tavo/instalador-firma-digital
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

makefile

Browse source
This commit is contained in:
tavo-wasd 2024-05-03 23:22:58 -06:00
parent f5ab9382e9
commit 678faa325a
11 changed files with 406 additions and 389 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
instalador-certificados.sh

30
01-utils.sh Normal file
View file

@ -0,0 +1,30 @@
#!/bin/sh
urlencode() {
ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )"
printf '%s' "$ENCODEDURL" | sed 's/%0[aA]$//;s/^.*[?]//'
}
get_asp_var() {
i=0
for VAR in __VIEWSTATE __VIEWSTATEGENERATOR __EVENTVALIDATION ; do
VAL="$(printf '%s' "$RESPONSE" | grep "id=\"$VAR\"" | cut -d '"' -f 8 | urlencode)"
[ "$i" != 0 ] && printf '&'
printf '%s=%s' "$VAR" "$VAL"
i=+1
done
}
download_iso() {
hiddenISO="$1" SN="$2"
URL="https://soportefirmadigital.com/sfdj/dl.aspx"
RESPONSE="$(curl -s --compressed "$URL" -o -)"
ASP_VARS="$(get_asp_var)"
curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
--data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \
--data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \
--data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \
--data-raw "ctl00%24certContents%24chkConfirmo=on" \
-o -
}

65
02-language.sh Normal file
View file

@ -0,0 +1,65 @@
#!/bin/sh
set_lang() {
# See: /var/lib/AccountsService/users/
. /etc/default/locale
SLANG="${LANG%%_*}"
[ -z "$SLANG" ] && SLANG="es"
if [ "$SLANG" = "es" ] ; then
TITLE="Instalador firma digital"
PROMPT_WELCOME="Bienvenido al asistente de instalación de certificados para firma digial."
PROMPT_FILE="Seleccione el fichero que corresponde a su sistema operativo."
PROMPT_DEPS="Instalando dependencias."
FILENAME="Archivo"
FILEDESC="Sistema"
PROMPT_SERIAL="Ingrese el número serial impreso al reverso de la tarjeta."
PROMPT_ERR_SERIAL="Error al obtener el número serial de la tarjeta, abortando."
PROMPT_ERR_DOWNLOAD="Error al descargar el fichero desde Centro de Soporte Firma Digital, abortando."
PROMPT_DIR_FILE="A continuación, deberá seleccionar la carpeta donde quiere que se descargue y se extraigan los contenidos del fichero seleccionado"
PROMPT_ERR_DIR_FILE="Error al seleccionar la carpeta de descarga para el fichero, abortando."
PROMPT_DOWNLOAD="Descargando $FILE desde Centro de Soporte Firma Digital..."
PROMPT_ERR_DOWN_FILE="Error al descargar el fichero, abortando."
SUDO_DEB_BROWSER="Ingrese la contraseña de la computadora para instalar Firefox desde mozilla."
SUDO_DEB_DEPS="Ingrese la contraseña de la computadora para instalar las dependencias."
SUDO_DEB_CERTS="Ingrese la contraseña de la computadora para instalar los certificados."
elif [ "$SLANG" = "en" ] ; then
TITLE="Digital signature installer"
PROMPT_WELCOME="Welcome to the digital signing certificate installation wizard."
PROMPT_FILE="Select the file that corresponds to your operating system."
PROMPT_DEPS="Installing dependencies."
FILENAME="File"
FILEDESC="System"
PROMPT_SERIAL="Enter the serial number printed on the back of the card."
PROMPT_ERR_SERIAL="Error obtaining the card serial number, aborting."
PROMPT_ERR_DOWNLOAD="Error downloading the file from the Digital Signature Support Center, aborting."
PROMPT_DIR_FILE="Next, you must select the folder where you want the contents of the selected file to be downloaded and extracted"
PROMPT_ERR_DIR_FILE="Error selecting the download folder for the file, aborting."
PROMPT_DOWNLOAD="Downloading $FILE from the Digital Signature Support Center..."
PROMPT_ERR_DOWN_FILE="Error downloading file, aborting."
SUDO_DEB_BROWSER="Enter the computer password to install Firefox from mozilla."
SUDO_DEB_DEPS="Enter the computer password to install dependencies."
SUDO_DEB_CERTS="Enter the computer password to install certificates."
elif [ "$SLANG" = "fr" ] ; then
TITLE="Installation de signature"
TITLE="Installateur de signature"
PROMPT_WELCOME="Bienvenue dans l'assistant d'installation du certificat de signature."
PROMPT_FILE="Sélectionnez le fichier qui correspond à votre système d'exploitation."
PROMPT_DEPS="Installation des dépendances."
FILENAME="Fichier"
FILEDESC="Système"
PROMPT_SERIAL="Entrez le numéro de série imprimé au dos de la carte."
PROMPT_ERR_SERIAL="Erreur d'obtention du numéro de série de la carte, abandon."
PROMPT_ERR_DOWNLOAD="Erreur lors du téléchargement du fichier depuis le Centre de support des signatures numériques, abandon."
PROMPT_DIR_FILE="Ensuite, vous devez sélectionner le dossier dans lequel vous souhaitez que le contenu du fichier sélectionné soit téléchargé et extrait"
PROMPT_ERR_DIR_FILE="Erreur lors de la sélection du dossier de téléchargement du fichier, abandon."
PROMPT_DOWNLOAD="Téléchargement de $FILE depuis le Centre de support des signatures numériques..."
PROMPT_ERR_DOWN_FILE="Erreur de téléchargement du fichier, abandon."
SUDO_DEB_BROWSER="Entrez le mot de passe de l'ordinateur pour installer Firefox depuis mozilla."
SUDO_DEB_DEPS="Entrez le mot de passe de l'ordinateur pour installer les dépendances."
SUDO_DEB_CERTS="Entrez le mot de passe de l'ordinateur pour installer les certificats."
fi
}

33
03-set_version.sh Normal file
View file

@ -0,0 +1,33 @@
#!/bin/sh
set_version() {
# Linux
for os in /etc/os-release /usr/lib/os-release; do
[ -f $os ] && . $os && break
done
[ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')"
[ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')"
[ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')"
[ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')"
[ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')"
# MacOS
if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then
temp=
while read -r line; do
case $line in
*ProductVersion*) temp=.;;
*)
[ "$temp" ] || continue
VERSION_ID=${line#*>}
break
esac
done < "$v"
ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')"
fi
[ "$ID" = "debian" -o "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
[ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
[ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
[ "$ID" = "macos" ] && FILE="ClientesMac_rev34.zip"
}

20
04-utils-menus.sh Normal file
View file

@ -0,0 +1,20 @@
#!/bin/sh
get_pass() {
# @@@ Add kdialog
MENU="$1" TITLE="$2"
if [ "$MENU" = "zenity" ] ; then
zenity --title "$TITLE" --password
else
echo
fi
}
term_prompt() {
TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4"
if [ "$MODE" = "info" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi
if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi
if [ "$MODE" = "list" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi
if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi
}

19
05-depend.sh Normal file
View file

@ -0,0 +1,19 @@
#!/bin/sh
install_deps() {
# @@@ Support other distros
MENU="$1"
if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx
systemctl enable --now pcscd.socket
'
elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
echo
fi
}

