#!/bin/bash # ./mailcert.sh [certfile|certname|serial] (emailaddress) (configfile) # We need to know what to send, and who to send it to. We aggressively attempt to infer this information as best we can from what arguments are given to us, and what's provided in config files. set -e SUPPLEMENTARY_CONFIG="$3" if [ $2 ]; then if [[ "$2" =~ .+@.+ ]]; then USEREMAIL=$2 else echo "Second argument is not a valid email address; proceeding as if it were the config file..." SUPPLEMENTARY_CONFIG="$2" fi fi . ./configure.sh # attempt to work out where the certificate is, and which CA it is. if [ -e "$CA"/certs/"$1".pem ]; then # serial USERCERT="$CA"/certs/"$1".pem elif [ -e "$CA"/signed/"$1".crt ]; then # certname USERCERT="$CA"/signed/"$1".crt elif [ -e "$1" ]; then # certfile (ugh!) # omgca/signed/test.crt USERCERT="$1" if [[ "$1" =~ (.+/|())(.+)/.+/.+ ]]; then CA="${BASH_REMATCH[3]}" fi else echo None of "$CA"/certs/"$1".pem, "$1", or "$CA"/signed/"$1".crt exist\! exit 2 fi CACERT="$CA"/ca/"$CA".crt # attempt to work out where to send the certificate if ! [ "$USEREMAIL" ]; then # address from cmdline if ! USEREMAIL="$(openssl x509 -in "$USERCERT" -text | sed -ne '{s/.*Subject.\+emailAddress=\(.\+\)/\1/p}' | head -n 1 | grep . )"; then # address from cert if [[ "$USERCERT" =~ (.+/|())(.+)-.+ ]]; then USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN" elif [[ "$USERCERT" =~ (.+/|())(.+)\..+ ]]; then USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN" else echo "Cannot find email address!" exit 3 fi fi fi echo "" echo CACERT is assumed to be: "$CACERT" echo USERCERT is assumed to be: "$USERCERT" echo USEREMAIL is assumed to be: "$USEREMAIL" echo "" echo Press Ctrl-C if any of this looks incorrect, otherwise hit enter. read [[ $(openssl x509 -in omgca/ca/omgca.crt -noout -subject) =~ .+CN=(.+) ]] CACN="${BASH_REMATCH[1]}" if [[ "$CACN" =~ (.+)/emailAddress.+ ]]; then CACN=${BASH_REMATCH[1]} fi BOUNDARY="$(dd if=/dev/urandom bs=16 count=1 status=noxfer 2>/dev/null | base64)" USERCERTNAME=$(basename "$USERCERT") CACERTNAME=$(basename "$CACERT") /usr/lib/sendmail << EOF To: $USEREMAIL From: $E CC: $E Subject: Certificate from $CACN User-Agent: cash mailcert.sh MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="$BOUNDARY" This is a multipart message in MIME format. --$BOUNDARY Content-Type: text/plain Content-Disposition: inline You'll want both of these. $USERCERTNAME is your user certificate. $CACERTNAME is the certificate authority certificate. --$BOUNDARY Content-Type: application/x-x509-ca-cert Content-Disposition: attachment; filename="$USERCERTNAME" $(cat "$CACERT") --$BOUNDARY Content-Type: application/x-x509-ca-cert Content-Disposition: attachment; filename="$CACERTNAME" $(cat "$USERCERT") --$BOUNDARY-- EOF echo "Sent!"