elijahgagne/gist:7bf9f27105dc5b32db17cfa9c305f798

## gistfile1.txt
# Common config
# mac: pbcopy, ubuntu: xclip, windows: clip.exe
local ALTIMA_CORE_CLIPBOARD_CMD=pbcopy
local ALTIMA_LITE_NETID=REPLACE_WITH_NETID
local ALTIMA_LITE_OP=REPLACE_WITH_OP_ACCOUNT
local ALTIMA_LITE_CA_ID=REPLACE_WITH_OP_ID

# Standard config
export ALTIMA_CYBERARK_ROOT_URL=https://pvwa.dartmouth.edu/PasswordVault/WebServices
export ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME=$ALTIMA_LITE_NETID
export ALTIMA_CYBERARK_API_CREDENTIAL_PATH=prod/$ALTIMA_LITE_NETID
export ALTIMA_CYBERARK_ACCOUNT_PATHS=( prod/$ALTIMA_LITE_OP )
export ALTIMA_CYBERARK_ACCOUNT_IDS=( $ALTIMA_LITE_CA_ID )
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS=op
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_USERNAME=$ALTIMA_LITE_OP
export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH=prod/$ALTIMA_LITE_OP

alias $ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS='get_cred | "${ALTIMA_CORE_CLIPBOARD_CMD}"'

function get_cred
{
  local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
  echo -n "$(pass ""$CRED_PATH"")"
}

function set_cred
{
  local CRED_PATH="$1"
  local PASSWORD="$2"
  echo -n "$PASSWORD" | pass insert --force --echo "$CRED_PATH"
}

# Functions for using Apple Keychain instead of pass
# function get_cred
# {
#   local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
#   /usr/bin/security find-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -w | tr -d '\n'
# }
# function set_cred
# {
#   local CRED_PATH="$1"
#   local PASSWORD="$2"
#   /usr/bin/security add-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -U -w "$PASSWORD"
# }

function get_cyberark_api_token
{
  if [ -z $1 ]; then
    echo -n "Username: "; read USER_NAME
  else
    local USER_NAME="$1"
  fi
  if [ -z $2 ]; then
    echo -n "Password: "; stty -echo; read PASSWORD; stty echo; echo
  else
    local PASSWORD="$2"
  fi

  curl --request POST \
    --url "$ALTIMA_CYBERARK_ROOT_URL/auth/Cyberark/CyberArkAuthenticationService.svc/Logon" \
    --header 'content-type: application/json' \
    --silent \
    --data "{
    \"username\": \"$USER_NAME\",
    \"password\": \"$PASSWORD\",
    \"useRadiusAuthentication\": \"true\",
    \"connectionNumber\": \"1\"
  }" | awk -F\" '{print $4}'
}

function get_cyberark_password
{
  local TOKEN="$1"
  local ACCOUNT_ID="$2"
  curl --request GET \
    --url "$ALTIMA_CYBERARK_ROOT_URL/PIMServices.svc/Accounts/$ACCOUNT_ID/Credentials" \
    --header "Authorization: $TOKEN" \
    --header 'Content-Type: application/json' \
    --silent
}

function ucred
{
  if [ -z $ALTIMA_CYBERARK_API_CREDENTIAL_PATH ] || [ "$ALTIMA_CYBERARK_API_CREDENTIAL_PATH" = "null" ]; then
    local PASSWORD=""
    echo -n "Password for $ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME: "; stty -echo; read PASSWORD; stty echo; echo
  else
    local PASSWORD=$(get_cred $ALTIMA_CYBERARK_API_CREDENTIAL_PATH)
  fi
  local TOKEN=$(get_cyberark_api_token "$ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME" $PASSWORD)

  for i in $(seq 0 $((${#ALTIMA_CYBERARK_ACCOUNT_PATHS[@]}))); do
    if [[ ${ALTIMA_CYBERARK_ACCOUNT_PATHS[$i]} != '' ]]; then
      local PASSWORD=$(get_cyberark_password "$TOKEN" "${ALTIMA_CYBERARK_ACCOUNT_IDS[i]}")
      if [[ "$PASSWORD" = *"Error"* ]]; then
        printf "%24s: ERROR!\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}"
      else
        pass "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" | "${ALTIMA_CORE_CLIPBOARD_CMD}" > /dev/null
        HIDE_PASSWORD=${PASSWORD:0:2}********
        printf "%24s: %-24s\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$HIDE_PASSWORD"
      fi
      set_cred "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$PASSWORD" > /dev/null
    fi
  done
}

