fuglede · October 3, 2015 21:06
diff --git a/fetchoces.sh b/fetchoces.sh
 #!/bin/bash

 LDAPSERVER="ldap://crtdir.certifikat.dk";
 OUTPUTFILE="nemidcert.cer";
 INTERMEDIATEFILE="intermediate.cer";
 COMBINEDFILE="combined.cer";

 # Check for ldapsearch and curl
 command -v ldapsearch >/dev/null 2>&1 || {
    echo "This script needs ldapsearch. In Debian 8, you can get this through 'apt install ldapscripts'." >&2;
    exit 1;
 }
 command -v curl >/dev/null 2>&1 || {
    echo "This script needs curl. In Debian 8, you can get this through 'apt install curl'." >&2;
    exit 1;
 }

 # Test if server is up
 ldapsearch -x -H $LDAPSERVER -b "c=DK" > /dev/null
 if [ ! $? -eq 4 ]; then
    echo "Connection to Nets LDAP server failed." >&2;
    exit 1;
 fi

 # Get email or name
 printf "Enter email address of recipient (leave blank if you want to perform a name query).\nEmail []: ";
 read email;
 if [ -z "$email" ]; then
    printf "Enter name of recipient:\nName: ";
    read name;
 fi

 # Query the LDAP server. Unfortunately, it seems we can't do wildcard searches
 if [ "$name" ]; then
    ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "CN=$name*");
 else
    ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "mail=$email");
 fi

 # Look for common problems
 numResponses=$(printf "$ldapResponse" | grep -o -P '(?<=numResponses: ).*')
 if (($numResponses == 1)); then
    echo "No certificate found. Try again with different search terms." >&2;
    exit 1;
 elif (($numResponses > 2)); then
    echo "Too many search results. Try to limit your search terms and try again." >&2;
    exit 1;
 elif [ $numResponses != 2 ]; then
    echo "Unknown error. Try again with different search terms." >&2;
    exit 1;
 fi

 # Get basic properties in result
 cn=$(printf "$ldapResponse" | grep -o -P '(?<=cn: ).*');
 mail=$(printf "$ldapResponse" | grep -o -P '(?<=mail: ).*');

 printf "\nFound the following certificate:\nName: $cn\nEmail: $mail\n\n";
 while true; do
    read -p "Is this the certificate, you were looking for? [yes] " yn
    case $yn in
        [Nn]* ) echo "Sorry about that. :/ Try again, perhaps?"; exit;;
        * ) break;;
    esac
 done;

 # Write the cert PEM
 echo "-----BEGIN CERTIFICATE-----" > $OUTPUTFILE;
 echo $ldapResponse |\
 grep -o -P '(?<=userCertificate;binary:: ).*(?= \# search)' |\
 tr -d ' ' |\
 sed -e "s/.\{64\}/&\n/g" |\
 sed '/^$/d' >> $OUTPUTFILE;
 echo "-----END CERTIFICATE-----" >> $OUTPUTFILE;

 printf "Trying to fetch intermediate certificates as well.\n\n";
 # Get the intermediate certificate and append it
 # to our certificate from before.
 url=$(openssl x509 -in $OUTPUTFILE -noout -text | grep -o -P '(?<=CA Issuers - URI:).*');
 curl --silent $url | openssl x509 -inform DER -outform PEM > $INTERMEDIATEFILE;
 cat $OUTPUTFILE $INTERMEDIATEFILE > $COMBINEDFILE;
 echo "Success. Your certificates are now available:";
 echo "* $OUTPUTFILE:    Contains the certificate you requested.";
 echo "* $INTERMEDIATEFILE: Contains the intermediate certificate.";
 printf "* $COMBINEDFILE:     Both certificates, concatenated.\n\n";

 # Check for the mutt script smime_keys. Exit if we don't have it.
 command -v smime_keys >/dev/null 2>&1 || {
    echo "One way to use these is to import $COMBINEDFILE in Thunderbird.";
    exit 1;
 }

 while true; do
    read -p "Do you want me try to add the certificate to mutt? [yes] " yn
    case $yn in
        [Nn]* ) echo "Roger. Exiting."; exit;;
        * ) break;;
    esac
 done;

 # Check if ~/.smime exists. Propose to install it if it doesn't
 if [ ! -d ~/.smime/ ]; then
    echo "Looks like you never used mutt with S/MIME before (since ~/.smime/ doesn't exist).";
    while true; do
        read -p "Should I try to initialize mutt's S/MIME database? [yes] " yn
        case $yn in
            [Nn]* ) echo "Roger. Exiting."; exit;;
            * ) smime_keys init; echo "S/MIME database initialized in ~/.smime/"; break;;
        esac
    done;
 fi

 smime_keys add_cert $OUTPUTFILE 2> /dev/null;
 printf "(Heh, we actually skipped verification. Mutt doesn't care.)\n\n";
 while true; do
    read -p "Certificate installed. Want me to remove the three auxiliary files again? [yes] " yn
    case $yn in
        [Nn]* ) echo "Roger. We're done here."; exit;;
        * ) rm $OUTPUTFILE $INTERMEDIATEFILE $COMBINEDFILE; echo "Done. Take care."; exit;;
    esac
 done;
	#!/bin/bash

