#!/bin/bash
#
# This script will automatically download and install OpenCA Base 1.5.1 and OpenCA Tools 1.3.1
# Also it will help you configure your mail server settings and make the OpenCA service auto start when server starts
#
# ** Tested on Fedora 19 **
#
# http://www.mindless.gr/
#
# How to use it
#
# 
# 1) Copy/paste in your server's terminal the line below.
# yum -y update && yum -y install dos2unix wget && wget "http://goo.gl/pw00R2" -O openca.sh && dos2unix openca.sh && chmod +x openca.sh
#
# ./openca.sh
#
# 2) Copy/paste the email settings below when script executes "nano sendmail.mc"
#  ** Remember to change the SMART_HOST with your mail server **
#
#  ** COPY FROM HERE **
#
#FEATURE(`authinfo',`hash /etc/mail/auth/client-info.db')dnl
#define(`SMART_HOST',`your.mailserver.com')dnl
#define(`RELAY_MAILER_ARGS', `TCP $h 587')
#define(`ESMTP_MAILER_ARGS', `TCP $h 587')
#define(`CERT_DIR', `/etc/mail/certs')
#define(`confCACERT_PATH', `CERT_DIR')
#define(`confCACERT', `CERT_DIR/ca-bundle.crt')
#define(`confCRL', `CERT_DIR/ca-bundle.crt')
#define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')
#define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')
#define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')
#define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')
#define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
#TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
#
# ** TO HERE **

clear

echo -e '\E[37;44m'"\033[1mSetting hostname to /etc/hosts \033[0m"
echo '127.0.0.1 '$(cat /etc/hostname) >> /etc/hosts

echo -e '\E[37;44m'"\033[1mAdding OpenCA user\033[0m"
useradd openca

echo -e '\E[37;44m'"\033[1mChanging dir to /home/openca\033[0m"
cd /home/openca

echo -e '\E[37;44m'"\033[1mInstalling essentials\033[0m"
yum -y install gcc gpg make openssl-devel expat-devel httpd mod_ssl mariadb mariadb-libs mariadb-devel mariadb-server mysql-connector-java perl-DBD-MySQL db4-devel @development-tools fedora-packager perl-CPAN nano sendmail sendmail-cf cyrus-sasl cyrus-sasl-plain

echo -e '\E[37;44m'"\033[1mDownloading OpenCA\033[0m"
wget "http://sourceforge.net/projects/openca/files/openca-tools/releases/v1.3.1/sources/openca-tools-1.3.1.tar.gz/download" -O openca-tools-1.3.1.tar.gz
wget "http://sourceforge.net/projects/openca/files/openca-base/releases/v1.5.1/sources/openca-base-1.5.1.tar.gz/download" -O openca-base-1.5.1.tar.gz

echo -e '\E[37;44m'"\033[1mInstalling OpenCA tools\033[0m"
tar -xzf openca-tools-1.3.1.tar.gz
cd openca-tools-1.3.1
./configure --prefix=/opt/openca --exec-prefix=/opt/openca --with-openca-prefix=/opt/openca --with-openca-user=openca --with-openca-group=openca
make
make install
cd ..

echo -e '\E[37;44m'"\033[1mInstalling OpenCA base\033[0m"
tar -xzf openca-base-1.5.1.tar.gz
cd openca-base-1.5.1
./configure --prefix=/opt/openca --exec-prefix=/opt/openca --with-openca-tools-prefix=/opt/openca --with-openca-user=openca --with-openca-group=openca --with-httpd-user=apache --with-httpd-group=apache
make
make install-offline
make install-online

echo -e '\E[37;44m'"\033[1mCreating OpenCA startup script\033[0m"
cp /opt/openca/etc/init.d/openca /etc/init.d/

echo -e '\E[37;44m'"\033[1mStarting mysql server\033[0m"
service mysqld start

echo -e '\E[37;44m'"\033[1mDownloading and restoring database from file\033[0m"
cd ..
wget "http://goo.gl/kVrygz" -O restore.sql
mysql < restore.sql

echo -e '\E[37;44m'"\033[1mRestarting mysql server\033[0m"
service mysqld restart

echo -e '\E[37;44m'"\033[1mChanging OpenCA tmp paths\033[0m"
sed -i 's/\/dev\/fd0/\/tmp\/opencatmp/g' /opt/openca/etc/openca/config.xml