function altima_help_pass_install
{
  echo '''
## Mac install

brew install pass
brew unlink pass
brew install --HEAD pass

## Ubuntu install

#https://aka.ms/wslinstall
sudo apt update
sudo apt install -y pass

## Configure pass

cat >loader <<EOF
  %echo Generating a GPG key
  Key-Type: RSA
  Key-Length: 4096
  Subkey-Type: RSA
  Subkey-Length: 4096
  Name-Real: Password Storage Key
  Expire-Date: 0
  %no-protection
  %commit
  %echo done
EOF
gpg --batch --gen-key loader
rm -f loader

pass init "Password Storage Key"

pass insert prod/d92495j
echo -n XXX | pass insert --force --echo "prod/rciX"

pass prod/rciX
'''
}

function altima_help_lite_install
{
  printf -- "
echo 'source %s/altima_lite.sh' >> %s/.zshrc
or
echo 'source %s/altima_lite.sh' >> %s/.bashrc

" '$HOME' '$HOME' '$HOME' '$HOME'
}

function altima_help_configure
{
  local NETID=""
  local OP_ACCOUNT=""
  local OP_ID=""
  echo -n "NetID? "
  read NETID
  echo -n "OP Account? "
  read OP_ACCOUNT
  echo -n "OP ID? "
  read OP_ID

  sed -i '' "1,10s/REPLACE_WITH_NETID/$NETID/" $HOME/altima_lite.sh
  sed -i '' "1,10s/REPLACE_WITH_OP_ACCOUNT/$OP_ACCOUNT/" $HOME/altima_lite.sh
  sed -i '' "1,10s/REPLACE_WITH_OP_ID/$OP_ID/" $HOME/altima_lite.sh
}
	# Common config
	# mac: pbcopy, ubuntu: xclip, windows: clip.exe
	local ALTIMA_CORE_CLIPBOARD_CMD=pbcopy
	local ALTIMA_LITE_NETID=REPLACE_WITH_NETID
	local ALTIMA_LITE_OP=REPLACE_WITH_OP_ACCOUNT
	local ALTIMA_LITE_CA_ID=REPLACE_WITH_OP_ID

	# Standard config
	export ALTIMA_CYBERARK_ROOT_URL=https://pvwa.dartmouth.edu/PasswordVault/WebServices
	export ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME=$ALTIMA_LITE_NETID
	export ALTIMA_CYBERARK_API_CREDENTIAL_PATH=prod/$ALTIMA_LITE_NETID
	export ALTIMA_CYBERARK_ACCOUNT_PATHS=( prod/$ALTIMA_LITE_OP )
	export ALTIMA_CYBERARK_ACCOUNT_IDS=( $ALTIMA_LITE_CA_ID )
	export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS=op
	export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_USERNAME=$ALTIMA_LITE_OP
	export ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH=prod/$ALTIMA_LITE_OP

	alias $ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_ALIAS='get_cred \| "${ALTIMA_CORE_CLIPBOARD_CMD}"'

	function get_cred
	{
	local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
	echo -n "$(pass ""$CRED_PATH"")"
	}

	function set_cred
	{
	local CRED_PATH="$1"
	local PASSWORD="$2"
	echo -n "$PASSWORD" \| pass insert --force --echo "$CRED_PATH"
	}

	# Functions for using Apple Keychain instead of pass
	# function get_cred
	# {
	# local CRED_PATH=${1:-"$ALTIMA_CREDENTIALMANAGER_PRIMARY_CREDENTIAL_PATH"}
	# /usr/bin/security find-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -w \| tr -d '\n'
	# }
	# function set_cred
	# {
	# local CRED_PATH="$1"
	# local PASSWORD="$2"
	# /usr/bin/security add-generic-password -a "$CRED_PATH" -s "$CRED_PATH" -U -w "$PASSWORD"
	# }

	function get_cyberark_api_token
	{
	if [ -z $1 ]; then
	echo -n "Username: "; read USER_NAME
	else
	local USER_NAME="$1"
	fi
	if [ -z $2 ]; then
	echo -n "Password: "; stty -echo; read PASSWORD; stty echo; echo
	else
	local PASSWORD="$2"
	fi

