summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorB. Stack <bgstack15@gmail.com>2024-05-16 10:41:58 -0400
committerB. Stack <bgstack15@gmail.com>2024-05-16 10:41:58 -0400
commitaa2da5a324b66930b523fadb7c86648c2e0940da (patch)
treeb78e54bc31655d44b3037741269068f937ce12e6
downloadread-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.tar.gz
read-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.tar.bz2
read-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.zip
initial commit
-rw-r--r--read-cert-template.conf6
-rw-r--r--read-cert-template.sh33
2 files changed, 39 insertions, 0 deletions
diff --git a/read-cert-template.conf b/read-cert-template.conf
new file mode 100644
index 0000000..e61d492
--- /dev/null
+++ b/read-cert-template.conf
@@ -0,0 +1,6 @@
+# File: ~/.config/read-cert-template.conf
+RCT_LDAPSERVER=ldaps://example.corp
+# The "CN=Certificate Templates,CN=Public Key,CN=Services,CN=Configuration," will be prepended to this:
+RCT_LDAPBASE="DC=example,DC=corp"
+RCT_LDAPAUTHUNQUOTED="-x -w see#keepass"
+RCT_LDAPAUTHQUOTED="-D CN=Service Account 319 (sa319),OU=Accounts,DC=example,DC=corp"
diff --git a/read-cert-template.sh b/read-cert-template.sh
new file mode 100644
index 0000000..5006bd5
--- /dev/null
+++ b/read-cert-template.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env sh
+# File: read-cert-template.sh
+# Location: blog exclusive
+# Author: bgstack15
+# SPDX-License-Identifier: GPL-3.0-only
+# Startdate: 2024-05-16-5 10:23
+# Title: Read cert template
+# Purpose: read certificate and print cert tempalte name if discoverable
+# History:
+# Usage:
+# Reference: see blog post
+# Improve:
+# Dependencies:
+# openssl, ldapsearch, ldap credential in read-cert-template.conf
+
+# Load conf, RCT_LDAPSERVER RCT_LDAPBASE RCT_LDAPAUTH1 RCT_LDAPAUTH2
+RCT_CONF="${RCT_CONF:-${HOME}/.config/read-cert-template.conf}"
+test -f "${RCT_CONF}" && . "${RCT_CONF}"
+
+# use RCT_IN env var or first parameter, or else standard input
+RCT_IN="${RCT_IN:-${1}}"
+RCT_IN="${RCT_IN:-/dev/stdin}"
+
+if echo "${RCT_IN}" | grep -qE -e '^-$|^stdin$' ;
+then
+ _input="$( cat )"
+else
+ _input="$( cat "${RCT_IN}" )"
+fi
+
+oid="$( echo "${_input}" | openssl x509 -in /dev/stdin -noout -text -certopt no_header,no_version,no_serial,no_signame,no_validity,no_subject,no_issuer,no_pubkey,ext_parse | sed -n -r -e '/1.3.6.1.4.1.311.21.7/,+2p' | awk '/OBJECT/{print $NF}' | sed -r -e 's/^://;' )"
+test -n "${VERBOSE}" && printf 'oid=%s\n' "${oid}" 1>&2
+LDAPTLS_REQCERT=never ldapsearch -LLL -o ldif-wrap=9000 -H "${RCT_LDAPSERVER}" ${RCT_LDAPAUTHUNQUOTED} "${RCT_LDAPAUTHQUOTED}" -b "CN=Certificate Templates,CN=Public Key,CN=Services,CN=Configuration,${RCT_LDAPBASE}" "(msPKI-Cert-Template-OID=${oid})" CN | awk '$1~/cn:/{$1="";print;}' | sed -r -e 's/^ +| +$//g;'
bgstack15