Allow key password to be set optionally

franzs · Sep 15, 2023 · 2bef794 · 2bef794
1 parent dccace6
commit 2bef794
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -6,14 +6,15 @@ The idea was taken from https://gist.github.com/wikrie/f1d5747a714e0a34d0582981f
 
 ## Usage
 
-You have to provide a baseurl for your FRITZ!Box, a username, a password, and a certpath to contain `fullchain.pem` and `privkey.pem`. This can be done using environment variables or command line options. Command line options have a higher precedence.
+You have to provide a baseurl for your FRITZ!Box, a username, a password, and a certpath to contain `fullchain.pem` and `privkey.pem`. Optionally you can specify a key password. This can be done using environment variables or command line options. Command line options have a higher precedence.
 
 | Parameter | Environment         | Command line option |
 | --------- | ------------------- | ------------------- |
 | baseurl   | `FRITZBOX_BASEURL`  | `-b`                |
 | username  | `FRITZBOX_USERNAME` | `-u`                |
 | password  | `FRITZBOX_PASSWORD` | `-p`                |
 | certpath  | `FRITZBOX_CERTPATH` | `-c`                |
+| keypass   | `FRITZBOX_KEYPASS ` | `-k`                |
 
 ## Limitations
 

diff --git a/fritzbox_upload_certificate.sh b/fritzbox_upload_certificate.sh
@@ -20,14 +20,15 @@ baseurl="${FRITZBOX_BASEURL:-}"
 certpath="${FRITZBOX_CERTPATH:-}"
 password="${FRITZBOX_PASSWORD:-}"
 username="${FRITZBOX_USERNAME:-}"
+keypass="${FRITZBOX_KEYPASS:-}"
 
 CURL_CMD="curl"
 ICONV_CMD="iconv"
 
 SUCCESS_MESSAGES="^ *(Das SSL-Zertifikat wurde erfolgreich importiert|Import of the SSL certificate was successful|El certificado SSL se ha importado correctamente|Le certificat SSL a été importé|Il certificato SSL è stato importato|Import certyfikatu SSL został pomyślnie zakończony)\.$"
 
 function usage {
-  echo "Usage: $0 [-b baseurl] [-u username] [-p password] [-c certpath]" >&2
+  echo "Usage: $0 [-b baseurl] [-u username] [-p password] [-c certpath] [-k keypass]" >&2
   exit 64
 }
 
@@ -62,14 +63,17 @@ done
 
 [ ${exit} -ne 0 ] && exit ${exit}
 
-while getopts ":b:c:p:u:h" opt; do
+while getopts ":b:c:k:p:u:h" opt; do
   case ${opt} in
     b)
       baseurl=$OPTARG
       ;;
     c)
       certpath=$OPTARG
       ;;
+    k)
+      keypass=$OPTARG
+      ;;
     p)
       password=$OPTARG
       ;;
@@ -147,6 +151,15 @@ ${certbundle}
 --${boundary}--
 EOD
 
+if [ -n "${keypass}" ]; then
+cat <<EOD >> "${request_file}"
+Content-Disposition: form-data; name="BoxCertPassword"
+
+${keypass}
+--${boundary}--
+EOD
+fi
+
 # upload the certificate to the box
 ${CURL_CMD} -sS -X POST "${baseurl}/cgi-bin/firmwarecfg" -H "Content-type: multipart/form-data boundary=${boundary}" --data-binary "@${request_file}" | grep -qE "${SUCCESS_MESSAGES}"
 # shellcheck disable=SC2181