core/Projektarbeit-MYP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Projektarbeit-MYP/backend/app/install_mercedes_certificates.sh

423 lines
15 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
# Mercedes-Benz SSL-Zertifikat-Installationsskript
# Installiert notwendige Zertifikate für sichere Netzwerkverbindungen
set -euo pipefail
# Farben für Ausgabe
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
NC='\033[0m' # No Color
# Emojis für bessere Lesbarkeit
SUCCESS="✅"
ERROR="❌"
WARNING="⚠️"
INFO=""
CERT="🔐"
MERCEDES="🏎️"
# Logging-Funktion
log() {
echo -e "${1} $(date '+%Y-%m-%d %H:%M:%S') - ${2}"
}
log_success() { log "${GREEN}${SUCCESS}${NC}" "$1"; }
log_error() { log "${RED}${ERROR}${NC}" "$1"; }
log_warning() { log "${YELLOW}${WARNING}${NC}" "$1"; }
log_info() { log "${BLUE}${INFO}${NC}" "$1"; }
# Header
echo -e "${BLUE}${MERCEDES}${NC} Mercedes-Benz SSL-Zertifikat-Installation ${BLUE}${MERCEDES}${NC}"
echo "=================================================================="
echo ""
# Betriebssystem erkennen
detect_os() {
if [[ "$OSTYPE" == "linux-gnu"* ]]; then
if command -v apt-get &> /dev/null; then
OS="ubuntu"
elif command -v yum &> /dev/null; then
OS="centos"
elif command -v pacman &> /dev/null; then
OS="arch"
else
OS="linux"
fi
elif [[ "$OSTYPE" == "darwin"* ]]; then
OS="macos"
elif [[ "$OSTYPE" == "msys" ]] || [[ "$OSTYPE" == "cygwin" ]]; then
OS="windows"
else
OS="unknown"
fi
log_info "Erkanntes Betriebssystem: $OS"
}
# Root-Rechte prüfen (außer Windows)
check_privileges() {
if [[ "$OS" != "windows" ]] && [[ $EUID -ne 0 ]]; then
log_error "Dieses Skript muss als Root ausgeführt werden!"
log_info "Verwenden Sie: sudo $0"
exit 1
fi
}
# Zertifikat-Verzeichnisse erstellen
create_cert_directories() {
log_info "Erstelle Zertifikat-Verzeichnisse..."
mkdir -p certs/mercedes/{root,intermediate,server}
mkdir -p certs/backup
log_success "Zertifikat-Verzeichnisse erstellt"
}
# Mercedes-Benz Root-Zertifikate herunterladen/installieren
install_mercedes_root_certs() {
log_info "${CERT} Installiere Mercedes-Benz Root-Zertifikate..."
# Mercedes-Benz Corporate Root CA
cat > certs/mercedes/root/mercedes-root-ca.crt << 'EOF'
-----BEGIN CERTIFICATE-----
MIIGOTCCBCGgAwIBAgIQSeiY3h8+WoxNSBg0jOy/ozANBgkqhkiG9w0BAQsFADA9
MQswCQYDVQQGEwJERTETMBEGA1UECgwKRGFpbWxlciBBRzEZMBcGA1UEAwwQQ29y
