From 85986a1556f440f6d5d82731136dc39e9fecb33b Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Mon, 16 Apr 2018 16:04:26 -0400
Subject: add --csr option

---
 files/certreq.sh | 64 ++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 44 insertions(+), 20 deletions(-)

(limited to 'files')

diff --git a/files/certreq.sh b/files/certreq.sh
index c5e7c27..fc2aac2 100755
--- a/files/certreq.sh
+++ b/files/certreq.sh
@@ -15,11 +15,11 @@
 #    fundamental curl statements https://stackoverflow.com/questions/31283476/submitting-base64-csr-to-a-microsoft-ca-via-curl/39722983#39722983
 # Improve:
 fiversion="2017-10-10x"
-certreqversion="2018-04-16a"
+certreqversion="2018-04-16b"
 
 usage() {
    less -F >&2 <<ENDUSAGE
-usage: certreq.sh [-dhV] [-u username] [-p password] [-w tempdir] [-t template] [--cn CN] [--ca <CA hostname>] [-l|-g]
+usage: certreq.sh [-dhV] [-u username] [-p password] [-w tempdir] [-t template] [--cn CN] [--ca <CA hostname>] [-l|-g] [--csr /path/to/file]
 version ${certreqversion}
  -d debug   Show debugging info, including parsed variables.
  -h usage   Show this usage block.
@@ -31,6 +31,7 @@ version ${certreqversion}
  --cn        CN to request. Default is \$( hostname -f )
  --ca        CA hostname or base URL. Example: ca2.example.com
  --list      Action: list available templates and exit.
+ --csr filename Provide a .csr file instead of making a new csr. Accepts "stdin" to read from standard in.
 Return values under 1000: A non-zero value is the sum of the items listed here:
  0 Everything worked
  1 Cert file is still a CSR
@@ -50,19 +51,38 @@ ENDUSAGE
 # DEFINE FUNCTIONS
 
 openssl_req() {
-   # call: openssl-req "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}"
+   # call: openssl-req "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}" "${CERTREQ_ACTION}" "${CERTREQ_CSR}"
    # outputs:
    #    vars: ${CERT} ${DATA} ${CERTATTRIB}
    #    files: ${CERTREQ_WORKDIR}/${this_filename}.crt ${CERTREQ_WORKDIR}/${thisfilename}.key
 
    local this_filename="${1}"
    local this_subject="${2}"
+   local this_action="${3}"
+   local this_csr="${4}"
    
-   openssl req -new -nodes \
-      -out "${CERTREQ_WORKDIR}/${this_filename}.crt" \
-      -keyout "${CERTREQ_WORKDIR}/${this_filename}.key" \
-      -subj "${this_subject}"
-   CERT="$( cat "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" | tr -d '\n\r' )"
+   debuglev 8 && echo "Action ${this_action}"
+   case "${this_action}" in
+      generate-csr)
+         case "${this_csr}" in
+            stdin)
+               cat - > "${CERTREQ_WORKDIR}/${this_filename}.crt"
+               ;;
+            *)
+               # assume it is a file
+               cat "${this_csr}" > "${CERTREQ_WORKDIR}/${this_filename}.crt"
+               ;;
+         esac
+         ;;
+      generate)
+         openssl req -new -nodes \
+            -out "${CERTREQ_WORKDIR}/${this_filename}.crt" \
+            -keyout "${CERTREQ_WORKDIR}/${this_filename}.key" \
+            -subj "${this_subject}"
+         ;;
+   esac
+
+   CERT="$( cat "${CERTREQ_WORKDIR}/${this_filename}.crt" | tr -d '\n\r' )"
    DATA="Mode=newreq&CertRequest=${CERT}&C&TargetStoreFlags=0&SaveCert=yes"
    CERT="$( echo ${CERT} | sed -e 's/+/%2B/g' | tr -s ' ' '+' )"
    CERTATTRIB="CertificateTemplate:${CERTREQ_TEMPLATE}"
@@ -79,7 +99,7 @@ submit_csr() {
    local this_cert="${4}"
    local this_cert_attrib="${5}"
 
-   OUTPUTLINK="$( curl -k -u "${this_user_string}" --ntlm \
+   FULLPAGE="$( curl -k -u "${this_user_string}" --ntlm \
       "${this_ca}/certsrv/certfnsh.asp" \
       -H 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8' \
       -H 'Accept-Encoding: gzip, deflate' \
@@ -89,7 +109,8 @@ submit_csr() {
       -H "Referer: ${this_ca}/certsrv/certrqxt.asp" \
       -H 'User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; Trident/7.0; rv:11.0) like Gecko' \
       -H 'Content-Type: application/x-www-form-urlencoded' \
-      --data "Mode=newreq&CertRequest=${this_cert}&CertAttrib=${CERTATTRIB}&TargetStoreFlags=0&SaveCert=yes&ThumbPrint=" | grep -A 1 'function handleGetCert() {' | tail -n 1 | cut -d '"' -f 2 )"
+      --data "Mode=newreq&CertRequest=${this_cert}&CertAttrib=${CERTATTRIB}&TargetStoreFlags=0&SaveCert=yes&ThumbPrint=" )" 
+   OUTPUTLINK="$( echo "${FULLPAGE}" | grep -A 1 'function handleGetCert() {' | tail -n 1 | cut -d '"' -f 2 )"
    CERTLINK="${this_ca}/certsrv/${OUTPUTLINK}"
 
