diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9e4569e
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+instalador-certificados.sh
diff --git a/01-utils.sh b/01-utils.sh
new file mode 100644
index 0000000..7b4507d
--- /dev/null
+++ b/01-utils.sh
@@ -0,0 +1,30 @@
+#!/bin/sh
+
+urlencode() {
+ ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )"
+ printf '%s' "$ENCODEDURL" | sed 's/%0[aA]$//;s/^.*[?]//'
+}
+
+get_asp_var() {
+ i=0
+ for VAR in __VIEWSTATE __VIEWSTATEGENERATOR __EVENTVALIDATION ; do
+ VAL="$(printf '%s' "$RESPONSE" | grep "id=\"$VAR\"" | cut -d '"' -f 8 | urlencode)"
+ [ "$i" != 0 ] && printf '&'
+ printf '%s=%s' "$VAR" "$VAL"
+ i=+1
+ done
+}
+
+download_iso() {
+ hiddenISO="$1" SN="$2"
+ URL="https://soportefirmadigital.com/sfdj/dl.aspx"
+ RESPONSE="$(curl -s --compressed "$URL" -o -)"
+ ASP_VARS="$(get_asp_var)"
+
+ curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
+ --data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \
+ --data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \
+ --data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \
+ --data-raw "ctl00%24certContents%24chkConfirmo=on" \
+ -o -
+}
diff --git a/02-language.sh b/02-language.sh
new file mode 100644
index 0000000..957187f
--- /dev/null
+++ b/02-language.sh
@@ -0,0 +1,65 @@
+#!/bin/sh
+
+set_lang() {
+ # See: /var/lib/AccountsService/users/
+ . /etc/default/locale
+ SLANG="${LANG%%_*}"
+ [ -z "$SLANG" ] && SLANG="es"
+
+ if [ "$SLANG" = "es" ] ; then
+ TITLE="Instalador firma digital"
+ PROMPT_WELCOME="Bienvenido al asistente de instalación de certificados para firma digial."
+ PROMPT_FILE="Seleccione el fichero que corresponde a su sistema operativo."
+ PROMPT_DEPS="Instalando dependencias."
+ FILENAME="Archivo"
+ FILEDESC="Sistema"
+ PROMPT_SERIAL="Ingrese el número serial impreso al reverso de la tarjeta."
+ PROMPT_ERR_SERIAL="Error al obtener el número serial de la tarjeta, abortando."
+ PROMPT_ERR_DOWNLOAD="Error al descargar el fichero desde Centro de Soporte Firma Digital, abortando."
+ PROMPT_DIR_FILE="A continuación, deberá seleccionar la carpeta donde quiere que se descargue y se extraigan los contenidos del fichero seleccionado"
+ PROMPT_ERR_DIR_FILE="Error al seleccionar la carpeta de descarga para el fichero, abortando."
+ PROMPT_DOWNLOAD="Descargando $FILE desde Centro de Soporte Firma Digital..."
+ PROMPT_ERR_DOWN_FILE="Error al descargar el fichero, abortando."
+ SUDO_DEB_BROWSER="Ingrese la contraseña de la computadora para instalar Firefox desde mozilla."
+ SUDO_DEB_DEPS="Ingrese la contraseña de la computadora para instalar las dependencias."
+ SUDO_DEB_CERTS="Ingrese la contraseña de la computadora para instalar los certificados."
+
+ elif [ "$SLANG" = "en" ] ; then
+ TITLE="Digital signature installer"
+ PROMPT_WELCOME="Welcome to the digital signing certificate installation wizard."
+ PROMPT_FILE="Select the file that corresponds to your operating system."
+ PROMPT_DEPS="Installing dependencies."
+ FILENAME="File"
+ FILEDESC="System"
+ PROMPT_SERIAL="Enter the serial number printed on the back of the card."
+ PROMPT_ERR_SERIAL="Error obtaining the card serial number, aborting."
+ PROMPT_ERR_DOWNLOAD="Error downloading the file from the Digital Signature Support Center, aborting."
+ PROMPT_DIR_FILE="Next, you must select the folder where you want the contents of the selected file to be downloaded and extracted"
+ PROMPT_ERR_DIR_FILE="Error selecting the download folder for the file, aborting."
+ PROMPT_DOWNLOAD="Downloading $FILE from the Digital Signature Support Center..."
+ PROMPT_ERR_DOWN_FILE="Error downloading file, aborting."
+ SUDO_DEB_BROWSER="Enter the computer password to install Firefox from mozilla."
+ SUDO_DEB_DEPS="Enter the computer password to install dependencies."
+ SUDO_DEB_CERTS="Enter the computer password to install certificates."
+
+ elif [ "$SLANG" = "fr" ] ; then
+ TITLE="Installation de signature"
+ TITLE="Installateur de signature"
+ PROMPT_WELCOME="Bienvenue dans l'assistant d'installation du certificat de signature."
+ PROMPT_FILE="Sélectionnez le fichier qui correspond à votre système d'exploitation."
+ PROMPT_DEPS="Installation des dépendances."