125
06-install.sh Normal file
View file

@ -0,0 +1,125 @@
#!/bin/sh
config_deb_idpclientdb() {
mkdir -p /etc/Athena/
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<IDProtect>
<TokenLibs>
<IDProtect>
<Cards>
<IDProtectXF>
<ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
<ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
</IDProtectXF>
</Cards>
</IDProtect>
<ChipDoc>
<Cards>
<ChipDocEMV>
<ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
<ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
</ChipDocEMV>
</Cards>
</ChipDoc>
</TokenLibs>
</IDProtect>" | tee /etc/Athena/IDPClientDB.xml
}
config_deb_update_symlinks() {
echo "#!/bin/sh
FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
if [ -e \"\$FIREFOX_LIB\" ]
then
if ! [ -L \"\$FIREFOX_LIB\" ]
then
echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
fi
fi
if [ -e \"\$FIREFOX_ESR_LIB\" ]
then
if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
then
echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
fi
fi
if [ -e \"\$THUNDERBIRD_LIB\" ]
then
if ! [ -L \"\$THUNDERBIRD_LIB\" ]
then
echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
fi
fi
if [ -e \"\$NSS_LIB\" ]
then
if ! [ -L \"\$NSS_LIB\" ]
then
echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
fi
fi" | tee /usr/local/sbin/update-p11-kit-symlinks
chmod +x /usr/local/sbin/update-p11-kit-symlinks
}
config_deb_systemd_p11_update() {
echo "[Unit]
Description=mantenimiento de enlaces a p11-kit-proxy
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/update-p11-kit-symlinks
[Install]
WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service
systemctl enable --now p11-kit-proxy-updater.service
}
install_certs() {
# @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/
MENU="$1"
if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done
for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done
for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done
update-ca-certificates --fresh
'
ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
config_deb_idpclientdb
config_deb_update_symlinks
config_deb_systemd_p11_update
mkdir -p /etc/pkcs11/modules/
echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module
'
elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
echo
fi
}

97
07-main.sh Normal file
View file

@ -0,0 +1,97 @@
#!/bin/sh
# TODO:
# - Extraer fichero y automatizar el proceso de instalación descrito en:
# https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
# main
set_lang
set_version
if [ -e "/bin/zenity" ] ; then
MENU="zenity"
# Welcome
zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
# Select file to be downloaded if os can't be determined
[ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \
--column "$FILENAME" --column "$FILEDESC" \
"ClientesMac_rev34.zip" "macOSX 10.14 o superior" \
"ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \
"ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \
"ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \
--print-column=1)"
install_deps "$MENU" | zenity --title "$TITLE" --text "$PROMPT_DEPS" --progress --pulsate --auto-close
# Ask for serial number
SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
[ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
# Generate tempkey & Define DOWNLOAD_URL
TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
[ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
# Define where to save file
if [ -d "/tmp" ] ; then
SAVE_DIR="/tmp"
else
zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info
SAVE_DIR="$(zenity --file-selection --directory)"
fi
[ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1
SAVE_FILE="$SAVE_DIR/$FILE"
# Download file & show progress
SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
(curl "$DOWNLOAD_URL" -o "$SAVE_FILE") &
while true ; do
sleep 0.5
DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0
r=$(((DOWN*10000)/SIZE))
printf '%d\n' ${r%??}
done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress
while true ; do
ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
[ -z "$ACTIVE" ] && break
sleep 0.5
done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --pulsate --auto-close
ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
[ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
#install_certs "$MENU"
else
echo
# Welcome
#term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL
# Select file to be downloaded
#LIST="$(printf '\033[4m1\033[0m - ClientesMac_rev34.zip | macOSX 10.14 o superior
# \03[4m2\033[0m - ClientesLinux_DEB64_Rev25.zip | Ubuntu 18.04 LTS o superior, Debian 10
# \03[4m3\033[0m - ClientesLinux_CentOS7_Rev6.zip | CentOS 7
# \03[4m4\033[0m - ClientesLinux_RPM64_Rev24.zip | Fedora 34 o superior, CentOS Stream 9')"
#term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE
#[ "$FILE" = "1" ] && FILE="ClientesMac_rev34.zip"
#[ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
#[ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
#[ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
# Ask for serial number
#term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
#[ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
# Generate tempkey & Define DOWNLOAD_URL
#TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
#[ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
#DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
# Define where to save file
#mkdir -p "$HOME/Library/Caches/TemporaryItems/instalador-firma-digital"
#SAVE_FILE="$HOME/Library/Caches/TemporaryItems/instalador-firma-digital/$FILE"
# Download file & show progress
#term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo
#curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar
fi

10
Makefile Normal file
View file

@ -0,0 +1,10 @@
SCRIPT=instalador-certificados.sh
all: $(SCRIPT)
$(SCRIPT): $(wildcard [0-9][0-9]-*.sh)
printf '#!/bin/sh\n' > $@
for i in $? ; do cat $$i ; done | sed '/^ *#.*$$/d' >> $@
clean:
rm -rf $(SCRIPT)