cC1QcmotUm9vdC1DQTAeFw0yMDA5MzAyMTM0MzlaFw00MDA5MzAyMTM0MzlaMD0x
CzAJBgNVBAYTAkRFMRMwEQYDVQQKDApEYWltbGVyIEFHMRkwFwYDVQQDDBBDb3Jw
LVByai1Sb290LUNBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAmwTL
4Pwy4W9yM637BwmYYPle5YErD/lpbmP8b3if+BKmwsWsOz2pRzCNDCPUnZl7xW1e
XrMmmksD6MRXk2vwz/BAXgf5Bc6+ii+q4ia3Tt+voKLZXJej5cXuqoZrGWzdlC5H
bY2SxUwbr7O05CsQzVsGhI+rbGDCUbjfE6NY2s3BbMpjndQYX/9JV+KHg6puZI/o
s1vt/RaOHkuvd9NFmrCdb9A+b0CpMT2K4tQzgNjk30MNfI6DRwHUjxF2l1ZpscHq
28gj4PfWbA9d/kxwuxOOJX4rfihRiwwnUzwF3jD1MlnHu4GTGLBIoke2KUXL0BI9
IrSKvl3DjRZf3XRcAo4IlT8tECaRZloTIVNgACsUmSNtIWn/x6EUKoaLvqZf6BQt
4I+tuMdmIqRkGA+MRuCHbPsjpDBPsQ5Y+r80MF1STode0Peq6gTdYvRbN7KJjbET
uXFjD520LEBRP1YaA99DMmer2e0znhkCffwrkWYQUc1B2yUdyS08UfMIqm8CybWD
lFTE2Taau2xebGlBeipvJ4QkzrR3TZ9CsTb+h38o50F4GHUh5nF0ll0IIS/73XtQ
YSEOaCxCBiEraIxPIg9HRj6yASnA7korzqUb3cmJiqIoLOjoMqZL1NksbEJBranV
QMzY4lNuNHabjwa3P36MoGIkUj334EigoEtqwvMCAwEAAaOCATMwggEvMA4GA1Ud
DwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTojU2VKgTmq3j3
JZl7o9WYdlWuHDCB7AYDVR0gBIHkMIHhMIHeBgRVHSAAMIHVMCoGCCsGAQUFBwIB
Fh5odHRwOi8vcGtpLmNvcnBzaGFyZWQubmV0L2Nwcy8wgaYGCCsGAQUFBwICMIGZ
HoGWAEQAYQBpAG0AbABlAHIAIABQAHIAbwBqAGUAYwB0ACAAQwBBACAAQwBlAHIA
dABpAGYAaQBjAGEAdABlACAAUABvAGwAaQBjAHkAIABhAG4AZAAgAEMAZQByAHQA
aQBmAGkAYwBhAHQAaQBvAG4AIABQAHIAYQBjAHQAaQBjAGUAIABTAHQAYQB0AGUA
bQBlAG4AdAAuMA0GCSqGSIb3DQEBCwUAA4ICAQA1/LxktggnmFd7k77Qkub89LpI
26BdNXpozIpc5+uW0W2Q1jJ30PHNEaXGNt2hBA7sXxCYx/+NrrC2RE/8QClZ6kUk
P+AT8W2j0msmh5TpH9TRizDRGFbIlvsLlDRAW2FuTKYL1N7LXFE8oqlqpo6Tl+k9
6yWJwVyZInTwRy0BWAPviA/n2gJuEGTIFi3I494d6YMKIDw5LAvH90ISVNRN7+a3
DBmdVATSQRA9cEsLgDxpDQnOMxNaSIsIKD8DKGwD+m7Kzgwg5Qg9JyC734wJMqu9
wHdZJ1FiTXNkH68dOK2zNGNEsjhUTH058joY2y33dxawJXTkeqDVP2uozC2ruWDs
QUT/AdLcUWa+mrFyDSw0IvrdUmSp3fWW9+Sx3o2uInSSBISkVByg3XvYag+Ibdiy
83Denqi9SVQjzTclfx0XNbjcSoxvRRluegNXuU0P48PZ2/QKZhs0hJ7poQCeUlDe
O8oOGhOOejlouUi0uqOthfS1puqlLIAESjWADyufir1+WcMow7PVUy9+agg9lpgr
aH7+klVjLPiGYUg3CxGv+aO6uYSA089SuhJRrurYuOXuP3VqaoPx0Smbj1JZ1n3D
HlSPGaSVWF06l5gF0dZj1IgrWjljvhfhr8Mfj5aQCiUDWN7YhLzthzlrhSeV8sY7
i9eJKKHKnwWB67iC4g==
-----END CERTIFICATE-----
EOF
# Daimler AG Root CA
cat > certs/mercedes/root/daimler-root-ca.crt << 'EOF'
-----BEGIN CERTIFICATE-----
MIIGIjCCBAqgAwIBAgIQHFAzqM8GW6RCGy2VQ1JYBDANBgkqhkiG9w0BAQsFADA8
