forked from unixnut/scripts
-
Notifications
You must be signed in to change notification settings - Fork 0
/
aws-upload-cert
executable file
·71 lines (62 loc) · 1.99 KB
/
aws-upload-cert
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
#! /bin/sh
# aws-upload-cert (Bourne shell script) -- "aws iam upload-server-certificate" wrapper
#
# Keywords: SSL AWS ELB
self=`basename $0`
allowed_options=n:
# *** MAINLINE ***
# == command-line parsing ==
# -- option handling --
set -e
eval set -- `getopt --shell=sh -n $self +$allowed_options "$@"`
set +e # getopt would have already reported the error
while [ x"$1" != x-- ] ; do
case "$1" in
-n) name="$2" ;;
esac
shift # get rid of the option (or its arg if the inner shift already got rid it)
done
shift # get rid of the "--"
# -- argument checking --
if [ $# != 2 -a $# != 3 ] ; then
echo "Usage: aws-upload-cert <certfile> <keyfile> [ <chainfile> ]" >&2
exit 1
fi
# -- argument handling --
certfile="$1"
keyfile="$2"
chainfile="$3"
# == sanity checking ==
if [ ! -r "$certfile" ] ; then
echo "${self}: certificate file '$certfile' not found (or not readable)" >&2
exit 2
fi
if [ ! -r "$keyfile" ] ; then
echo "${self}: key file '$keyfile' not found (or not readable)" >&2
exit 2
fi
if [ -n "$chainfile" -a ! -r "$chainfile" ] ; then
echo "${self}: certificate chain file '$chainfile' not found (or not readable)" >&2
exit 2
fi
# == preparation ==
# If the user didn't supply a name, generate it from the certfile name
if [ -z "$name" ] ; then
certfile_basename="${certfile##*/}"
# chops the extension (assumes there is one)
name="${certfile_basename%.*}"
fi
# == processing ==
# Upload the data from the files
# (Note that the keyfile is output by openssl to ensure that the
# "BEGIN RSA PRIVATE KEY" PEM subformat is used.)
if [ -n "$chainfile" ] ; then
aws iam upload-server-certificate --server-certificate-name="$name" \
--certificate-body="$(cat "$certfile")" \
--private-key="$(openssl rsa -in "$keyfile" 2>/dev/null)" \
--certificate-chain="$(cat "$chainfile")"
else
aws iam upload-server-certificate --server-certificate-name=$name \
--certificate-body="$(cat "$certfile")" \
--private-key="$(openssl rsa -in "$keyfile" 2>/dev/null)"
fi