389
instalador-firma-digital.sh
View file

@ -1,389 +0,0 @@
#!/bin/sh
# TODO:
# - Alguna manera de buscar el lenguaje del sistema para pasarlo en set_lang
# - Extraer fichero y automatizar el proceso de instalación descrito en:
# https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
set_lang() {
# See: /var/lib/AccountsService/users/
SLANG="$(sed '/^ *#/d;/^ *$/d;s/^.*="//g;s/_.*//g' /etc/default/locale | head -n 1)"
[ -z "$SLANG" ] && SLANG="es"
if [ "$SLANG" = "es" ] ; then
TITLE="Instalador firma digital"
PROMPT_WELCOME="Bienvenido al asistente de instalación de certificados para firma digial."
PROMPT_FILE="Seleccione el fichero que corresponde a su sistema operativo."
PROMPT_DEPS="Instalando dependencias."
FILENAME="Archivo"
FILEDESC="Sistema"
PROMPT_SERIAL="Ingrese el número serial impreso al reverso de la tarjeta."
PROMPT_ERR_SERIAL="Error al obtener el número serial de la tarjeta, abortando."
PROMPT_ERR_DOWNLOAD="Error al descargar el fichero desde Centro de Soporte Firma Digital, abortando."
PROMPT_DIR_FILE="A continuación, deberá seleccionar la carpeta donde quiere que se descargue y se extraigan los contenidos del fichero seleccionado"
PROMPT_ERR_DIR_FILE="Error al seleccionar la carpeta de descarga para el fichero, abortando."
PROMPT_DOWNLOAD="Descargando $FILE desde Centro de Soporte Firma Digital..."
PROMPT_ERR_DOWN_FILE="Error al descargar el fichero, abortando."
SUDO_DEB_BROWSER="Ingrese la contraseña de la computadora para instalar Firefox desde mozilla."
SUDO_DEB_DEPS="Ingrese la contraseña de la computadora para instalar las dependencias."
SUDO_DEB_CERTS="Ingrese la contraseña de la computadora para instalar los certificados."
elif [ "$SLANG" = "en" ] ; then
TITLE="Digital signature installer"
PROMPT_WELCOME="Welcome to the digital signing certificate installation wizard."
PROMPT_FILE="Select the file that corresponds to your operating system."
PROMPT_DEPS="Installing dependencies."
FILENAME="File"
FILEDESC="System"
PROMPT_SERIAL="Enter the serial number printed on the back of the card."
PROMPT_ERR_SERIAL="Error obtaining the card serial number, aborting."
PROMPT_ERR_DOWNLOAD="Error downloading the file from the Digital Signature Support Center, aborting."
PROMPT_DIR_FILE="Next, you must select the folder where you want the contents of the selected file to be downloaded and extracted"
PROMPT_ERR_DIR_FILE="Error selecting the download folder for the file, aborting."
PROMPT_DOWNLOAD="Downloading $FILE from the Digital Signature Support Center..."
PROMPT_ERR_DOWN_FILE="Error downloading file, aborting."
SUDO_DEB_BROWSER="Enter the computer password to install Firefox from mozilla."
SUDO_DEB_DEPS="Enter the computer password to install dependencies."
SUDO_DEB_CERTS="Enter the computer password to install certificates."
elif [ "$SLANG" = "fr" ] ; then
TITLE="Installation de signature"
TITLE="Installateur de signature"
PROMPT_WELCOME="Bienvenue dans l'assistant d'installation du certificat de signature."
PROMPT_FILE="Sélectionnez le fichier qui correspond à votre système d'exploitation."
PROMPT_DEPS="Installation des dépendances."
FILENAME="Fichier"
FILEDESC="Système"
PROMPT_SERIAL="Entrez le numéro de série imprimé au dos de la carte."
PROMPT_ERR_SERIAL="Erreur d'obtention du numéro de série de la carte, abandon."
PROMPT_ERR_DOWNLOAD="Erreur lors du téléchargement du fichier depuis le Centre de support des signatures numériques, abandon."
PROMPT_DIR_FILE="Ensuite, vous devez sélectionner le dossier dans lequel vous souhaitez que le contenu du fichier sélectionné soit téléchargé et extrait"
PROMPT_ERR_DIR_FILE="Erreur lors de la sélection du dossier de téléchargement du fichier, abandon."
PROMPT_DOWNLOAD="Téléchargement de $FILE depuis le Centre de support des signatures numériques..."
PROMPT_ERR_DOWN_FILE="Erreur de téléchargement du fichier, abandon."
SUDO_DEB_BROWSER="Entrez le mot de passe de l'ordinateur pour installer Firefox depuis mozilla."
SUDO_DEB_DEPS="Entrez le mot de passe de l'ordinateur pour installer les dépendances."
SUDO_DEB_CERTS="Entrez le mot de passe de l'ordinateur pour installer les certificats."
fi
}
set_file() {
# Linux
for os in /etc/os-release /usr/lib/os-release; do
[ -f $os ] && . $os && break
[ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')"
[ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')"
[ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')"
[ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')"
[ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')"
done
# MacOS
if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then
temp=
while read -r line; do
case $line in
*ProductVersion*) temp=.;;
*)
[ "$temp" ] || continue
VERSION_ID=${line#*>}
break
esac
done < "$v"
ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')"
fi
[ "$ID" = "debian" -o "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
[ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
[ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
[ "$ID" = "macos" ] && FILE="ClientesMac_rev34.zip"
}
urlencode() {
ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )"
printf '%s' "$ENCODEDURL" | sed 's/%0[aA]$//;s/^.*[?]//'
}
get_asp_var() {
i=0
for VAR in __VIEWSTATE __VIEWSTATEGENERATOR __EVENTVALIDATION ; do
VAL="$(printf '%s' "$RESPONSE" | grep "id=\"$VAR\"" | cut -d '"' -f 8 | urlencode)"
[ "$i" != 0 ] && printf '&'
printf '%s=%s' "$VAR" "$VAL"
i=+1
done
}
download_iso() {
hiddenISO="$1" SN="$2"
URL="https://soportefirmadigital.com/sfdj/dl.aspx"
RESPONSE="$(curl -s --compressed "$URL" -o -)"
ASP_VARS="$(get_asp_var)"
curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
--data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \
--data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \
--data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \
--data-raw "ctl00%24certContents%24chkConfirmo=on" \
-o -
}
get_pass() {
# @@@ Add kdialog
MENU="$1" TITLE="$2"
if [ "$MENU" = "zenity" ] ; then
zenity --title "$TITLE" --password
else
echo
fi
}
install_deps() {
# @@@ Support other distros
MENU="$1"
if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
if [ "$DEB_BROWSER" = "yes" ] ; then
# Source: https://support.mozilla.org/en-US/kb/install-firefox-linux
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
snap remove --purge firefox
apt remove --purge -y firefox
install -d -m 0755 /etc/apt/keyrings
printf "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | tee /etc/apt/sources.list.d/mozilla.list > /dev/null
wget -qO - https://packages.mozilla.org/apt/repo-signing-key.gpg | tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
printf "Package: *\nPin: origin packages.mozilla.org\nPin-Priority: 1000" | tee /etc/apt/preferences.d/mozilla
apt-get update
apt-get install -y firefox firefox-l10n-es-*
'
fi
# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx
systemctl enable --now pcscd.socket
'
elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
echo
fi
}
config_deb_idpclientdb() {
mkdir -p /etc/Athena/
echo "<?xml version=\"1.0\" encoding=\"utf-8\" ?>
<IDProtect>
<TokenLibs>
<IDProtect>
<Cards>
<IDProtectXF>
<ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
<ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
</IDProtectXF>
</Cards>
</IDProtect>
<ChipDoc>
<Cards>
<ChipDocEMV>
<ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
<ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
</ChipDocEMV>
</Cards>
</ChipDoc>
</TokenLibs>
</IDProtect>" | tee /etc/Athena/IDPClientDB.xml
}
config_deb_update_symlinks() {
echo "#!/bin/sh
FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
if [ -e \"\$FIREFOX_LIB\" ]
then
if ! [ -L \"\$FIREFOX_LIB\" ]
then
echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
fi
fi
if [ -e \"\$FIREFOX_ESR_LIB\" ]
then
if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
then
echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
fi
fi
if [ -e \"\$THUNDERBIRD_LIB\" ]
then
if ! [ -L \"\$THUNDERBIRD_LIB\" ]
then
echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
fi
fi
if [ -e \"\$NSS_LIB\" ]
then
if ! [ -L \"\$NSS_LIB\" ]
then
echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
fi
fi" | tee /usr/local/sbin/update-p11-kit-symlinks
chmod +x /usr/local/sbin/update-p11-kit-symlinks
}
config_deb_systemd_p11_update() {
echo "[Unit]
Description=mantenimiento de enlaces a p11-kit-proxy
[Service]
Type=oneshot
ExecStart=/usr/local/sbin/update-p11-kit-symlinks
[Install]
WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service
systemctl enable --now p11-kit-proxy-updater.service
}
install_certs() {