MQswCQYDVQQGEwJERTETMBEGA1UECgwKRGFpbWxlciBBRzEYMBYGA1UEAwwPQ29y
cC1Sb290LUNBLUcyMB4XDTE2MTEwMjEzNTE1NFoXDTM2MTEwMjEzNTE1NFowPDEL
MAkGA1UEBhMCREUxEzARBgNVBAoMCkRhaW1sZXIgQUcxGDAWBgNVBAMMD0NvcnAt
Um9vdC1DQS1HMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMJPB4sn
gp25cVIrmOaU+V4ZpCeuzzUJDdHDyd7wPTezjgzpp70s65SgTFtvHV2171OaVaFP
RWl3Tnm2dt4TOzTTf5L6VSn7RcAH3DKZ9hmWpyTZNEdTViLOBMcxYyNWD42oSpvM
hrqhPc19/6G4a2DqX7wWLrMtw8gxZXP6Fu/2Xzgw+Bw0iUo3DUaZu6Qiw+mrAZis
VhrsjrTChj9+sgpva/JLZPAU0UlSRKa+jZL2O5cZY8AL21NFNmR+MbxI/inPcBXO
k803MszGPraZbKk+ZPgyn38O3BwPNZRBzadi5f6XwI9W9K0Ar7rXjUf/OJRL8//1
qqsILdyYYultdv1BldXsN5szPsXrRyOlln0+bmer+k8KDdTekV0Y9aiOTgUIlvhH
D7ocCR7vZulyLtgg0YkMbV3ds2dC7ZNJiGYiR0WY/XaEE7Nn1RuQvJvfRYuotPqU
+Ra2jkqM8BS/CfN/NEL1C6Gki1+Xwgbyp6Y0u9ouuBhuK8hBA8F8XPmtg8j05MSl
/M3zetIhxPf/N6l09oARzRyaTlVj+RiUhX4maKW7CxEsjcY+NsnunfYCTYtrrM0b
L/c3x84B+tlYmJ2P1AEzBDT0DG2rz8qc9CszgcvDzyBOWFav14enWihMXaQglmZK
6atHWUIHG7xU6+URey3fuiERu8bRUWJylnLXAgMBAAGjggEeMIIBGjAOBgNVHQ8B
Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUjMD1u+au8ZZ5Svfo
uG1K4odr0XQwgdcGA1UdIASBzzCBzDCByQYEVR0gADCBwDArBggrBgEFBQcCARYf
aHR0cDovL3BraS5jb3Jwc2hhcmVkLm5ldC9jcHMvADCBkAYIKwYBBQUHAgIwgYMe
gYAARABhAGkAbQBsAGUAcgAgAEMAZQByAHQAaQBmAGkAYwBhAHQAZQAgAFAAbwBs
AGkAYwB5ACAAYQBuAGQAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGkAbwBuACAAUABy
AGEAYwB0AGkAYwBlACAAUwB0AGEAdABlAG0AZQBuAHQALjANBgkqhkiG9w0BAQsF
AAOCAgEAO/YuDNU9uPMKlkjTHg7kzs3dtEE2HA/aRD2ko4UDkOf8fSynIv5AcuC2
O//bbcTmFByU7OFx/P6JXIsqXhnw+8HdScZB8RxUwskjbD9qSq2zG+vcL9WRvNw5
5/Igq3xbNMHWLix+h98IV3Rzok6i6btHr9/yvdvDMHlcy7hMfkMhsx9IoXveJLcB
2n0s/JYqkR+eN+zJ7C3sx+W/nAMkwqG3oFAiaKVUmvbRD9eKOssAEQGZi7AgCige
D395CIL+jIZfxrSotTlR5oxx0LabxACEAulL6I5Retnnpsnbc75sQnpMBKFvQO8n
dPTdzNCp7337Qby1fPnrzig4SndSSf/crbPBU3N/tZWKldC3SHmcOhAzBUwMibQC
GsvkPxIqROYFRoKRv5VlsoqSJkb225DTfq1TyP9wHhi80ZllOpHrFkdc+Z6a62O3
sGQNSymxC5xyNMsVd8GidgxbCa1xXHNtTnKTxsbzFvTXgL7GwbJnaf341uP/+sTt
L7i3SsMynWRMQgXIbu8h+zriacnAWoQmxeJ/by/TZUUSNcYxyZWDmIxR3ZIdS2AO
srlDmNt++Q3P0DHpJXOvZKeRoWyTsA8RceRvAoJWjBSBwuW2kThKHqwAOVRwQ2o9
uPU7Ic3wisWJTNmVF7d/QATRL2tVV2HV1+O4aTNl9s8bTKZ4P1w=
-----END CERTIFICATE-----
EOF
log_success "Mercedes-Benz Root-Zertifikate erstellt"
}
# System-Zertifikatsspeicher aktualisieren
update_system_cert_store() {
log_info "Aktualisiere System-Zertifikatsspeicher..."
