fuglede/fetchoces.sh

## fetchoces.sh
#!/bin/bash

LDAPSERVER="ldap://crtdir.certifikat.dk";
OUTPUTFILE="nemidcert.cer";
INTERMEDIATEFILE="intermediate.cer";
COMBINEDFILE="combined.cer";

# Check for ldapsearch and curl
command -v ldapsearch >/dev/null 2>&1 || {
    echo "This script needs ldapsearch. In Debian 8, you can get this through 'apt install ldapscripts'." >&2;
    exit 1;
}
command -v curl >/dev/null 2>&1 || {
    echo "This script needs curl. In Debian 8, you can get this through 'apt install curl'." >&2;
    exit 1;
}

# Test if server is up
ldapsearch -x -H $LDAPSERVER -b "c=DK" > /dev/null
if [ ! $? -eq 4 ]; then
    echo "Connection to Nets LDAP server failed." >&2;
    exit 1;
fi

# Get email or name
printf "Enter email address of recipient (leave blank if you want to perform a name query).\nEmail []: ";
read email;
if [ -z "$email" ]; then
    printf "Enter name of recipient:\nName: ";
    read name;
fi

# Query the LDAP server. Unfortunately, it seems we can't do wildcard searches
if [ "$name" ]; then
    ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "CN=$name*");
else
    ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "mail=$email");
fi

# Look for common problems
numResponses=$(printf "$ldapResponse" | grep -o -P '(?<=numResponses: ).*')
if (($numResponses == 1)); then
    echo "No certificate found. Try again with different search terms." >&2;
    exit 1;
elif (($numResponses > 2)); then
    echo "Too many search results. Try to limit your search terms and try again." >&2;
    exit 1;
elif [ $numResponses != 2 ]; then
    echo "Unknown error. Try again with different search terms." >&2;
    exit 1;
fi

# Get basic properties in result
cn=$(printf "$ldapResponse" | grep -o -P '(?<=cn: ).*');
mail=$(printf "$ldapResponse" | grep -o -P '(?<=mail: ).*');

printf "\nFound the following certificate:\nName: $cn\nEmail: $mail\n\n";
while true; do
    read -p "Is this the certificate, you were looking for? [yes] " yn
    case $yn in
        [Nn]* ) echo "Sorry about that. :/ Try again, perhaps?"; exit;;
        * ) break;;
    esac
done;

# Write the cert PEM
echo "-----BEGIN CERTIFICATE-----" > $OUTPUTFILE;
echo $ldapResponse |\
grep -o -P '(?<=userCertificate;binary:: ).*(?= \# search)' |\
tr -d ' ' |\
sed -e "s/.\{64\}/&\n/g" |\
sed '/^$/d' >> $OUTPUTFILE;
echo "-----END CERTIFICATE-----" >> $OUTPUTFILE;

printf "Trying to fetch intermediate certificates as well.\n\n";
# Get the intermediate certificate and append it
# to our certificate from before.
url=$(openssl x509 -in $OUTPUTFILE -noout -text | grep -o -P '(?<=CA Issuers - URI:).*');
curl --silent $url | openssl x509 -inform DER -outform PEM > $INTERMEDIATEFILE;
cat $OUTPUTFILE $INTERMEDIATEFILE > $COMBINEDFILE;
echo "Success. Your certificates are now available:";
echo "* $OUTPUTFILE:    Contains the certificate you requested.";
echo "* $INTERMEDIATEFILE: Contains the intermediate certificate.";
printf "* $COMBINEDFILE:     Both certificates, concatenated.\n\n";

# Check for the mutt script smime_keys. Exit if we don't have it.
command -v smime_keys >/dev/null 2>&1 || {
    echo "One way to use these is to import $COMBINEDFILE in Thunderbird.";
    exit 1;
}

while true; do
    read -p "Do you want me try to add the certificate to mutt? [yes] " yn
    case $yn in
        [Nn]* ) echo "Roger. Exiting."; exit;;
        * ) break;;
    esac
done;

# Check if ~/.smime exists. Propose to install it if it doesn't
if [ ! -d ~/.smime/ ]; then
    echo "Looks like you never used mutt with S/MIME before (since ~/.smime/ doesn't exist).";
    while true; do
        read -p "Should I try to initialize mutt's S/MIME database? [yes] " yn
        case $yn in
            [Nn]* ) echo "Roger. Exiting."; exit;;
            * ) smime_keys init; echo "S/MIME database initialized in ~/.smime/"; break;;
        esac
    done;
fi

smime_keys add_cert $OUTPUTFILE 2> /dev/null;
printf "(Heh, we actually skipped verification. Mutt doesn't care.)\n\n";
while true; do
    read -p "Certificate installed. Want me to remove the three auxiliary files again? [yes] " yn
    case $yn in
        [Nn]* ) echo "Roger. We're done here."; exit;;
        * ) rm $OUTPUTFILE $INTERMEDIATEFILE $COMBINEDFILE; echo "Done. Take care."; exit;;
    esac
done;
	#!/bin/bash