	curl --request POST \
	--url "$ALTIMA_CYBERARK_ROOT_URL/auth/Cyberark/CyberArkAuthenticationService.svc/Logon" \
	--header 'content-type: application/json' \
	--silent \
	--data "{
	\"username\": \"$USER_NAME\",
	\"password\": \"$PASSWORD\",
	\"useRadiusAuthentication\": \"true\",
	\"connectionNumber\": \"1\"
	}" \| awk -F\" '{print $4}'
	}

	function get_cyberark_password
	{
	local TOKEN="$1"
	local ACCOUNT_ID="$2"
	curl --request GET \
	--url "$ALTIMA_CYBERARK_ROOT_URL/PIMServices.svc/Accounts/$ACCOUNT_ID/Credentials" \
	--header "Authorization: $TOKEN" \
	--header 'Content-Type: application/json' \
	--silent
	}

	function ucred
	{
	if [ -z $ALTIMA_CYBERARK_API_CREDENTIAL_PATH ] \|\| [ "$ALTIMA_CYBERARK_API_CREDENTIAL_PATH" = "null" ]; then
	local PASSWORD=""
	echo -n "Password for $ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME: "; stty -echo; read PASSWORD; stty echo; echo
	else
	local PASSWORD=$(get_cred $ALTIMA_CYBERARK_API_CREDENTIAL_PATH)
	fi
	local TOKEN=$(get_cyberark_api_token "$ALTIMA_CYBERARK_API_CREDENTIAL_USERNAME" $PASSWORD)

	for i in $(seq 0 $((${#ALTIMA_CYBERARK_ACCOUNT_PATHS[@]}))); do
	if [[ ${ALTIMA_CYBERARK_ACCOUNT_PATHS[$i]} != '' ]]; then
	local PASSWORD=$(get_cyberark_password "$TOKEN" "${ALTIMA_CYBERARK_ACCOUNT_IDS[i]}")
	if [[ "$PASSWORD" = "Error" ]]; then
	printf "%24s: ERROR!\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}"
	else
	pass "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" \| "${ALTIMA_CORE_CLIPBOARD_CMD}" > /dev/null
	HIDE_PASSWORD=${PASSWORD:0:2}********
	printf "%24s: %-24s\n" "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$HIDE_PASSWORD"
	fi
	set_cred "${ALTIMA_CYBERARK_ACCOUNT_PATHS[i]}" "$PASSWORD" > /dev/null
	fi
	done
	}

	function altima_help_pass_install
	{
	echo '''
	## Mac install

	brew install pass
	brew unlink pass
	brew install --HEAD pass

	## Ubuntu install

	#https://aka.ms/wslinstall
	sudo apt update
	sudo apt install -y pass

	## Configure pass

	cat >loader <<EOF
	%echo Generating a GPG key
	Key-Type: RSA
	Key-Length: 4096
	Subkey-Type: RSA
	Subkey-Length: 4096
	Name-Real: Password Storage Key
	Expire-Date: 0
	%no-protection
	%commit
	%echo done
	EOF
	gpg --batch --gen-key loader
	rm -f loader

	pass init "Password Storage Key"

	pass insert prod/d92495j
	echo -n XXX \| pass insert --force --echo "prod/rciX"

	pass prod/rciX
	'''
	}

	function altima_help_lite_install
	{
	printf -- "
	echo 'source %s/altima_lite.sh' >> %s/.zshrc
	or
	echo 'source %s/altima_lite.sh' >> %s/.bashrc

	" '$HOME' '$HOME' '$HOME' '$HOME'
	}

	function altima_help_configure
	{
	local NETID=""
	local OP_ACCOUNT=""
	local OP_ID=""
	echo -n "NetID? "
	read NETID
	echo -n "OP Account? "
	read OP_ACCOUNT
	echo -n "OP ID? "
	read OP_ID

	sed -i '' "1,10s/REPLACE_WITH_NETID/$NETID/" $HOME/altima_lite.sh
	sed -i '' "1,10s/REPLACE_WITH_OP_ACCOUNT/$OP_ACCOUNT/" $HOME/altima_lite.sh
	sed -i '' "1,10s/REPLACE_WITH_OP_ID/$OP_ID/" $HOME/altima_lite.sh
	}