用于在xml配置中更新基于证书的64位编码的脚本

Question

下面的脚本用于搜索并将证书字符串base64encoded替换为pfsense服务器的XML配置。

某些语法无法在我的pfsense服务器上离线运行以覆盖证书，因为所有语法都在XML配置中。

#!/bin/bash
host="1.2.3.4"
username="usercopie"
#password=""
certificate="/cert.all.pem"
privatekey="/cert.key"
oldcertificate=$(<certificate.crt.old.txt)
oldprivatekey=$(<certificate.key.old.txt)

cp -f $certificate $certificate.combo
#csplit -f $certificate.part $certificate.combo '/-----BEGIN      CERTIFICATE-----/' '{*}'
split -p "-----BEGIN CERTIFICATE-----" $certificate.combo $certificate.part

for file in $certificate.part*;
do echo "Processing $file file..";
output=$(openssl x509 -noout -subject -in $file);
if [[ $output = *CN=*.* ]]
then
    mv $file certificate.pem
fi
if [[ $output = *Authority* ]]
then
    mv $file CA_LetsEncrypt.pem
fi
done
cert=$(openssl base64 -in $certificate)
cert=$(echo $cert | sed "s/ //g")
key=$(openssl base64 -in $privatekey)
key=$(echo $key | sed "s/ //g")
echo $key

scp $username@$host:/cf/conf/config.xml /root/remotedir/
if grep "$cert" config.xml > /dev/null
then
echo "Identical certificate found, renewal not required"
else
echo "Certificate not found, renewal required"
sed -i -e "s/'$oldcertificate'/'$cert'/g" config.xml
sed -i -e "s/'$oldprivatekey'|'$key'/g" config.xml
echo $cert > certificate.crt.old.txt
echo $key > certificate.key.old.txt


scp config.xml $username@$host:/tmp/config.xml
#ssh $username@$host rm /tmp/config.cache
#ssh $username@$host /etc/rc.restart_webgui
find . -size  0 -name $certificate.part* -print0 |xargs -0 rm --
rm $certificate.combo*
rm certificate.pem
rm privatekey.pem
rm CA_LetsEncrypt.pem
rm config.xml