	LDAPSERVER="ldap://crtdir.certifikat.dk";
	OUTPUTFILE="nemidcert.cer";
	INTERMEDIATEFILE="intermediate.cer";
	COMBINEDFILE="combined.cer";

	# Check for ldapsearch and curl
	command -v ldapsearch >/dev/null 2>&1 \|\| {
	echo "This script needs ldapsearch. In Debian 8, you can get this through 'apt install ldapscripts'." >&2;
	exit 1;
	}
	command -v curl >/dev/null 2>&1 \|\| {
	echo "This script needs curl. In Debian 8, you can get this through 'apt install curl'." >&2;
	exit 1;
	}

	# Test if server is up
	ldapsearch -x -H $LDAPSERVER -b "c=DK" > /dev/null
	if [ ! $? -eq 4 ]; then
	echo "Connection to Nets LDAP server failed." >&2;
	exit 1;
	fi

	# Get email or name
	printf "Enter email address of recipient (leave blank if you want to perform a name query).\nEmail []: ";
	read email;
	if [ -z "$email" ]; then
	printf "Enter name of recipient:\nName: ";
	read name;
	fi

	# Query the LDAP server. Unfortunately, it seems we can't do wildcard searches
	if [ "$name" ]; then
	ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "CN=$name*");
	else
	ldapResponse=$(ldapsearch -x -H $LDAPSERVER -b "c=DK" "mail=$email");
	fi

	# Look for common problems
	numResponses=$(printf "$ldapResponse" \| grep -o -P '(?<=numResponses: ).*')
	if (($numResponses == 1)); then
	echo "No certificate found. Try again with different search terms." >&2;
	exit 1;
	elif (($numResponses > 2)); then
	echo "Too many search results. Try to limit your search terms and try again." >&2;
	exit 1;
	elif [ $numResponses != 2 ]; then
	echo "Unknown error. Try again with different search terms." >&2;
	exit 1;
	fi

	# Get basic properties in result
	cn=$(printf "$ldapResponse" \| grep -o -P '(?<=cn: ).*');
	mail=$(printf "$ldapResponse" \| grep -o -P '(?<=mail: ).*');

	printf "\nFound the following certificate:\nName: $cn\nEmail: $mail\n\n";
	while true; do
	read -p "Is this the certificate, you were looking for? [yes] " yn
	case $yn in
	[Nn]* ) echo "Sorry about that. :/ Try again, perhaps?"; exit;;
	* ) break;;
	esac
	done;

	# Write the cert PEM
	echo "-----BEGIN CERTIFICATE-----" > $OUTPUTFILE;
	echo $ldapResponse \|\
	grep -o -P '(?<=userCertificate;binary:: ).*(?= \# search)' \|\
	tr -d ' ' \|\
	sed -e "s/.\{64\}/&\n/g" \|\
	sed '/^$/d' >> $OUTPUTFILE;
	echo "-----END CERTIFICATE-----" >> $OUTPUTFILE;

	printf "Trying to fetch intermediate certificates as well.\n\n";
	# Get the intermediate certificate and append it
	# to our certificate from before.
	url=$(openssl x509 -in $OUTPUTFILE -noout -text \| grep -o -P '(?<=CA Issuers - URI:).*');
	curl --silent $url \| openssl x509 -inform DER -outform PEM > $INTERMEDIATEFILE;
	cat $OUTPUTFILE $INTERMEDIATEFILE > $COMBINEDFILE;
	echo "Success. Your certificates are now available:";
	echo "* $OUTPUTFILE: Contains the certificate you requested.";
	echo "* $INTERMEDIATEFILE: Contains the intermediate certificate.";
	printf "* $COMBINEDFILE: Both certificates, concatenated.\n\n";

	# Check for the mutt script smime_keys. Exit if we don't have it.
	command -v smime_keys >/dev/null 2>&1 \|\| {
	echo "One way to use these is to import $COMBINEDFILE in Thunderbird.";
	exit 1;
	}

	while true; do
	read -p "Do you want me try to add the certificate to mutt? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. Exiting."; exit;;
	* ) break;;
	esac
	done;

	# Check if ~/.smime exists. Propose to install it if it doesn't
	if [ ! -d ~/.smime/ ]; then
	echo "Looks like you never used mutt with S/MIME before (since ~/.smime/ doesn't exist).";
	while true; do
	read -p "Should I try to initialize mutt's S/MIME database? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. Exiting."; exit;;
	* ) smime_keys init; echo "S/MIME database initialized in ~/.smime/"; break;;
	esac
	done;
	fi

	smime_keys add_cert $OUTPUTFILE 2> /dev/null;
	printf "(Heh, we actually skipped verification. Mutt doesn't care.)\n\n";
	while true; do
	read -p "Certificate installed. Want me to remove the three auxiliary files again? [yes] " yn
	case $yn in
	[Nn]* ) echo "Roger. We're done here."; exit;;
	* ) rm $OUTPUTFILE $INTERMEDIATEFILE $COMBINEDFILE; echo "Done. Take care."; exit;;
	esac
	done;