ejbca_3_5_3(1).zip mk_openvpn_windows

www.pudn.com > ejbca_3_5_3(1).zip > mk_openvpn_windows_installer.sh

#!/bin/bash

DIR=/usr/local/tmp/

# this script is used by EJBCA_3_1_3 to create OpenVPN windows
# installer programs using the nsis package for linux.
# Contributed by Jon Bendtsen.

# EJBCA expects this program to be at
# /usr/local/ejbca/openvpn/mk_openvpn_windows_installer.sh
# EJBCA leaves a PKCS12 file in /usr/local/tmp, and expects
# the openvpn windows installer program at the same location
# with a particular name
# /usr/local/tmp/openvpn-gui-install-$USERNAME.exe

# The user name, IssuerDN and SubjectDN are written from EJBCA
# to stdout which is connected to the stdin of this script.
read username
read IssuerDN
read SubjectDN

# This script can use the username, IssuerDN and/or SubjectDN
# to give the user a particular OpenVPN configuration file.
#
# username is unique - username is NOT the Common Name
# IssuerDN is the Distinguised Name of the CA's cert
# SubjectDN is the Distinguised Name of this user's cert
#
# username might look like "jens"
# IssuerDN might look like "CN=AdminCA1,O=Example,C=Com"
# SubjectDN might look like "CN=Jens Hansen,O=Example,OU=Sales,C=Com"
# you could use the O or OU from a DN to specify the needed
# openvpn configuration
#
# But _YOU_ are expected to make the needed changes to this script
# if you dont, you will just get the default called client.conf
# from /usr/local/ejbca/openvpn/default-client.ovpn
# if the file does not exist, the openvpn-gui-install-$USERNAME.exe
# will not be made
cfg=default-client.ovpn
org=work
zipfile=openvpn_install_source-2.0.5-gui-1.0.3.zip
#openvpn_install_source-2.0.5-gui-1.0.3.zip
#openvpn_install_source-2.1beta7-gui-1.0.3.zip

move_files() {
# this function moves the configuration and certificate
# to the right place in the tree in $DIR/$username
#
# this function also changes the configuration file
# to use this users certificate, and to the name of
# the organisation which is usually extracted from
# the SubjectDN, if no organisation is extracted
# the default named work is used.
#
# before that the tree under $DIR/$username is
# extracted from a zipfile. The zipfile is either the
# default openvpn_install_source-2.0.5-gui-1.0.3.zip
# or extracted from the username, IssuerDN and/or SubjectDN
# this lets you run with different OpenVPN versions.
olddir=$PWD
cd $DIR/$username
unzip -q /usr/local/ejbca/openvpn/$zipfile

# now we move the certificate to the right location
# EJBCA saves the certificate as $username.p12
mv ../$username.p12 openvpn/config/

# now we take the configuration file, and make it use
# the certificate of this particular user
cat /usr/local/ejbca/openvpn/$cfg | sed -e "s/_-USER-_/$username/g"\
> openvpn/config/$org.ovpn

cd $olddir
}

run_nsis() {
# now that the PKCS12 certificate and the configuration file
# is in place, we call the nsis program to actually make the
# /usr/local/tmp/openvpn-gui-install-$USERNAME.exe

olddir=$PWD
cd $DIR/$username

# first we make changes to the nsis configuration file to
# include the configuration and certificate during install
# and when the program is removed
cat openvpn-gui.nsi | sed -e "s/_-USER-_/$username/g" | \
sed -e "s/_-ORGANISATION-_/$org/g" > $username.nsi

# now we run makensis to create the openvpn windows installer
makensis $username.nsi >> /dev/null

# move the openvpn windows installer to /usr/local/tmp
mv *.exe /usr/local/tmp/openvpn-gui-install-$username.exe

cd $olddir
}

# so we have a place to store our files while we make the nsis
# openvpn windows installer program
mkdir -p $DIR/$username

# First we run a check for the setup for this IssuerDN
# Second we run a check for the setup for this SubjectDN without this user's CN
# Third we run a check for the setup for this username

case "$IssuerDN" in
CN=AdminCA1,O=Example,C=com)
cfg=employee-client.conf
org=work
zipfile=openvpn_install_source-2.1beta7-gui-1.0.3.zip
;;
"CN=PartnerCA1,O=Partners of Example,C=Example")
cfg=partner-vpn-client.conf
org=example
zipfile=openvpn_install_source-2.1beta7-gui-1.0.3.zip
;;
# *)
# # * means the default
# cfg="default-client.conf"
# ;;
esac

# since the SubjectDN includes the users Common Name you will most
# likely have to extract the O (Organisation) and/or OU (Organisational
# Unit) from the SubjectDN
newSubjectDN=$(echo "$SubjectDN" | cut -d"," -f2-)

case "$newSubjectDN" in
O=Example,OU=Sales,C=Com)
cfg="Example.Sales.com-client.conf"
org=ExampleSales
;;
# *)
# # * means the default
# cfg="default-client.conf"
# ;;
esac

# uncomment if you need to check for special users
# you can also let the OpenVPN server give some users a special
# configuration for some things, but stuff like the address
# of the openvpn server can not be set from the server, only
# in the configuration file on the client.
#case "$username" in
# john)
# cfg=john-special-openvpn.conf
# ;;
#
# *)
# # * means the default
# cfg="default-client.conf"
# ;;
#esac

move_files
run_nsis

# cleanup time
rm -rf /usr/local/tmp/$username
rm -rf /usr/local/tmp/$username.p12
rmdir $DIR/$username