free
/
freedombone
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
2791 Commits
5 Branches
Tree: d0f330d9da
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd0f330d9da'
${ noResults }
freedombone/src/freedombone-dhparam

freedombone-dhparam 2.7KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 
  1. #!/bin/bash

  2. #

  3. # .---.                  .              .

  4. # |                      |              |

  5. # |--- .--. .-.  .-.  .-.|  .-. .--.--. |.-.  .-. .--.  .-.

  6. # |    |   (.-' (.-' (   | (   )|  |  | |   )(   )|  | (.-'

  7. # '    '     --'  --'  -' -  -' '  '   -' -'   -' '   -  --'

  8. #

  9. #                    Freedom in the Cloud

  10. #

  11. # Creates or re-calculates Diffie-Hellman parameters

  12. 

  13. # License

  14. # =======

  15. #

  16. # Copyright (C) 2015-2016 Bob Mottram <bob@robotics.uk.to>

  17. #

  18. # This program is free software: you can redistribute it and/or modify

  19. # it under the terms of the GNU General Public License as published by

  20. # the Free Software Foundation, either version 3 of the License, or

  21. # (at your option) any later version.

  22. #

  23. # This program is distributed in the hope that it will be useful,

  24. # but WITHOUT ANY WARRANTY; without even the implied warranty of

  25. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  26. # GNU General Public License for more details.

  27. #

  28. # You should have received a copy of the GNU General Public License

  29. # along with this program. If not, see <http://www.gnu.org/licenses/>.

  30. 

  31. PROJECT_NAME='freedombone'

  32. 

  33. export TEXTDOMAIN=${PROJECT_NAME}-dhparam

  34. export TEXTDOMAINDIR="/usr/share/locale"

  35. 

  36. HOSTNAME=

  37. KEYLENGTH=2048

  38. RECALCULATE="no"

  39. FAST=''

  40. 

  41. function show_help {

  42.     echo ''

  43.     echo $"${PROJECT_NAME}-dhparam -h [hostname] -l [length in bits] --recalc [yes|no] --fast [yes|no]"

  44.     echo ''

  45.     exit 0

  46. }

  47. 

  48. function calc_dh {

  49.     openssl dhparam -check -text $FAST $KEYLENGTH -out ${1}

  50.     if [ ! "$?" = "0" ]; then

  51.         exit 3674

  52.     fi

  53.     chmod 640 ${1}

  54. }

  55. 

  56. function regenerate_dh_keys {

  57.     for file in /etc/ssl/mycerts/*

  58.     do

  59.         if [[ -f $file ]]; then

  60.             filename=/etc/ssl/certs/$(echo $file | awk -F '/etc/ssl/mycerts/' '{print $2}' | awk -F '.crt' '{print $1}').dhparam

  61.             if [ -f $filename ]; then

  62.                 calc_dh $filename

  63.                 echo $"Recalculated DH params for $filename"

  64.             fi

  65.         fi

  66.     done

  67. }

  68. 

  69. while [[ $# > 1 ]]

  70. do

  71. key="$1"

  72. 

  73. case $key in

  74.     --help)

  75.     show_help

  76.     ;;

  77.     -h|--hostname)

  78.     shift

  79.     HOSTNAME="$1"

  80.     ;;

  81.     -l|--dhkey)

  82.     shift

  83.     KEYLENGTH=${1}

  84.     ;;

  85.     --recalc)

  86.     shift

  87.     RECALCULATE=${1}

  88.     ;;

  89.     --fast)

  90.     shift

  91.     if [[ ${1} == "yes" || ${1} == "y" ]]; then

  92.         FAST='-dsaparam'

  93.     fi

  94.     ;;

  95.     *)

  96.     # unknown option

  97.     ;;

  98. esac

  99. shift

  100. done

  101. 

  102. if [[ $RECALCULATE == "yes" || $RECALCULATE == "y" ]]; then

  103.     regenerate_dh_keys

  104.     exit 0

  105. fi

  106. 

  107. if [ ! $HOSTNAME ]; then

  108.     echo $'No hostname specified'

  109.     exit 5728

  110. fi

  111. 

  112. if ! which openssl > /dev/null ;then

  113.     echo $"$0: openssl is not installed, exiting" 1>&2

  114.     exit 5689

  115. fi

  116. 

  117. if [ ! -d /etc/ssl/mycerts ]; then

  118.     mkdir -p /etc/ssl/mycerts

  119. fi

  120. 

  121. calc_dh /etc/ssl/certs/$HOSTNAME.dhparam

  122. 

  123. systemctl reload nginx

  124. exit 0