+ FILENAME="Fichier"
+ FILEDESC="Système"
+ PROMPT_SERIAL="Entrez le numéro de série imprimé au dos de la carte."
+ PROMPT_ERR_SERIAL="Erreur d'obtention du numéro de série de la carte, abandon."
+ PROMPT_ERR_DOWNLOAD="Erreur lors du téléchargement du fichier depuis le Centre de support des signatures numériques, abandon."
+ PROMPT_DIR_FILE="Ensuite, vous devez sélectionner le dossier dans lequel vous souhaitez que le contenu du fichier sélectionné soit téléchargé et extrait"
+ PROMPT_ERR_DIR_FILE="Erreur lors de la sélection du dossier de téléchargement du fichier, abandon."
+ PROMPT_DOWNLOAD="Téléchargement de $FILE depuis le Centre de support des signatures numériques..."
+ PROMPT_ERR_DOWN_FILE="Erreur de téléchargement du fichier, abandon."
+ SUDO_DEB_BROWSER="Entrez le mot de passe de l'ordinateur pour installer Firefox depuis mozilla."
+ SUDO_DEB_DEPS="Entrez le mot de passe de l'ordinateur pour installer les dépendances."
+ SUDO_DEB_CERTS="Entrez le mot de passe de l'ordinateur pour installer les certificats."
+
+ fi
+}
diff --git a/03-set_version.sh b/03-set_version.sh
new file mode 100644
index 0000000..c079af5
--- /dev/null
+++ b/03-set_version.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+set_version() {
+ # Linux
+ for os in /etc/os-release /usr/lib/os-release; do
+ [ -f $os ] && . $os && break
+ done
+ [ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')"
+ [ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')"
+ [ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')"
+ [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')"
+ [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')"
+
+ # MacOS
+ if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then
+ temp=
+ while read -r line; do
+ case $line in
+ *ProductVersion*) temp=.;;
+ *)
+ [ "$temp" ] || continue
+ VERSION_ID=${line#*>}
+ break
+ esac
+ done < "$v"
+ ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')"
+ fi
+
+ [ "$ID" = "debian" -o "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
+ [ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
+ [ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
+ [ "$ID" = "macos" ] && FILE="ClientesMac_rev34.zip"
+}
diff --git a/04-utils-menus.sh b/04-utils-menus.sh
new file mode 100644
index 0000000..4944034
--- /dev/null
+++ b/04-utils-menus.sh
@@ -0,0 +1,20 @@
+#!/bin/sh
+
+get_pass() {
+ # @@@ Add kdialog
+ MENU="$1" TITLE="$2"
+
+ if [ "$MENU" = "zenity" ] ; then
+ zenity --title "$TITLE" --password
+ else
+ echo
+ fi
+}
+
+term_prompt() {
+ TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4"
+ if [ "$MODE" = "info" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi
+ if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi
+ if [ "$MODE" = "list" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi
+ if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi
+}
diff --git a/05-depend.sh b/05-depend.sh
new file mode 100644
index 0000000..45fc0e3
--- /dev/null
+++ b/05-depend.sh
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+install_deps() {
+ # @@@ Support other distros
+ MENU="$1"
+ if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
+ echo
+ elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
+ # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
+ get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
+ apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx
+ systemctl enable --now pcscd.socket
+ '
+ elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
+ echo
+ elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
+ echo
+ fi
+}
diff --git a/06-install.sh b/06-install.sh
new file mode 100644
index 0000000..4a464c8
--- /dev/null
+++ b/06-install.sh
@@ -0,0 +1,125 @@
+#!/bin/sh
+
+config_deb_idpclientdb() {
+mkdir -p /etc/Athena/
+echo "
+
+
+
+
+
+ 3BDC00FF8091FE1FC38073C821106600000000000000
+ FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000
+
+
+
+
+
+
+ 3BEA00008131FE450031C173C840000090007A
+ FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
+
+
+
+
+" | tee /etc/Athena/IDPClientDB.xml
+}
+
+config_deb_update_symlinks() {
+echo "#!/bin/sh
+
+FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
+FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
+THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
+NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
+
+if [ -e \"\$FIREFOX_LIB\" ]
+then
+ if ! [ -L \"\$FIREFOX_LIB\" ]
+ then
+ echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
+ mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
+ ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
+ fi
+fi
+
+if [ -e \"\$FIREFOX_ESR_LIB\" ]
+then
+ if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
+ then
+ echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
+ mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
+ ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
+ fi
+fi
+
+if [ -e \"\$THUNDERBIRD_LIB\" ]
+then
+ if ! [ -L \"\$THUNDERBIRD_LIB\" ]
+ then
+ echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
+ mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
+ ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
+ fi
+fi
+
+if [ -e \"\$NSS_LIB\" ]
+then
+ if ! [ -L \"\$NSS_LIB\" ]
+ then
+ echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
+ mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
+ ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
+ fi
+fi" | tee /usr/local/sbin/update-p11-kit-symlinks
+chmod +x /usr/local/sbin/update-p11-kit-symlinks
+}
+
+config_deb_systemd_p11_update() {
+echo "[Unit]
+Description=mantenimiento de enlaces a p11-kit-proxy
+
+[Service]
+Type=oneshot
+ExecStart=/usr/local/sbin/update-p11-kit-symlinks
+
+[Install]
+WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service
+systemctl enable --now p11-kit-proxy-updater.service
+}
+
+install_certs() {
