#!/bin/bash # ./mailcert.sh [certfile|certname|serial] (emailaddress) (configfile) # We need to know what to send, and who to send it to. We aggressively attempt to infer this information as best we can from what arguments are given to us, and what's provided in config files. set -e SUPPLEMENTARY_CONFIG="$3" if [ $2 ]; then if [[ "$2" =~ .+@.+ ]]; then USEREMAIL=$2 else echo "Second argument is not a valid email address; proceeding as if it were the config file..." SUPPLEMENTARY_CONFIG="$2" fi fi . ./configure.sh # attempt to work out where the certificate is, and which CA it is. if [ -e "$CA"/certs/"$1".pem ]; then # serial USERCERT="$CA"/certs/"$1".pem elif [ -e "$CA"/signed/"$1".crt ]; then # certname USERCERT="$CA"/signed/"$1".crt elif [ -e "$1" ]; then # certfile (ugh!) # omgca/signed/test.crt USERCERT="$1" if [[ "$1" =~ (.+/|())(.+)/.+/.+ ]]; then CA="${BASH_REMATCH[3]}" fi else echo None of "$CA"/certs/"$1".pem, "$1", or "$CA"/signed/"$1".crt exist\! exit 2 fi CACERT="$CA"/ca/"$CA".crt # attempt to work out where to send the certificate if ! [ "$USEREMAIL" ]; then # address from cmdline if ! USEREMAIL="$(openssl x509 -in "$USERCERT" -text | sed -ne '{s/.*Subject.\+emailAddress=\(.\+\)/\1/p}' | head -n 1 | grep . )"; then # address from cert if [[ "$USERCERT" =~ (.+/|())(.+)(-|\.).+ ]]; then USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN" else echo "Cannot find email address!" exit 3 fi fi fi echo CACERT is assumed to be: "$CACERT" echo USERCERT is assumed to be: "$USERCERT" echo USEREMAIL is assumed to be: "$USEREMAIL" echo Press Ctrl-C if any of this looks incorrect. sleep 5 [[ $(openssl x509 -in omgca/ca/omgca.crt -noout -subject) =~ .+CN=(.+) ]] CACN="${BASH_REMATCH[1]}" if [[ "$CACN" =~ (.+)/emailAddress.+ ]]; then CACN=${BASH_REMATCH[1]} fi # FIXME: implement /usr/lib/sendmail input, including attachment syntax # /usr/lib/sendmail -t << EOF cat << EOF To: "$USEREMAIL" From: "$E" Subject: Certificate from "$CACN" MIME-Version: 1.0 Content-Type: