Created
March 6, 2025 17:04
-
-
Save jceloria/86f103bdafa40273a31beb26829cde80 to your computer and use it in GitHub Desktop.
update Omada controller certificates
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| SELF=${0##*/} SDIR=${0%/*} | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| : ' | |
| The MIT License (MIT) | |
| Copyright © 2024 by John Celoria. | |
| Permission is hereby granted, free of charge, to any person obtaining a copy | |
| of this software and associated documentation files (the "Software"), to deal | |
| in the Software without restriction, including without limitation the rights | |
| to use, copy, modify, merge, publish, distribute, sublicense, and/or sell | |
| copies of the Software, and to permit persons to whom the Software is | |
| furnished to do so, subject to the following conditions: | |
| The above copyright notice and this permission notice shall be included in all | |
| copies or substantial portions of the Software. | |
| THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR | |
| IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, | |
| FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE | |
| AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER | |
| LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, | |
| OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE | |
| SOFTWARE. | |
| ' | |
| # Set some defaults -------------------------------------------------------------------------------------------------- # | |
| VERSION=0.1 | |
| : ' | |
| { | |
| "url": "https://oc300", | |
| "username": "admin", | |
| "password": "password", | |
| } | |
| ' | |
| OMADA_JSON="$(pass omada)" | |
| # Functions ---------------------------------------------------------------------------------------------------------- # | |
| function help() { | |
| cat << EOF | |
| Usage: ${SELF} [OPTION]... | |
| Upload new TLS certs to Omada controller | |
| -h, --help Display this help message and exit | |
| -c, --cert The path to certificate file | |
| -k, --key The path to the key file | |
| -q, --quiet Quiet output | |
| EOF | |
| return | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function log() { | |
| local level levels=(notice warning crit) | |
| level="+($(IFS='|';echo "${levels[*]}"))" | |
| shopt -s extglob; case ${1} in | |
| ${level}) level=${1}; shift ;; | |
| *) level=notice ;; | |
| esac; shopt -u extglob | |
| [[ -z ${RETVAL} ]] && { for RETVAL in "${!levels[@]}"; do | |
| [[ ${levels[${RETVAL}]} = "${level}" ]] && break | |
| done } | |
| logger -s -p ${level} -t "[${SELF}:${FUNCNAME[1]}()]" -- $@; | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function die() { local rv=$?; [[ $1 =~ ^[-]?([0-9]+)$ ]] && { rv=$1; shift; }; log crit "$@"; exit ${rv}; } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function cleanUp() { /bin/rm -rf ${TEMPDIR}; } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function omadaLogin() { | |
| local id payload; local -A creds | |
| while read key val; do | |
| creds[${key}]=${val} | |
| done < <(jq -r '. | to_entries[] | [.key, .value] | @tsv' <<< ${OMADA_JSON}) | |
| OMADA[curl]="curl -sk -c cookies.txt -b cookies.txt -H Content-Type:application/json" | |
| id="$(${OMADA[curl]} ${creds[url]}/api/info | jq -r .result.omadacId)" | |
| OMADA[url]="${creds[url]}/${id}/api/v2" | |
| payload='{"username": "'"${creds[username]}"'", "password": "'"${creds[password]}"'"}' | |
| OMADA[token]=$(${OMADA[curl]} -X POST "${OMADA[url]}/login" -d "${payload}" | jq -r .result.token) | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function omadaVerifyLogin() { | |
| OMADA[curl]="curl -sk -b cookies.txt -H Content-Type:application/json" | |
| result=$(${OMADA[curl]} -H "Csrf-Token: ${OMADA[token]}" "${OMADA[url]}/loginStatus" | jq -r .result.login) | |
| if [[ ${result,,} = true ]]; then | |
| OMADA[curl]+=" -H Csrf-Token:${OMADA[token]}" | |
| else | |
| die "There was a problem logging into the controller." | |
| fi | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function omadaGetSettings() { | |
| omadaVerifyLogin | |
| settings=$(${OMADA[curl]} "${OMADA[url]}/controller/setting" | jq -r '.' 2>/dev/null) | |
| shopt -s extglob | |
| case "$(jq -r .errorCode <<< ${settings})" in | |
| 0) | |
| jq -r '.result' <<< ${settings} > settings.json | |
| ;; | |
| [-[:digit:]]*) | |
| die "$(jq -r . <<< ${settings})" | |
| ;; | |
| *) | |
| die "There was a problem getting the controller settings." | |
| ;; | |
| esac | |
| shopt -u extglob | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function omadaReboot() { | |
| ${OMADA[curl]} -X POST "${OMADA[url]}/cmd/reboot" | jq '.' | |
| } | |
| # -------------------------------------------------------------------------------------------------------------------- # | |
| function omadaSetCertificate() { | |
| local cert_settings=$(jq -r '.certificate' < settings.json) | |
| cp settings.json /tmp | |
| jq '.' <<< ${cert_settings} | |
| #omadaReboot | |
| } | |
| # Sanity checks ------------------------------------------------------------------------------------------------------ # | |
| while getopts ":hc:k:q-:" OPT; do | |
| if [[ "${OPT}" = "-" ]]; then | |
| OPT="${OPTARG%%=*}" | |
| OPTARG="${OPTARG#$OPT}" | |
| OPTARG="${OPTARG#=}" | |
| fi | |
| case "${OPT}" in | |
| h|help) help >&2; exit 1 ;; | |
| c|cert) CERT=$(realpath ${OPTARG}) ;; | |
| k|key ) KEY=$(realpath ${OPTARG}) ;; | |
| q|quiet) QUIET=1 ;; | |
| ??*) RETVAL=2; die "Invalid short option: -${OPT}" ;; | |
| \?) RETVAL=3; die "Invalid long option: --${OPT}" ;; | |
| :) RETVAL=4; die "Option -${OPTARG} requires an argument." ;; | |
| esac | |
| done; shift $((OPTIND-1)) | |
| : ${CERT:?-c/--cert option is required} | |
| : ${KEY:?-k/--key option is required} | |
| req_progs=(logger jq) | |
| for p in ${req_progs[@]}; do | |
| hash "${p}" 2>&- || \ | |
| { die "Required program \"${p}\" not found in \${PATH}."; } | |
| done | |
| CWD=${PWD} | |
| TEMPDIR="$(mktemp -d ${TMPDIR:-/tmp}/${SELF%.*}_XXXXXX)" && trap cleanUp EXIT | |
| cd ${TEMPDIR} || die "Unable to change to temporary working directory: ${TEMPDIR}" | |
| declare -A OMADA | |
| # main --------------------------------------------------------------------------------------------------------------- # | |
| function main() { | |
| [[ ${QUIET} ]] && exec >${LOGFILE:-/dev/null} 2>&1 | |
| for i in ${CERT} ${KEY}; do [[ ! -e ${i} ]] && die 99 "File '${i}' not found."; done | |
| omadaLogin | |
| omadaGetSettings | |
| omadaSetCertificate | |
| exit 0 | |
| } | |
| main $@ | |
| # -------------------------------------------------------------------------------------------------------------------- # |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment