QNimbus/deploy_vmware.sh

## deploy_vmware.sh
#!/usr/bin/env sh
##
## Title:                     deploy_vmware.sh
## Description:               Script to deploy uploaded certificates for use with VMWare ESXi
## Author:                    B. van wetten
## Created date:              27-01-2020
## Updated date:              10-02-2020
## Version:                   0.3
## GitHub Gist:               https://gist.github.com/QNimbus/9883a3ff8834843b3b024baf3bcccc29
##
## Usage:                     deploy_vmware.sh
## Notes:                     For remote use (e.g. SSH) use the following command as example:
##                            /bin/cat | /etc/vmware/ssl/deploy_vmware.sh --
##
##                            You can use this in your 'authorized_keys' file to run this command remotely:
##                            command="/bin/cat | /etc/vmware/ssl/deploy_vmware.sh.sh --",no-pty,from="10.72.0.1/32" AAAAB3********

# Shell utilities
RM=$(which rm); [[ $? != 0 ]] && echo "Command 'rm' not found" >&2 && exit 1
CP=$(which cp); [[ $? != 0 ]] && echo "Command 'cp' not found" >&2 && exit 1
MV=$(which mv); [[ $? != 0 ]] && echo "Command 'mv' not found" >&2 && exit 1
FIND=$(which find); [[ $? != 0 ]] && echo "Command 'find' not found" >&2 && exit 1
XARGS=$(which xargs); [[ $? != 0 ]] && echo "Command 'xargs' not found" >&2 && exit 1
OPENSSL=$(which openssl); [[ $? != 0 ]] && echo "Command 'openssl' not found" >&2 && exit 1

# Cleanup any temp files after script execution (traps signals: 0, 1, 2, 15)
trap '${FIND} ${_PWD} -maxdepth 1 -name "rui.new*" -type f -print0 | ${XARGS} -I % -0 rm %' INT TERM HUP EXIT

# Initialize variables
_PWD="/etc/vmware/ssl"
_ME=$(basename "${0}")

# Get certificate data from stdin
CERT_DATA=$(cat)

# Make a backup of rui.crt if it exists
[ -f ${_PWD}/rui.crt ] && ${CP} -a ${_PWD}/rui.crt ${_PWD}/orig.rui.crt

# Make a backup of rui.key if it exists
[ -f ${_PWD}/rui.key ] && ${CP} -a ${_PWD}/rui.key ${_PWD}/orig.rui.key

# Extract certificate from CERT_DATA
(cat <<END
$CERT_DATA
END
) > ${_PWD}/cert_data.crt.tmp

${OPENSSL} crl2pkcs7 -nocrl -certfile "${_PWD}/cert_data.crt.tmp" > "${_PWD}/cert_data.pkcs7.tmp" || exit 1
${OPENSSL} pkcs7 -print_certs -out "${_PWD}/rui.new.crt" -in "${_PWD}/cert_data.pkcs7.tmp" > /dev/null 2>&1 || exit 1

# Extract key from CERT_DATA
(cat <<END
$CERT_DATA
END
) | ${OPENSSL} rsa -outform pem -out ${_PWD}/rui.new.key > /dev/null 2>&1 || exit 1

# If all went well, rename the new certificates and remove temp files
${MV} "${_PWD}/rui.new.crt" "${_PWD}/rui.crt"
${MV} "${_PWD}/rui.new.key" "${_PWD}/rui.key"
${RM} "${_PWD}/cert_data.crt.tmp"
${RM} "${_PWD}/cert_data.pkcs7.tmp"

# Restart VMWare management agents
(/etc/init.d/hostd restart && /etc/init.d/vpxa restart) > /dev/null 2>&1
	#!/usr/bin/env sh
	##
	## Title: deploy_vmware.sh
	## Description: Script to deploy uploaded certificates for use with VMWare ESXi
	## Author: B. van wetten
	## Created date: 27-01-2020
	## Updated date: 10-02-2020
	## Version: 0.3
	## GitHub Gist: https://gist.github.com/QNimbus/9883a3ff8834843b3b024baf3bcccc29
	##
	## Usage: deploy_vmware.sh
	## Notes: For remote use (e.g. SSH) use the following command as example:
	## /bin/cat \| /etc/vmware/ssl/deploy_vmware.sh --
	##
	## You can use this in your 'authorized_keys' file to run this command remotely:
	## command="/bin/cat \| /etc/vmware/ssl/deploy_vmware.sh.sh --",no-pty,from="10.72.0.1/32" AAAAB3********

	# Shell utilities
	RM=$(which rm); [[ $? != 0 ]] && echo "Command 'rm' not found" >&2 && exit 1
	CP=$(which cp); [[ $? != 0 ]] && echo "Command 'cp' not found" >&2 && exit 1
	MV=$(which mv); [[ $? != 0 ]] && echo "Command 'mv' not found" >&2 && exit 1
	FIND=$(which find); [[ $? != 0 ]] && echo "Command 'find' not found" >&2 && exit 1
	XARGS=$(which xargs); [[ $? != 0 ]] && echo "Command 'xargs' not found" >&2 && exit 1
	OPENSSL=$(which openssl); [[ $? != 0 ]] && echo "Command 'openssl' not found" >&2 && exit 1

	# Cleanup any temp files after script execution (traps signals: 0, 1, 2, 15)
	trap '${FIND} ${_PWD} -maxdepth 1 -name "rui.new*" -type f -print0 \| ${XARGS} -I % -0 rm %' INT TERM HUP EXIT

	# Initialize variables
	_PWD="/etc/vmware/ssl"
	_ME=$(basename "${0}")

	# Get certificate data from stdin
	CERT_DATA=$(cat)

	# Make a backup of rui.crt if it exists
	[ -f ${_PWD}/rui.crt ] && ${CP} -a ${_PWD}/rui.crt ${_PWD}/orig.rui.crt

	# Make a backup of rui.key if it exists
	[ -f ${_PWD}/rui.key ] && ${CP} -a ${_PWD}/rui.key ${_PWD}/orig.rui.key

	# Extract certificate from CERT_DATA
	(cat <<END
	$CERT_DATA
	END
	) > ${_PWD}/cert_data.crt.tmp

	${OPENSSL} crl2pkcs7 -nocrl -certfile "${_PWD}/cert_data.crt.tmp" > "${_PWD}/cert_data.pkcs7.tmp" \|\| exit 1
	${OPENSSL} pkcs7 -print_certs -out "${_PWD}/rui.new.crt" -in "${_PWD}/cert_data.pkcs7.tmp" > /dev/null 2>&1 \|\| exit 1

	# Extract key from CERT_DATA
	(cat <<END
	$CERT_DATA
	END
	) \| ${OPENSSL} rsa -outform pem -out ${_PWD}/rui.new.key > /dev/null 2>&1 \|\| exit 1

	# If all went well, rename the new certificates and remove temp files
	${MV} "${_PWD}/rui.new.crt" "${_PWD}/rui.crt"
	${MV} "${_PWD}/rui.new.key" "${_PWD}/rui.key"
	${RM} "${_PWD}/cert_data.crt.tmp"
	${RM} "${_PWD}/cert_data.pkcs7.tmp"

	# Restart VMWare management agents
	(/etc/init.d/hostd restart && /etc/init.d/vpxa restart) > /dev/null 2>&1