diff options
| author | B. Stack <bgstack15@gmail.com> | 2024-05-16 10:41:58 -0400 |
|---|---|---|
| committer | B. Stack <bgstack15@gmail.com> | 2024-05-16 10:41:58 -0400 |
| commit | aa2da5a324b66930b523fadb7c86648c2e0940da (patch) | |
| tree | b78e54bc31655d44b3037741269068f937ce12e6 | |
| download | read-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.tar.gz read-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.tar.bz2 read-cert-template-aa2da5a324b66930b523fadb7c86648c2e0940da.zip | |
initial commit
| -rw-r--r-- | read-cert-template.conf | 6 | ||||
| -rw-r--r-- | read-cert-template.sh | 33 |
2 files changed, 39 insertions, 0 deletions
diff --git a/read-cert-template.conf b/read-cert-template.conf new file mode 100644 index 0000000..e61d492 --- /dev/null +++ b/read-cert-template.conf @@ -0,0 +1,6 @@ +# File: ~/.config/read-cert-template.conf +RCT_LDAPSERVER=ldaps://example.corp +# The "CN=Certificate Templates,CN=Public Key,CN=Services,CN=Configuration," will be prepended to this: +RCT_LDAPBASE="DC=example,DC=corp" +RCT_LDAPAUTHUNQUOTED="-x -w see#keepass" +RCT_LDAPAUTHQUOTED="-D CN=Service Account 319 (sa319),OU=Accounts,DC=example,DC=corp" diff --git a/read-cert-template.sh b/read-cert-template.sh new file mode 100644 index 0000000..5006bd5 --- /dev/null +++ b/read-cert-template.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env sh +# File: read-cert-template.sh +# Location: blog exclusive +# Author: bgstack15 +# SPDX-License-Identifier: GPL-3.0-only +# Startdate: 2024-05-16-5 10:23 +# Title: Read cert template +# Purpose: read certificate and print cert tempalte name if discoverable +# History: +# Usage: +# Reference: see blog post +# Improve: +# Dependencies: +# openssl, ldapsearch, ldap credential in read-cert-template.conf + +# Load conf, RCT_LDAPSERVER RCT_LDAPBASE RCT_LDAPAUTH1 RCT_LDAPAUTH2 +RCT_CONF="${RCT_CONF:-${HOME}/.config/read-cert-template.conf}" +test -f "${RCT_CONF}" && . "${RCT_CONF}" + +# use RCT_IN env var or first parameter, or else standard input +RCT_IN="${RCT_IN:-${1}}" +RCT_IN="${RCT_IN:-/dev/stdin}" + +if echo "${RCT_IN}" | grep -qE -e '^-$|^stdin$' ; +then + _input="$( cat )" +else + _input="$( cat "${RCT_IN}" )" +fi + +oid="$( echo "${_input}" | openssl x509 -in /dev/stdin -noout -text -certopt no_header,no_version,no_serial,no_signame,no_validity,no_subject,no_issuer,no_pubkey,ext_parse | sed -n -r -e '/1.3.6.1.4.1.311.21.7/,+2p' | awk '/OBJECT/{print $NF}' | sed -r -e 's/^://;' )" +test -n "${VERBOSE}" && printf 'oid=%s\n' "${oid}" 1>&2 +LDAPTLS_REQCERT=never ldapsearch -LLL -o ldif-wrap=9000 -H "${RCT_LDAPSERVER}" ${RCT_LDAPAUTHUNQUOTED} "${RCT_LDAPAUTHQUOTED}" -b "CN=Certificate Templates,CN=Public Key,CN=Services,CN=Configuration,${RCT_LDAPBASE}" "(msPKI-Cert-Template-OID=${oid})" CN | awk '$1~/cn:/{$1="";print;}' | sed -r -e 's/^ +| +$//g;' |