certificate if HTTPS_INSECURE was set if [ "$Le_Deploy_sophosxg_https_insecure" = "1" ] || [ "$HTTPS_INSECURE" ]; then From 3d7a71eeaf41a18362f7dc346b42beae0fc73f44 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Thu, 6 Jun 2019 23:21:16 +0800 Subject: [PATCH 4/9] remove curl dependency --- deploy/sophosxg.sh | 111 +++++++++++++++++++++++++++------------------ 1 file changed, 66 insertions(+), 45 deletions(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index a79f2743..2b86ee61 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -12,9 +12,6 @@ #action pfx user password name pfxpass host sophosxg_do_req() { - - # does curl request to upload certificate to sophos appliance - # check number of args [ $# -eq 7 ] || return 1 @@ -27,46 +24,48 @@ sophosxg_do_req() { _do_req_pfxpass="$6" _do_req_host="$7" - # create temp file for xml - _info "Creating request XML" - _do_req_xml="$(_mktemp)" - if [ ! -f "$_do_req_xml" ]; then - _err "Error creating temp file for XML" - return 1 - fi + # static values - as variables in case these need to change + _do_req_boundary="SOPHOSXGPOST" + _do_req_certfile="certificate.p12" - # create xml request - echo " - - - ${_do_req_user} - ${_do_req_password} - - - - UploadCertificate - ${_do_req_name} - ${_do_req_pfxpass} - pkcs12 - certificate.p12 - - - - -" >"$_do_req_xml" - - # dont verify certificate if HTTPS_INSECURE was set - if [ "$Le_Deploy_sophosxg_https_insecure" = "1" ] || [ "$HTTPS_INSECURE" ]; then - _sophosxg_curl="$_sophosxg_curl --insecure" + # dont verify certs if config set + _do_req_old_HTTPS_INSECURE="${HTTPS_INSECURE}" + if [ "${Le_Deploy_sophosxg_https_insecure}" = "1" ]; then + HTTPS_INSECURE="1" fi - # do request with curl - $_sophosxg_curl --silent -F "reqxml=<$_do_req_xml" -F "file=@$_do_req_pfx;filename=certificate.p12" "https://$_do_req_host/webconsole/APIController?" | grep -q '' + # build POST body + _do_req_post="$(printf '--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")" + _do_req_post="$(printf '%sContent-Type: application/xml; charset=utf-8\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%sContent-Disposition: form-data; name="reqxml"\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s%s%s\r\n' "${_do_req_post}" "${_do_req_user}" "${_do_req_password}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}" "${_do_req_action}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_name}")" + _do_req_post="$(printf '%sUploadCertificate\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%spkcs12\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_pfxpass}")" + _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "${_do_req_certfile}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%s--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")" + _do_req_post="$(printf '%sContent-Type: application/octet-stream\r\n' "${_do_req_post}")" + _do_req_post="$(printf '%sContent-Disposition: form-data; filename="%s"; name="file"\r\n' "${_do_req_post}" "${_do_req_certfile}")" + _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "$(_base64 < "${_do_req_pfx}")")" + _do_req_post="$(printf '%s--%s--\r\n' "${_do_req_post}" "${_do_req_boundary}")" + + # do POST + _post "${_do_req_post}" "https://${_do_req_host}/webconsole/APIController?" "" "POST" "multipart/form-data; boundary=${_do_req_boundary}" ret=$? - # remove xml file - rm -f "$_do_req_xml" + # reset HTTP_INSECURE + HTTPS_INSECURE="${_do_req_old_HTTPS_INSECURE}" + # return result of POST return $ret } @@ -78,14 +77,6 @@ sophosxg_deploy() { _cca="$4" _cfullchain="$5" - # check for curl first - if _exists "curl"; then - _sophosxg_curl="curl --silent" - else - _err "curl is required" - return 1 - fi - # Some defaults DEFAULT_SOPHOSXG_PFX_PASSWORD="s0ph0sXG" DEFAULT_SOPHOSXG_NAME="$_cdomain" @@ -171,6 +162,36 @@ sophosxg_deploy() { [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12" return 1 fi + + # create post request + _deploy_post_body="$(_mktemp)" + if [ ! -f "$_deploy_post_body" ]; then + _err "Error creating temp file for HTTP POST" + return 1 + fi + + printf '--SOPHOSXGPOST\r\n' >> "$_deploy_post_body" + printf 'Content-Type: application/xml; charset=utf-8\r\n' >> "$_deploy_post_body" + printf 'Content-Disposition: form-data; name="reqxml"\r\n' >> "$_deploy_post_body" + printf '\r\n' >> "$_deploy_post_body" + printf '\r\n' >> "$_deploy_post_body" + printf '%s\r\n%s\r\n' "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" >> "$_deploy_post_body" + printf '' >> "$_deploy_post_body" + + + %s + UploadCertificate + pkcs12 + %s + certificate.p12 + + + +--SOPHOSXGPOST +Content-Type: application/octet-stream +Content-Disposition: form-data; filename="certificate.p12"; name="file" +%s +--SOPHOSXGPOST-- # do upload of cert - attempt to "update" and on failure try "add" _req_action_success="no" From 6b0884cd28bc69804fd8acbc3a7d39c4a010ba02 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Thu, 6 Jun 2019 23:27:30 +0800 Subject: [PATCH 5/9] Get rid of pasted garbage --- deploy/sophosxg.sh | 34 ++-------------------------------- 1 file changed, 2 insertions(+), 32 deletions(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index 2b86ee61..2cce5c01 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -162,38 +162,8 @@ sophosxg_deploy() { [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12" return 1 fi - - # create post request - _deploy_post_body="$(_mktemp)" - if [ ! -f "$_deploy_post_body" ]; then - _err "Error creating temp file for HTTP POST" - return 1 - fi - - printf '--SOPHOSXGPOST\r\n' >> "$_deploy_post_body" - printf 'Content-Type: application/xml; charset=utf-8\r\n' >> "$_deploy_post_body" - printf 'Content-Disposition: form-data; name="reqxml"\r\n' >> "$_deploy_post_body" - printf '\r\n' >> "$_deploy_post_body" - printf '\r\n' >> "$_deploy_post_body" - printf '%s\r\n%s\r\n' "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" >> "$_deploy_post_body" - printf '' >> "$_deploy_post_body" - - - %s - UploadCertificate - pkcs12 - %s - certificate.p12 - - - ---SOPHOSXGPOST -Content-Type: application/octet-stream -Content-Disposition: form-data; filename="certificate.p12"; name="file" -%s ---SOPHOSXGPOST-- - - # do upload of cert - attempt to "update" and on failure try "add" + + # do upload of cert via HTTP POST - attempt to "update" and on failure try "add" _req_action_success="no" for _req_action in update add; do _info "Uploading certificate: $_req_action" From 1e5d6a096a939e28e3730eb6be8fe42a0a024822 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Thu, 6 Jun 2019 23:30:50 +0800 Subject: [PATCH 6/9] shellcheck error fix --- deploy/sophosxg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index 2cce5c01..ac47ca14 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -35,7 +35,7 @@ sophosxg_do_req() { fi # build POST body - _do_req_post="$(printf '--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")" + _do_req_post="$(printf '%s--%s\r\n' "" "${_do_req_boundary}")" _do_req_post="$(printf '%sContent-Type: application/xml; charset=utf-8\r\n' "${_do_req_post}")" _do_req_post="$(printf '%sContent-Disposition: form-data; name="reqxml"\r\n' "${_do_req_post}")" _do_req_post="$(printf '%s\r\n' "${_do_req_post}")" From 1d344f78fbddf69fcc8a3b7c9f04c83af8d2a167 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Thu, 6 Jun 2019 23:36:29 +0800 Subject: [PATCH 7/9] shfmt spacing fix --- deploy/sophosxg.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index ac47ca14..3a13daea 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -55,7 +55,7 @@ sophosxg_do_req() { _do_req_post="$(printf '%s--%s\r\n' "${_do_req_post}" "${_do_req_boundary}")" _do_req_post="$(printf '%sContent-Type: application/octet-stream\r\n' "${_do_req_post}")" _do_req_post="$(printf '%sContent-Disposition: form-data; filename="%s"; name="file"\r\n' "${_do_req_post}" "${_do_req_certfile}")" - _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "$(_base64 < "${_do_req_pfx}")")" + _do_req_post="$(printf '%s%s\r\n' "${_do_req_post}" "$(_base64 <"${_do_req_pfx}")")" _do_req_post="$(printf '%s--%s--\r\n' "${_do_req_post}" "${_do_req_boundary}")" # do POST From 67d0421e1258b74dfe5ded490f8b114ff0ddf06c Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Fri, 7 Jun 2019 17:23:58 +0800 Subject: [PATCH 8/9] Don't read DOMAIN_CONF or save HTTPS_INSECURE --- deploy/sophosxg.sh | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index 3a13daea..bae9b786 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -29,7 +29,6 @@ sophosxg_do_req() { _do_req_certfile="certificate.p12" # dont verify certs if config set - _do_req_old_HTTPS_INSECURE="${HTTPS_INSECURE}" if [ "${Le_Deploy_sophosxg_https_insecure}" = "1" ]; then HTTPS_INSECURE="1" fi @@ -60,13 +59,6 @@ sophosxg_do_req() { # do POST _post "${_do_req_post}" "https://${_do_req_host}/webconsole/APIController?" "" "POST" "multipart/form-data; boundary=${_do_req_boundary}" - ret=$? - - # reset HTTP_INSECURE - HTTPS_INSECURE="${_do_req_old_HTTPS_INSECURE}" - - # return result of POST - return $ret } #domain keyfile certfile cafile fullchain @@ -82,11 +74,6 @@ sophosxg_deploy() { DEFAULT_SOPHOSXG_NAME="$_cdomain" DEFAULT_SOPHOSXG_HTTPS_INSECURE="1" - if [ -f "$DOMAIN_CONF" ]; then - # shellcheck disable=SC1090 - . "$DOMAIN_CONF" - fi - _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" From 38499428fc3a2fb75e558646813209a2c8968ba0 Mon Sep 17 00:00:00 2001 From: andrewheberle Date: Mon, 10 Jun 2019 09:20:30 +0800 Subject: [PATCH 9/9] Use _savedeployconf/_getdeployconf --- deploy/sophosxg.sh | 84 ++++++++++++++++++++++------------------------ 1 file changed, 40 insertions(+), 44 deletions(-) diff --git a/deploy/sophosxg.sh b/deploy/sophosxg.sh index bae9b786..8dc2c187 100644 --- a/deploy/sophosxg.sh +++ b/deploy/sophosxg.sh @@ -10,10 +10,10 @@ ######## Public functions ##################### -#action pfx user password name pfxpass host +#action pfx user password name pfxpass host [insecure] sophosxg_do_req() { # check number of args - [ $# -eq 7 ] || return 1 + [ $# -eq 8 ] || return 1 # set vars _do_req_action="$1" @@ -23,13 +23,15 @@ sophosxg_do_req() { _do_req_name="$5" _do_req_pfxpass="$6" _do_req_host="$7" + _do_req_insecure="$8" # static values - as variables in case these need to change _do_req_boundary="SOPHOSXGPOST" _do_req_certfile="certificate.p12" # dont verify certs if config set - if [ "${Le_Deploy_sophosxg_https_insecure}" = "1" ]; then + if [ "${_do_req_insecure}" = "1" ]; then + # shellcheck disable=SC2034 HTTPS_INSECURE="1" fi @@ -81,61 +83,55 @@ sophosxg_deploy() { _debug _cfullchain "$_cfullchain" # HOST is required - if [ -z "$DEPLOY_SOPHOSXG_HOST" ]; then - if [ -z "$Le_Deploy_sophosxg_host" ]; then - _err "DEPLOY_SOPHOSXG_HOST not defined." - return 1 - fi - else - Le_Deploy_sophosxg_host="$DEPLOY_SOPHOSXG_HOST" - _savedomainconf Le_Deploy_sophosxg_host "$Le_Deploy_sophosxg_host" + _getdeployconf DEPLOY_SOPHOSXG_HOST + _devug2 DEPLOY_SOPHOSXG_HOST "${DEPLOY_SOPHOSXG_HOST}" + if [ -z "${DEPLOY_SOPHOSXG_HOST}" ]; then + _err "DEPLOY_SOPHOSXG_HOST not defined." + return 1 fi + _savedeployconf DEPLOY_SOPHOSXG_HOST "${DEPLOY_SOPHOSXG_HOST}" # USER is required - if [ -z "$DEPLOY_SOPHOSXG_USER" ]; then - if [ -z "$Le_Deploy_sophosxg_user" ]; then - _err "DEPLOY_SOPHOSXG_USER not defined." - return 1 - fi - else - Le_Deploy_sophosxg_user="$DEPLOY_SOPHOSXG_USER" - _savedomainconf Le_Deploy_sophosxg_user "$Le_Deploy_sophosxg_user" + _getdeployconf DEPLOY_SOPHOSXG_USER + _devug2 DEPLOY_SOPHOSXG_USER "${DEPLOY_SOPHOSXG_USER}" + if [ -z "${DEPLOY_SOPHOSXG_USER}" ]; then + _err "DEPLOY_SOPHOSXG_USER not defined." + return 1 fi + _savedeployconf DEPLOY_SOPHOSXG_USER "${DEPLOY_SOPHOSXG_USER}" # PASSWORD is required - if [ -z "$DEPLOY_SOPHOSXG_PASSWORD" ]; then - if [ -z "$Le_Deploy_sophosxg_password" ]; then - _err "DEPLOY_SOPHOSXG_PASSWORD not defined." - return 1 - fi - else - Le_Deploy_sophosxg_password="$DEPLOY_SOPHOSXG_PASSWORD" - _savedomainconf Le_Deploy_sophosxg_password "$Le_Deploy_sophosxg_password" + _getdeployconf DEPLOY_SOPHOSXG_PASSWORD + _devug2 DEPLOY_SOPHOSXG_PASSWORD "${DEPLOY_SOPHOSXG_PASSWORD}" + if [ -z "${DEPLOY_SOPHOSXG_PASSWORD}" ]; then + _err "DEPLOY_SOPHOSXG_PASSWORD not defined." + return 1 fi + _savedeployconf DEPLOY_SOPHOSXG_PASSWORD "${DEPLOY_SOPHOSXG_PASSWORD}" # PFX_PASSWORD is optional. If not provided then use default - if [ -n "$DEPLOY_SOPHOSXG_PFX_PASSWORD" ]; then - Le_Deploy_sophosxg_pfx_password="$DEPLOY_SOPHOSXG_PFX_PASSWORD" - _savedomainconf Le_Deploy_sophosxg_pfx_password "$Le_Deploy_sophosxg_pfx_password" - elif [ -z "$Le_Deploy_sophosxg_pfx_password" ]; then - Le_Deploy_sophosxg_pfx_password="$DEFAULT_SOPHOSXG_PFX_PASSWORD" + _getdeployconf DEPLOY_SOPHOSXG_PFX_PASSWORD + _devug2 DEPLOY_SOPHOSXG_PFX_PASSWORD "${DEPLOY_SOPHOSXG_PFX_PASSWORD}" + if [ -z "${DEPLOY_SOPHOSXG_PFX_PASSWORD}" ]; then + DEPLOY_SOPHOSXG_PFX_PASSWORD="${DEFAULT_SOPHOSXG_PFX_PASSWORD}" fi + _savedeployconf DEPLOY_SOPHOSXG_PFX_PASSWORD "${DEPLOY_SOPHOSXG_PFX_PASSWORD}" # NAME is optional. If not provided then use $_cdomain - if [ -n "$DEPLOY_SOPHOSXG_NAME" ]; then - Le_Deploy_sophosxg_name="$DEPLOY_SOPHOSXG_NAME" - _savedomainconf Le_Deploy_sophosxg_name "$Le_Deploy_sophosxg_name" - elif [ -z "$Le_Deploy_sophosxg_name" ]; then - Le_Deploy_sophosxg_name="$DEFAULT_SOPHOSXG_NAME" + _getdeployconf DEPLOY_SOPHOSXG_NAME + _devug2 DEPLOY_SOPHOSXG_NAME "${DEPLOY_SOPHOSXG_NAME}" + if [ -z "${DEPLOY_SOPHOSXG_NAME}" ]; then + DEPLOY_SOPHOSXG_NAME="${DEFAULT_SOPHOSXG_NAME}" fi + _savedeployconf DEPLOY_SOPHOSXG_NAME "${DEPLOY_SOPHOSXG_NAME}" # HTTPS_INSECURE is optional. Defaults to 1 (true) - if [ -n "$DEPLOY_SOPHOSXG_HTTPS_INSECURE" ]; then - Le_Deploy_sophosxg_https_insecure="$DEPLOY_SOPHOSXG_HTTPS_INSECURE" - _savedomainconf Le_Deploy_sophosxg_https_insecure "$Le_Deploy_sophosxg_https_insecure" - elif [ -z "$Le_Deploy_sophosxg_https_insecure" ]; then - Le_Deploy_sophosxg_https_insecure="$DEFAULT_SOPHOSXG_HTTPS_INSECURE" + _getdeployconf DEPLOY_SOPHOSXG_HTTPS_INSECURE + _devug2 DEPLOY_SOPHOSXG_HTTPS_INSECURE "${DEPLOY_SOPHOSXG_HTTPS_INSECURE}" + if [ -z "${DEPLOY_SOPHOSXG_HTTPS_INSECURE}" ]; then + DEPLOY_SOPHOSXG_HTTPS_INSECURE="${DEFAULT_SOPHOSXG_HTTPS_INSECURE}" fi + _savedeployconf DEPLOY_SOPHOSXG_HTTPS_INSECURE "${DEPLOY_SOPHOSXG_HTTPS_INSECURE}" # create temp pkcs12 file _info "Generating pkcs12 file" @@ -144,7 +140,7 @@ sophosxg_deploy() { _err "Error creating temp file for pkcs12" return 1 fi - if ! _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$Le_Deploy_sophosxg_pfx_password"; then + if ! _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$DEPLOY_SOPHOSXG_PFX_PASSWORD"; then _err "Error exporting to pkcs12" [ -f "$_import_pkcs12" ] && rm -f "$_import_pkcs12" return 1 @@ -154,7 +150,7 @@ sophosxg_deploy() { _req_action_success="no" for _req_action in update add; do _info "Uploading certificate: $_req_action" - if sophosxg_do_req "$_req_action" "$_import_pkcs12" "$Le_Deploy_sophosxg_user" "$Le_Deploy_sophosxg_password" "$Le_Deploy_sophosxg_name" "$Le_Deploy_sophosxg_pfx_password" "$Le_Deploy_sophosxg_host"; then + if sophosxg_do_req "$_req_action" "$_import_pkcs12" "$DEPLOY_SOPHOSXG_USER" "$DEPLOY_SOPHOSXG_PASSWORD" "$DEPLOY_SOPHOSXG_NAME" "$DEPLOY_SOPHOSXG_PFX_PASSWORD" "$DEPLOY_SOPHOSXG_HOST" "$DEPLOY_SOPHOSXG_HTTPS_INSECURE"; then _req_action_success="yes" break fi