 }
@@ -174,7 +195,7 @@ get_latest_ca_cert_chain() {
 }
 
 action_get_cert() {
-   # call: action_get_cert "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}" "${CERTREQ_USER}:${CERTREQ_PASS}" "${CERTREQ_CA}" "${CERTREQ_CAHOST}"
+   # call: action_get_cert "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}" "${CERTREQ_USER}:${CERTREQ_PASS}" "${CERTREQ_CA}" "${CERTREQ_CAHOST}" "${CERTREQ_ACTION}" "${CERTREQ_CSR}"
    # outputs:
    #   vars: ${finaloutput}
    #   files: ${CHAIN_FILE} ${CERTREQ_CNPARAM}.crt and .key and 
@@ -184,11 +205,12 @@ action_get_cert() {
    local this_user_string="${3}"
    local this_ca="${4}"
    local this_ca_host="${5}"
+   local this_action="${6}"
+   local this_csr="${7}"
 
    # GENERATE PRIVATE KEY
-   openssl_req "${this_cnparam}" "${this_subject}"
-   debuglev 1 && {
-      # DELETEME
+   openssl_req "${this_cnparam}" "${this_subject}" "${this_action}" "${this_csr}"
+   debuglev 8 && {
       echo "CERT=${CERT}"
       echo "DATA=${DATA}"
       echo "CERTATTRIB=${CERTATTRIB}"
@@ -196,26 +218,27 @@ action_get_cert() {
 
    # SUBMIT CERTIFICATE SIGNING REQUEST 
    submit_csr "${this_user_string}" "${this_ca}" "${this_ca_host}" "${CERT}" "${CERTATTRIB}"
-   debuglev 1 && {
-      # DELETEME
+   debuglev 8 && {
+      echo "FULLPAGE=${FULLPAGE}"
+      echo "OUTPUTLINK=${OUTPUTLINK}"
       echo "CERTLINK=${CERTLINK}"
    }
 
    # FETCH SIGNED CERTIFICATE
    fetch_signed_cert "${this_user_string}" "${this_ca}" "${this_ca_host}" "${CERTLINK}" "${this_cnparam}"
-   debuglev 1 && {
+   debuglev 8 && {
       echo "finaloutput=${finaloutput}"
    }
 
    # GET NUMBER OF CURRENT CA CERT
    get_number_of_current_ca_cert "${this_user_string}" "${this_ca}" "${this_ca_host}"
-   debuglev 1 && {
+   debuglev 8 && {
       echo "CURRENTNUM=${CURRENTNUM}"
    }
 
    # GET LATEST CA CERT CHAIN
    get_latest_ca_cert_chain "${this_user_string}" "${this_ca}" "${this_ca_host}" "${CURRENTNUM}"
-   debuglev 1 && {
+   debuglev 8 && {
       echo "CHAIN_FILE=${CHAIN_FILE}"
    }
 
@@ -288,6 +311,7 @@ parseFlag() {
       "nc" | "nocleanup" ) CR_NC=1;;
       "l" | "list" ) CERTREQ_ACTION="list";;
       "g" | "generate" ) CERTREQ_ACTION="generate";;
+      "csr" ) CERTREQ_ACTION="generate-csr"; getval; CERTREQ_CSR="${tempval}" ;;
    esac
    
    debuglev 10 && { test ${hasval} -eq 1 && ferror "flag: ${flag} = ${tempval}" || ferror "flag: ${flag}"; }
@@ -444,7 +468,7 @@ debuglev 5 && {
          ;;
       *)
          # default action
-         action_get_cert "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}" "${CERTREQ_USER}:${CERTREQ_PASS}" "${CERTREQ_CA}" "${CERTREQ_CAHOST}"
+         action_get_cert "${CERTREQ_CNPARAM}" "${CERTREQ_SUBJECT}" "${CERTREQ_USER}:${CERTREQ_PASS}" "${CERTREQ_CA}" "${CERTREQ_CAHOST}" "${CERTREQ_ACTION}" "${CERTREQ_CSR}"
          # CHECK EVERYTHING
          failed=0
          openssloutput="$( openssl x509 -in "${CERTREQ_WORKDIR}/${CERTREQ_CNPARAM}.crt" -noout -subject -issuer -startdate -enddate 2>/dev/null )"
-- 
cgit