case "$OS" in
"ubuntu")
# Ubuntu/Debian
cp certs/mercedes/root/*.crt /usr/local/share/ca-certificates/
update-ca-certificates
;;
"centos")
# CentOS/RHEL
cp certs/mercedes/root/*.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust
;;
"arch")
# Arch Linux
cp certs/mercedes/root/*.crt /etc/ca-certificates/trust-source/anchors/
trust extract-compat
;;
"macos")
# macOS
for cert in certs/mercedes/root/*.crt; do
security add-trusted-cert -d -r trustRoot -k /Library/Keychains/System.keychain "$cert"
done
;;
"windows")
# Windows (über PowerShell)
powershell.exe -Command "
Get-ChildItem -Path 'certs/mercedes/root/*.crt' | ForEach-Object {
Import-Certificate -FilePath \$_.FullName -CertStoreLocation Cert:\\LocalMachine\\Root
}
"
;;
*)
log_warning "Unbekanntes OS - manuelle Installation erforderlich"
;;
esac
log_success "System-Zertifikatsspeicher aktualisiert"
}
# Python-Zertifikate aktualisieren
update_python_certs() {
log_info "Aktualisiere Python-Zertifikate..."
# Python certifi-Paket aktualisieren
if command -v pip3 &> /dev/null; then
pip3 install --upgrade certifi
elif command -v pip &> /dev/null; then
pip install --upgrade certifi
fi
# Requests-Zertifikate aktualisieren
python3 -c "
import ssl
import certifi
print(f'Python SSL-Kontext: {ssl.create_default_context().check_hostname}')
print(f'Certifi-Pfad: {certifi.where()}')
" 2>/dev/null || log_warning "Python-Zertifikat-Check fehlgeschlagen"
log_success "Python-Zertifikate aktualisiert"
}
# Node.js-Zertifikate aktualisieren
update_nodejs_certs() {
if command -v node &> /dev/null; then
log_info "Aktualisiere Node.js-Zertifikate..."
# Node.js CA-Bundle aktualisieren
export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
log_success "Node.js-Zertifikate konfiguriert"
fi
}
# Git-Zertifikate konfigurieren
configure_git_certs() {
if command -v git &> /dev/null; then
log_info "Konfiguriere Git-Zertifikate..."
# Git CA-Bundle setzen
git config --global http.sslCAInfo "$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
log_success "Git-Zertifikate konfiguriert"
fi
}
# Curl-Zertifikate konfigurieren
configure_curl_certs() {
if command -v curl &> /dev/null; then
log_info "Konfiguriere Curl-Zertifikate..."
# Curl CA-Bundle in .curlrc setzen
echo "cacert = $(pwd)/certs/mercedes/root/mercedes-root-ca.crt" >> ~/.curlrc
log_success "Curl-Zertifikate konfiguriert"
fi
}
# Wget-Zertifikate konfigurieren
configure_wget_certs() {
if command -v wget &> /dev/null; then
log_info "Konfiguriere Wget-Zertifikate..."
# Wget CA-Bundle in .wgetrc setzen
echo "ca_certificate = $(pwd)/certs/mercedes/root/mercedes-root-ca.crt" >> ~/.wgetrc
log_success "Wget-Zertifikate konfiguriert"
fi
}
# Browser-Zertifikate installieren
install_browser_certs() {
log_info "Installiere Browser-Zertifikate..."
case "$OS" in
"ubuntu"|"linux")
# Chrome/Chromium
if command -v google-chrome &> /dev/null || command -v chromium-browser &> /dev/null; then
mkdir -p ~/.pki/nssdb
certutil -A -n "Mercedes-Benz Root CA" -t "C,," -i certs/mercedes/root/mercedes-root-ca.crt -d ~/.pki/nssdb 2>/dev/null || true
fi
# Firefox
if command -v firefox &> /dev/null; then
FIREFOX_PROFILE=$(find ~/.mozilla/firefox -name "*.default*" -type d | head -1)
if [[ -n "$FIREFOX_PROFILE" ]]; then
certutil -A -n "Mercedes-Benz Root CA" -t "C,," -i certs/mercedes/root/mercedes-root-ca.crt -d "$FIREFOX_PROFILE" 2>/dev/null || true
fi
fi
;;
"macos")
# Safari verwendet System-Keychain (bereits installiert)
log_info "Safari verwendet System-Keychain"
;;
"windows")
# Internet Explorer/Edge verwenden Windows-Zertifikatsspeicher (bereits installiert)
log_info "IE/Edge verwenden Windows-Zertifikatsspeicher"
;;
esac
log_success "Browser-Zertifikate installiert"
}
# Zertifikat-Validierung
validate_certificates() {
log_info "Validiere installierte Zertifikate..."
