blob: 7767be69cfa59f86685b4ca234b3f15024635a99 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
#!/bin/bash
# ./mailcert.sh [certfile|certname|serial] (emailaddress) (configfile)
# We need to know what to send, and who to send it to. We aggressively attempt to infer this information as best we can from what arguments are given to us, and what's provided in config files.
set -e
SUPPLEMENTARY_CONFIG="$3"
if [ $2 ]; then
if [[ "$2" =~ .+@.+ ]]; then
USEREMAIL=$2
else
echo "Second argument is not a valid email address; proceeding as if it were the config file..."
SUPPLEMENTARY_CONFIG="$2"
fi
fi
. ./configure.sh
# attempt to work out where the certificate is, and which CA it is.
if [ -e "$CA"/certs/"$1".pem ]; then # serial
USERCERT="$CA"/certs/"$1".pem
elif [ -e "$CA"/signed/"$1".crt ]; then # certname
USERCERT="$CA"/signed/"$1".crt
elif [ -e "$1" ]; then # certfile (ugh!)
# omgca/signed/test.crt
USERCERT="$1"
if [[ "$1" =~ (.+/|())(.+)/.+/.+ ]]; then
CA="${BASH_REMATCH[3]}"
fi
else
echo None of "$CA"/certs/"$1".pem, "$1", or "$CA"/signed/"$1".crt exist\!
exit 2
fi
CACERT="$CA"/ca/"$CA".crt
# attempt to work out where to send the certificate
if ! [ "$USEREMAIL" ]; then # address from cmdline
if ! USEREMAIL="$(openssl x509 -in "$USERCERT" -text | sed -ne '{s/.*Subject.\+emailAddress=\(.\+\)/\1/p}' | head -n 1 | grep . )"; then # address from cert
if [[ "$USERCERT" =~ (.+/|())(.+)-.+ ]]; then
USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN"
elif [[ "$USERCERT" =~ (.+/|())(.+)\..+ ]]; then
USEREMAIL="${BASH_REMATCH[3]}"@"$EMAIL_DEFAULT_DOMAIN"
else
echo "Cannot find email address!"
exit 3
fi
fi
fi
echo CACERT is assumed to be: "$CACERT"
echo USERCERT is assumed to be: "$USERCERT"
echo USEREMAIL is assumed to be: "$USEREMAIL"
echo Press Ctrl-C if any of this looks incorrect.
sleep 5
[[ $(openssl x509 -in omgca/ca/omgca.crt -noout -subject) =~ .+CN=(.+) ]]
CACN="${BASH_REMATCH[1]}"
if [[ "$CACN" =~ (.+)/emailAddress.+ ]]; then
CACN=${BASH_REMATCH[1]}
fi
# FIXME: implement /usr/lib/sendmail input, including attachment syntax
# /usr/lib/sendmail -t << EOF
cat << EOF
To: "$USEREMAIL"
From: "$E"
Subject: Certificate from "$CACN"
MIME-Version: 1.0
Content-Type:
|