	LDAPSERVER="ldap://crtdir.certifikat.dk";
	OUTPUTFILE="nemidcert.cer";
	INTERMEDIATEFILE="intermediate.cer";
	COMBINEDFILE="combined.cer";

	# Check for ldapsearch and curl
	command -v ldapsearch >/dev/null 2>&1 \|\| {
	echo "This script needs ldapsearch. In Debian 8, you can get this through 'apt install ldapscripts'." >&2;
	exit 1;
	}
	command -v curl >/dev/null 2>&1 \|\| {
	echo "This script needs curl. In Debian 8, you can get this through 'apt install curl'." >&2;
	exit 1;
	}

	# Test if server is up
	ldapsearch -x -H $LDAPSERVER -b "c=DK" > /dev/null
	if [ ! $? -eq 4 ]; then
	echo "Connection to Nets LDAP server failed." >&2;
	exit 1;
	fi

	# Get email or name
	printf "Enter email address of recipient (leave blank if you want to perform a name query).\nEmail []: ";
	read email;
	if [ -z "$email" ]; then
	printf "Enter name of recipient:\nName: ";
	read name;
	fi

	# Query the LDAP server. Unfortunately, it seems we can't do wildcard searches
	if [ "$name" ]; then
	ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "CN=$name*");
	else
	ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "mail=$email");
	fi

	# Look for common problems
	numResponses=$(printf "$ldapResponse" \| grep -o -P '(?<=numResponses: ).*')
	if (($numResponses == 1)); then
	echo "No certificate found. Try again with different search terms." >&2;
	exit 1;
	elif (($numResponses > 2)); then
	echo "Too many search results. Try to limit your search terms and try again." >&2;
	exit 1;
	elif [ $numResponses != 2 ]; then
	echo "Unknown error. Try again with different search terms." >&2;
	exit 1;
	fi

	# Get basic properties in result
	cn=$(printf "$ldapResponse" \| grep -o -P '(?<=cn: ).*');
	mail=$(printf "$ldapResponse" \| grep -o -P '(?<=mail: ).*');

	printf "\nFound the following certificate:\nName: $cn\nEmail: $mail\n\n";
	while true; do
	read -p "Is this the certificate, you were looking for? [yes] " yn
	case $yn in
	[Nn]* ) echo "Sorry about that. :/ Try again, perhaps?"; exit;;
	* ) break;;
	esac
	done;

	# Write the cert PEM
	echo "-----BEGIN CERTIFICATE-----" > $OUTPUTFILE;
	echo $ldapResponse \|\
	grep -o -P '(?<=userCertificate;binary:: ).*(?= \# search)' \|\
	tr -d ' ' \|\
	sed -e "s/.\{64\}/&\n/g" \|\
	sed '/^$/d' >> $OUTPUTFILE;
	echo "-----END CERTIFICATE-----" >> $OUTPUTFILE;

	printf "Trying to fetch intermediate certificates as well.\n\n";
	# Get the intermediate certificate and append it
	# to our certificate from before.
	url=$(openssl x509 -in $OUTPUTFILE -noout -text \| grep -o -P '(?<=CA Issuers - URI:).*');
	curl --silent $url \| openssl x509 -inform DER -outform PEM > $INTERMEDIATEFILE;
	cat $OUTPUTFILE $INTERMEDIATEFILE > $COMBINEDFILE;
	echo "Success. Your certificates are now available:";
	echo "* $OUTPUTFILE: Contains the certificate you requested.";
	echo "* $INTERMEDIATEFILE: Contains the intermediate certificate.";
	printf "* $COMBINEDFILE: Both certificates, concatenated.\n\n";

	# Check for the mutt script smime_keys. Exit if we don't have it.
	command -v smime_keys >/dev/null 2>&1 \|\| {
	echo "One way to use these is to import $COMBINEDFILE in Thunderbird.";
	exit 1;
	}

	while true; do
	read -p "Do you want me try to add the certificate to mutt? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. Exiting."; exit;;
	* ) break;;
	esac
	done;

	# Check if ~/.smime exists. Propose to install it if it doesn't
	if [ ! -d ~/.smime/ ]; then
	echo "Looks like you never used mutt with S/MIME before (since ~/.smime/ doesn't exist).";
	while true; do
	read -p "Should I try to initialize mutt's S/MIME database? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. Exiting."; exit;;
	* ) smime_keys init; echo "S/MIME database initialized in ~/.smime/"; break;;
	esac
	done;
	fi

	smime_keys add_cert $OUTPUTFILE 2> /dev/null;
	printf "(Heh, we actually skipped verification. Mutt doesn't care.)\n\n";
	while true; do
	read -p "Certificate installed. Want me to remove the three auxiliary files again? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. We're done here."; exit;;
	* ) rm $OUTPUTFILE $INTERMEDIATEFILE $COMBINEDFILE; echo "Done. Take care."; exit;;
	esac
	done;