QNimbus · May 13, 2020 14:15
diff --git a/deploy_vmware.sh b/deploy_vmware.sh
 #!/usr/bin/env sh
 ##
 ## Title:                     deploy_vmware.sh
 ## Description:               Script to deploy uploaded certificates for use with VMWare ESXi
 ## Author:                    B. van wetten
 ## Created date:              27-01-2020
 ## Updated date:              10-02-2020
 ## Version:                   0.3
 ## GitHub Gist:               https://gist.github.com/QNimbus/9883a3ff8834843b3b024baf3bcccc29
 ##
 ## Usage:                     deploy_vmware.sh
 ## Notes:                     For remote use (e.g. SSH) use the following command as example:
 ##                            /bin/cat | /etc/vmware/ssl/deploy_vmware.sh --
 ##
 ##                            You can use this in your 'authorized_keys' file to run this command remotely:
 ##                            command="/bin/cat | /etc/vmware/ssl/deploy_vmware.sh.sh --",no-pty,from="10.72.0.1/32" AAAAB3********

 # Shell utilities
 RM=$(which rm); [[ $? != 0 ]] && echo "Command 'rm' not found" >&2 && exit 1
 CP=$(which cp); [[ $? != 0 ]] && echo "Command 'cp' not found" >&2 && exit 1
 MV=$(which mv); [[ $? != 0 ]] && echo "Command 'mv' not found" >&2 && exit 1
 FIND=$(which find); [[ $? != 0 ]] && echo "Command 'find' not found" >&2 && exit 1
 XARGS=$(which xargs); [[ $? != 0 ]] && echo "Command 'xargs' not found" >&2 && exit 1
 OPENSSL=$(which openssl); [[ $? != 0 ]] && echo "Command 'openssl' not found" >&2 && exit 1

 # Cleanup any temp files after script execution (traps signals: 0, 1, 2, 15)
 trap '${FIND} ${_PWD} -maxdepth 1 -name "rui.new*" -type f -print0 | ${XARGS} -I % -0 rm %' INT TERM HUP EXIT

 # Initialize variables
 _PWD="/etc/vmware/ssl"
 _ME=$(basename "${0}")

 # Get certificate data from stdin
 CERT_DATA=$(cat)

 # Make a backup of rui.crt if it exists
 [ -f ${_PWD}/rui.crt ] && ${CP} -a ${_PWD}/rui.crt ${_PWD}/orig.rui.crt

 # Make a backup of rui.key if it exists
 [ -f ${_PWD}/rui.key ] && ${CP} -a ${_PWD}/rui.key ${_PWD}/orig.rui.key

 # Extract certificate from CERT_DATA
 (cat <<END
 $CERT_DATA
 END
 ) > ${_PWD}/cert_data.crt.tmp

 ${OPENSSL} crl2pkcs7 -nocrl -certfile "${_PWD}/cert_data.crt.tmp" > "${_PWD}/cert_data.pkcs7.tmp" || exit 1
 ${OPENSSL} pkcs7 -print_certs -out "${_PWD}/rui.new.crt" -in "${_PWD}/cert_data.pkcs7.tmp" > /dev/null 2>&1 || exit 1

 # Extract key from CERT_DATA
 (cat <<END
 $CERT_DATA
 END
 ) | ${OPENSSL} rsa -outform pem -out ${_PWD}/rui.new.key > /dev/null 2>&1 || exit 1

 # If all went well, rename the new certificates and remove temp files
 ${MV} "${_PWD}/rui.new.crt" "${_PWD}/rui.crt"
 ${MV} "${_PWD}/rui.new.key" "${_PWD}/rui.key"
 ${RM} "${_PWD}/cert_data.crt.tmp"
 ${RM} "${_PWD}/cert_data.pkcs7.tmp"

 # Restart VMWare management agents
 (/etc/init.d/hostd restart && /etc/init.d/vpxa restart) > /dev/null 2>&1
	#!/usr/bin/env sh
	##
	## Title: deploy_vmware.sh
	## Description: Script to deploy uploaded certificates for use with VMWare ESXi
	## Author: B. van wetten
	## Created date: 27-01-2020
	## Updated date: 10-02-2020
	## Version: 0.3
	## GitHub Gist: https://gist.github.com/QNimbus/9883a3ff8834843b3b024baf3bcccc29
	##
	## Usage: deploy_vmware.sh
	## Notes: For remote use (e.g. SSH) use the following command as example:
	## /bin/cat \| /etc/vmware/ssl/deploy_vmware.sh --
	##
	## You can use this in your 'authorized_keys' file to run this command remotely:
	## command="/bin/cat \| /etc/vmware/ssl/deploy_vmware.sh.sh --",no-pty,from="10.72.0.1/32" AAAAB3********

	# Shell utilities
	RM=$(which rm); [[ $? != 0 ]] && echo "Command 'rm' not found" >&2 && exit 1
	CP=$(which cp); [[ $? != 0 ]] && echo "Command 'cp' not found" >&2 && exit 1
	MV=$(which mv); [[ $? != 0 ]] && echo "Command 'mv' not found" >&2 && exit 1
	FIND=$(which find); [[ $? != 0 ]] && echo "Command 'find' not found" >&2 && exit 1
	XARGS=$(which xargs); [[ $? != 0 ]] && echo "Command 'xargs' not found" >&2 && exit 1
	OPENSSL=$(which openssl); [[ $? != 0 ]] && echo "Command 'openssl' not found" >&2 && exit 1

	# Cleanup any temp files after script execution (traps signals: 0, 1, 2, 15)
	trap '${FIND} ${_PWD} -maxdepth 1 -name "rui.new*" -type f -print0 \| ${XARGS} -I % -0 rm %' INT TERM HUP EXIT

	# Initialize variables
	_PWD="/etc/vmware/ssl"
	_ME=$(basename "${0}")

	# Get certificate data from stdin
	CERT_DATA=$(cat)

	# Make a backup of rui.crt if it exists
	[ -f ${_PWD}/rui.crt ] && ${CP} -a ${_PWD}/rui.crt ${_PWD}/orig.rui.crt

	# Make a backup of rui.key if it exists
	[ -f ${_PWD}/rui.key ] && ${CP} -a ${_PWD}/rui.key ${_PWD}/orig.rui.key

	# Extract certificate from CERT_DATA
	(cat <<END
	$CERT_DATA
	END
	) > ${_PWD}/cert_data.crt.tmp

	${OPENSSL} crl2pkcs7 -nocrl -certfile "${_PWD}/cert_data.crt.tmp" > "${_PWD}/cert_data.pkcs7.tmp" \|\| exit 1
	${OPENSSL} pkcs7 -print_certs -out "${_PWD}/rui.new.crt" -in "${_PWD}/cert_data.pkcs7.tmp" > /dev/null 2>&1 \|\| exit 1

	# Extract key from CERT_DATA
	(cat <<END
	$CERT_DATA
	END
	) \| ${OPENSSL} rsa -outform pem -out ${_PWD}/rui.new.key > /dev/null 2>&1 \|\| exit 1

	# If all went well, rename the new certificates and remove temp files
	${MV} "${_PWD}/rui.new.crt" "${_PWD}/rui.crt"
	${MV} "${_PWD}/rui.new.key" "${_PWD}/rui.key"
	${RM} "${_PWD}/cert_data.crt.tmp"
	${RM} "${_PWD}/cert_data.pkcs7.tmp"

	# Restart VMWare management agents
	(/etc/init.d/hostd restart && /etc/init.d/vpxa restart) > /dev/null 2>&1