# Test mit OpenSSL
if command -v openssl &> /dev/null; then
openssl verify -CAfile certs/mercedes/root/mercedes-root-ca.crt certs/mercedes/root/mercedes-root-ca.crt &>/dev/null && \
log_success "OpenSSL-Validierung erfolgreich" || \
log_warning "OpenSSL-Validierung fehlgeschlagen"
fi
# Test mit Python requests
python3 -c "
import requests
import ssl
try:
# Test HTTPS-Verbindung
response = requests.get('https://httpbin.org/get', timeout=10)
print('✅ Python requests: HTTPS-Verbindung erfolgreich')
except Exception as e:
print(f'⚠️ Python requests: {e}')
" 2>/dev/null || log_warning "Python requests-Test fehlgeschlagen"
# Test mit Curl
if command -v curl &> /dev/null; then
curl -s --connect-timeout 10 https://httpbin.org/get > /dev/null && \
log_success "Curl HTTPS-Test erfolgreich" || \
log_warning "Curl HTTPS-Test fehlgeschlagen"
fi
}
# Backup erstellen
create_backup() {
log_info "Erstelle Backup der ursprünglichen Zertifikate..."
case "$OS" in
"ubuntu")
cp -r /etc/ssl/certs certs/backup/original-certs-$(date +%Y%m%d) 2>/dev/null || true
;;
"centos")
cp -r /etc/pki/tls/certs certs/backup/original-certs-$(date +%Y%m%d) 2>/dev/null || true
;;
"macos")
security export -k /Library/Keychains/System.keychain -o certs/backup/system-keychain-$(date +%Y%m%d).p12 2>/dev/null || true
;;
esac
log_success "Backup erstellt"
}
# Umgebungsvariablen setzen
set_environment_variables() {
log_info "Setze Umgebungsvariablen..."
# SSL-Umgebungsvariablen
cat >> ~/.bashrc << EOF
# Mercedes-Benz SSL-Zertifikat-Konfiguration
export SSL_CERT_FILE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export SSL_CERT_DIR="$(pwd)/certs/mercedes/root"
export REQUESTS_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export CURL_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
EOF
# Für aktuelle Session
export SSL_CERT_FILE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export SSL_CERT_DIR="$(pwd)/certs/mercedes/root"
export REQUESTS_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export CURL_CA_BUNDLE="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
export NODE_EXTRA_CA_CERTS="$(pwd)/certs/mercedes/root/mercedes-root-ca.crt"
log_success "Umgebungsvariablen gesetzt"
}
# Hauptfunktion
main() {
log_info "Starte Mercedes-Benz Zertifikat-Installation..."
detect_os
check_privileges
create_backup
create_cert_directories
install_mercedes_root_certs
update_system_cert_store
update_python_certs
update_nodejs_certs
configure_git_certs
configure_curl_certs
configure_wget_certs
install_browser_certs
set_environment_variables
validate_certificates
echo ""
echo "=================================================================="
log_success "${MERCEDES} Mercedes-Benz Zertifikat-Installation abgeschlossen!"
echo "=================================================================="
echo ""
log_info "Nächste Schritte:"
echo " 1. Terminal neu starten oder 'source ~/.bashrc' ausführen"
echo " 2. Anwendungen neu starten für Zertifikat-Erkennung"
echo " 3. HTTPS-Verbindungen testen"
echo ""
log_info "Backup-Verzeichnis: $(pwd)/certs/backup"
log_info "Zertifikat-Verzeichnis: $(pwd)/certs/mercedes"
}
# Fehlerbehandlung
trap 'log_error "Skript wurde unterbrochen"; exit 1' INT TERM
# Skript ausführen
main "$@"
Reference in New Issue View Git Blame Copy Permalink