#!/usr/bin/ruby # Takes input and emails somebody with an inline SPKAC request # # Certificates are automatically imported if they are served to clients over http with # Content-type: application/x-x509-user-cert # # Some Webkit browsers, notably Chrome, don't understand PEM. Use DER. # Redefine these: localpart = 'jerks' hostname = 'example.com' require 'cgi' cgi = CGI.new # Depending on how you access the form variables will depend on the results you get. # 1. An explicit request in 1.8.x of form cgi['myvar'] returns a string # 2. pre 1.8.x it returns an array # 3. If you use the form cgi.params it returns a hash # 4. If your form happens to include file upload (e.g. contains and an 'enctype="multipart/form-data"') then # * if the file size is > 10240 bytes ALL variables are created as Tempfiles # * if < 10240 they are StringIO objects. # StringIO and Tempfile both support the 'read' method, so all that's left is String... class String def read( ) self end end print 'Content-type: text/plain ' spkac = String.new ['SPKAC', 'C', 'ST', 'L', 'O', 'OU', 'CN', 'emailAddress'].each do |dn| if defined?(cgi.params[dn][0].read) && cgi.params[dn][0].read =~ /./ spkac << "#{dn}=#{cgi.params[dn][0].read.gsub(/\r|\n/, '')}\n" else print "Warning: Variable #{dn} is invalid or missing. It will not be included in your request. If this is in error, please correct and resubmit.\n" end end if spkac =~ /^SPKAC/ IO.popen('/usr/sbin/sendmail -t', mode='w') { |mail| mail.write( "To: #{localpart}@#{hostname} From: spkac form Subject: SPKAC request MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii #{ENV['REMOTE_ADDR']} #{ENV['HTTP_USER_AGENT']} #{spkac} " ) } print "\nThe following SPKAC request has been emailed to your friendly neighbourhood admins, who will look it over, possibly sign it and give you a link to a shiny new certificate:\n\n" print spkac else print "Error: SPKAC public key is missing. Correct and resubmit." end