#!/bin/bash # ./mailcert.sh [certfile|certname|serial] (emailaddress) (configfile) # We need to know what to send, and who to send it to. We aggressively attempt to infer this information as best we can from what arguments are given to us, and what's provided in config files. set -e SUPPLEMENTARY_CONFIG="$3" if [ $2 ]; then if [[ "$2" =~ .+@.+ ]]; then USEREMAIL=$2 else echo "Second argument is not a valid email address; proceeding as if it were the config file..." SUPPLEMENTARY_CONFIG="$2" fi fi . ./configure.sh # attempt to work out where the certificate is, and which CA it is. if [ -e "$CA"/certs/"$1".pem ]; then # serial USERCERT="$CA"/certs/"$1".pem elif [ -e "$CA"/signed/"$1".crt ]; then # certname USERCERT="$CA"/signed/"$1".crt elif [ -e "$1" ]; then # certfile (ugh!) # omgca/signed/test.crt USERCERT="$1" if [[ "$1" =~ (.+/|())(.+)/.+/.+ ]]; then CA="${BASH_REMATCH[3]}" fi else echo None of "$CA"/certs/"$1".pem, "$1", or "$CA"/signed/"$1".crt exist\! exit 2 fi CACERT="$CA"/ca/"$CA".crt # attempt to work out where to send the certificate if ! [ "$USEREMAIL" ]; then # address from cmdline if ! USEREMAIL="$(openssl x509 -in "$USERCERT" -text | sed -ne '{s/.*Subject.\+emailAddress=\(.\+\)/\1/p}' | head -n 1 | grep . )"; then # address from cert if [[ "$USERCERT" =~ (.+/|())(.+)-.+ ]]; then USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN" elif [[ "$USERCERT" =~ (.+/|())(.+)\..+ ]]; then USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN" else echo "Cannot find email address!" exit 3 fi fi fi echo "" echo CACERT is assumed to be: "$CACERT" echo USERCERT is assumed to be: "$USERCERT" echo USEREMAIL is assumed to be: "$USEREMAIL" echo "" echo Press Ctrl-C if any of this looks incorrect, otherwise hit enter. read [[ $(openssl x509 -in omgca/ca/omgca.crt -noout -subject) =~ .+CN=(.+) ]] CACN="${BASH_REMATCH[1]}" if [[ "$CACN" =~ (.+)/emailAddress.+ ]]; then CACN=${BASH_REMATCH[1]} fi export BOUNDARY="$(dd if=/dev/urandom bs=16 count=1 status=noxfer 2>/dev/null | base64)" export USERCERTNAME=$(basename "$USERCERT") export CACERTNAME=$(basename "$CACERT") ( echo "To: $USEREMAIL" echo "From: $E" echo "Subject: Certificate from $CACN" echo "User-Agent: cash mailcert.sh" echo "MIME-Version: 1.0" echo "Content-Type: multipart/mixed; boundary=\"$BOUNDARY\"" echo "" echo "This is a multipart message in MIME format." echo "" echo "--$BOUNDARY" echo "Content-Type: text/plain" echo "Content-Disposition: inline" echo "" echo "You'll want both of these." echo "" echo "$USERCERTNAME is your user certificate." echo "" echo "$CACERTNAME is the certificate authority certificate." echo "--$BOUNDARY" echo "Content-Type: application/x-x509-ca-cert" echo "Content-Disposition: attachment; filename=\"$USERCERTNAME\"" echo "" cat "$CACERT" echo "" echo "--$BOUNDARY" echo "Content-Type: application/x-x509-ca-cert" echo "Content-Disposition: attachment; filename=\"$CACERTNAME\"" echo "" cat "$USERCERT" echo "" echo "--$BOUNDARY--" ) | /usr/lib/sendmail -t echo "Sent!"