#
# Auto Daemons Will be enabled in a future update of this tutorial
#

#echo -e '\E[37;44m'"\033[1mPatching autoStart Daemons\033[0m"
#sed -i "s/{'reqsig'} = '1';/{'reqsig'} = '0';/g" /opt/openca/lib/openca/cmds/startAutoCA
#sed -i "s/{'reqsig'} = '1';/{'reqsig'} = '0';/g" /opt/openca/lib/openca/cmds/startAutoRevoke
#sed -i "s/{'startup'} = '0';/{'startup'} = '1';/g" /opt/openca/lib/openca/cmds/startAutoCA
#sed -i "s/{'startup'} = '0';/{'startup'} = '1';/g" /opt/openca/lib/openca/cmds/startAutoRevoke
#sed -i "s/{'startup'} = '0';/{'startup'} = '1';/g" /opt/openca/lib/openca/cmds/startAutoCRL
#sed -i "s/{'startup'} = '0';/{'startup'} = '1';/g" /opt/openca/lib/openca/cmds/startAutoEmail

#
# 3) Change email address
#

echo -e '\E[37;44m'"\033[1mChanging default email\033[0m"
sed -i "s/admin@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/common.conf.template
sed -i "s/admin@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/pub.conf.template
sed -i "s/admin@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/batch.conf.template
sed -i "s/admin@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/ra.conf.template
sed -i "s/admin@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/node.conf.template
sed -i "s/support@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/common.conf.template
sed -i "s/support@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/pub.conf.template
sed -i "s/support@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/batch.conf.template
sed -i "s/support@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/ra.conf.template
sed -i "s/support@pki.openca.org/your@mail.com/g" /opt/openca/etc/openca/servers/node.conf.template

echo -e '\E[37;44m'"\033[1mApplying OpenCA config\033[0m"
cd /opt/openca/etc/openca/
nano config.xml
./configure_etc.sh

echo -e '\E[37;44m'"\033[1mDisabling SELinux\033[0m"
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

echo -e '\E[37;44m'"\033[1mSetting Apache HomePage to PUB\033[0m"
sed -i 's/\/usr\/share\/httpd\/noindex\/index.html/\/var\/www\/html\/pki\/pub\/index.html/g' /etc/httpd/conf.d/welcome.conf

echo -e '\E[37;44m'"\033[1mConfiguring sendmail\033[0m"
mkdir /etc/mail/auth/
cd /etc/mail/auth/

#
# 4) Change mail server host and mail credentials
#

echo 'AuthInfo:your.mailserver.com "U:root" "I:your@mail.com" "P:your_mail_password" "M:PLAIN"' >> client-info
echo 'AuthInfo:your.mailserver.com:587 "U:root" "I:your@mail.com" "P:your_mail_password" "M:PLAIN"' >> client-info
makemap -r hash client-info.db < client-info
chmod 600 *
cd ../
chmod 700 auth
mkdir /etc/mail/certs/
cd /etc/mail/certs/

#
# ** REMEMBER to change the "subj" with yours **
#

openssl req -new -x509 -keyout cakey.pem -out cacert.pem -days 3650 -subj "/C=GR/ST=Eastern Macedonia and Thrace/L=Kavala/O=Eastern Macedonia and Thrace Institute of Technology/OU=Computer and Informatics Engineering Department/CN=iipki"
openssl req -nodes -new -x509 -keyout sendmail.pem -out sendmail.pem -days 3650 -subj "/C=GR/ST=Eastern Macedonia and Thrace/L=Kavala/O=Eastern Macedonia and Thrace Institute of Technology/OU=Computer and Informatics Engineering Department/CN=iipki"
cp  /etc/pki/tls/certs/ca-bundle.crt /etc/mail/certs
cd /etc/mail/
nano sendmail.mc
m4 sendmail.mc > sendmail.cf

echo -e '\E[37;44m'"\033[1mAdding MimeTypes\033[0m"
echo 'application/pkix-cert crt' >> /etc/mime.types
echo 'application/x-pem-file pem' >> /etc/mime.types

echo -e '\E[37;44m'"\033[1mEnabling/Disabling autostart services\033[0m"
chkconfig openca on
chkconfig httpd on
chkconfig mysqld on
chkconfig sendmail on
chkconfig firewalld off

echo -e '\E[37;44m'"\033[1mSetting OpenCA pass\033[0m"
service openca start

echo -e '\E[37;44m'"\033[1mRebooting\033[0m"
reboot