# @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/
MENU="$1"
if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done
for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done
for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done
update-ca-certificates --fresh
'
ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so
get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
config_deb_idpclientdb
config_deb_update_symlinks
config_deb_systemd_p11_update
mkdir -p /etc/pkcs11/modules/
echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module
'
elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
echo
elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
echo
fi
}
term_prompt() {
TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4"
if [ "$MODE" = "info" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi
if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi
if [ "$MODE" = "list" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi
if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi
}
# main
set_lang
if [ -e "/bin/zenity" ] ; then
MENU="zenity"
# Welcome
zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
set_file
# Select file to be downloaded if os can't be determined
[ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \
--column "$FILENAME" --column "$FILEDESC" \
"ClientesMac_rev34.zip" "macOSX 10.14 o superior" \
"ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \
"ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \
"ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \
--print-column=1)"
install_deps "$MENU" | zenity --title "$TITLE" --text "$PROMPT_DEPS" --progress --pulsate --auto-close
# Ask for serial number
SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
[ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
# Generate tempkey & Define DOWNLOAD_URL
TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
[ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
# Define where to save file
zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info
SAVE_DIR="$(zenity --file-selection --directory)"
[ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1
SAVE_FILE="$SAVE_DIR/$FILE"
# Download file & show progress
SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
(curl "$DOWNLOAD_URL" -o "$SAVE_FILE") &
while true ; do
DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0
r=$(((DOWN*10000)/SIZE))
printf '%d\n' ${r%??}
sleep 0.5
done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --auto-close
while true ; do
ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
[ -z "$ACTIVE" ] && break
sleep 0.5
done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --pulsate --auto-close
ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
[ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
install_certs "$MENU"
else
# Welcome
term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL
# Select file to be downloaded
LIST="$(printf '\033[4m1\033[0m - ClientesMac_rev34.zip | macOSX 10.14 o superior
\033[4m2\033[0m - ClientesLinux_DEB64_Rev25.zip | Ubuntu 18.04 LTS o superior, Debian 10
\033[4m3\033[0m - ClientesLinux_CentOS7_Rev6.zip | CentOS 7
\033[4m4\033[0m - ClientesLinux_RPM64_Rev24.zip | Fedora 34 o superior, CentOS Stream 9')"
term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE
[ "$FILE" = "1" ] && FILE="ClientesMac_rev34.zip"
[ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
[ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
[ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
# Ask for serial number
term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
[ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
# Generate tempkey & Define DOWNLOAD_URL
TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
[ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
# Define where to save file
mkdir -p "$HOME/Library/Caches/TemporaryItems/instalador-firma-digital"
SAVE_FILE="$HOME/Library/Caches/TemporaryItems/instalador-firma-digital/$FILE"
# Download file & show progress
term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo
curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar
fi

6
tests/shellcheck.sh Normal file
View file

@ -0,0 +1,6 @@
#!/bin/sh
SCRIPT="$(grep 'SCRIPT *=' Makefile)"
SCRIPT="${SCRIPT#*=}"
shellcheck -x --shell=sh --format=gcc "$SCRIPT"