+ # @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/
+ MENU="$1"
+ if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
+ echo
+ elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
+ # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
+ get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
+ for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done
+ for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
+ for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done
+ for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done
+ update-ca-certificates --fresh
+ '
+ ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so
+ get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
+ cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
+ mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/
+ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
+ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
+ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
+ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
+ ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
+ config_deb_idpclientdb
+ config_deb_update_symlinks
+ config_deb_systemd_p11_update
+ mkdir -p /etc/pkcs11/modules/
+ echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module
+ '
+ elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
+ echo
+ elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
+ echo
+ fi
+}
diff --git a/07-main.sh b/07-main.sh
new file mode 100644
index 0000000..90d3079
--- /dev/null
+++ b/07-main.sh
@@ -0,0 +1,97 @@
+#!/bin/sh
+# TODO:
+# - Extraer fichero y automatizar el proceso de instalación descrito en:
+# https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
+
+# main
+set_lang
+set_version
+
+if [ -e "/bin/zenity" ] ; then
+ MENU="zenity"
+ # Welcome
+ zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
+
+ # Select file to be downloaded if os can't be determined
+ [ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \
+ --column "$FILENAME" --column "$FILEDESC" \
+ "ClientesMac_rev34.zip" "macOSX 10.14 o superior" \
+ "ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \
+ "ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \
+ "ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \
+ --print-column=1)"
+
+ install_deps "$MENU" | zenity --title "$TITLE" --text "$PROMPT_DEPS" --progress --pulsate --auto-close
+
+ # Ask for serial number
+ SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
+ [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
+
+ # Generate tempkey & Define DOWNLOAD_URL
+ TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
+ [ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
+ DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
+
+ # Define where to save file
+ if [ -d "/tmp" ] ; then
+ SAVE_DIR="/tmp"
+ else
+ zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info
+ SAVE_DIR="$(zenity --file-selection --directory)"
+ fi
+ [ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1
+ SAVE_FILE="$SAVE_DIR/$FILE"
+
+ # Download file & show progress
+ SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
+ (curl "$DOWNLOAD_URL" -o "$SAVE_FILE") &
+ while true ; do
+ sleep 0.5
+ DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0
+ r=$(((DOWN*10000)/SIZE))
+ printf '%d\n' ${r%??}
+ done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress
+
+ while true ; do
+ ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
+ [ -z "$ACTIVE" ] && break
+ sleep 0.5
+ done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --pulsate --auto-close
+
+ ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
+ [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
+
+ #install_certs "$MENU"
+else
+ echo
+ # Welcome
+ #term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL
+
+ # Select file to be downloaded
+ #LIST="$(printf '\033[4m1\033[0m - ClientesMac_rev34.zip | macOSX 10.14 o superior
+# \03[4m2\033[0m - ClientesLinux_DEB64_Rev25.zip | Ubuntu 18.04 LTS o superior, Debian 10
+# \03[4m3\033[0m - ClientesLinux_CentOS7_Rev6.zip | CentOS 7
+# \03[4m4\033[0m - ClientesLinux_RPM64_Rev24.zip | Fedora 34 o superior, CentOS Stream 9')"
+ #term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE
+ #[ "$FILE" = "1" ] && FILE="ClientesMac_rev34.zip"
+ #[ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
+ #[ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
+ #[ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
+
+ # Ask for serial number
+ #term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
+ #[ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
+
+ # Generate tempkey & Define DOWNLOAD_URL
+ #TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
+ #[ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
+ #DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
+
+ # Define where to save file
+ #mkdir -p "$HOME/Library/Caches/TemporaryItems/instalador-firma-digital"
+ #SAVE_FILE="$HOME/Library/Caches/TemporaryItems/instalador-firma-digital/$FILE"
+
+ # Download file & show progress
+ #term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo
+ #curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar
+fi
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..cf3d0da
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,10 @@
+SCRIPT=instalador-certificados.sh
+
+all: $(SCRIPT)
+
+$(SCRIPT): $(wildcard [0-9][0-9]-*.sh)
+ printf '#!/bin/sh\n' > $@
+ for i in $? ; do cat $$i ; done | sed '/^ *#.*$$/d' >> $@
+
+clean:
+ rm -rf $(SCRIPT)
diff --git a/instalador-firma-digital.sh b/instalador-firma-digital.sh
deleted file mode 100644
index e0887ee..0000000
--- a/instalador-firma-digital.sh
+++ /dev/null
@@ -1,389 +0,0 @@
-#!/bin/sh
-# TODO:
-# - Alguna manera de buscar el lenguaje del sistema para pasarlo en set_lang
-# - Extraer fichero y automatizar el proceso de instalación descrito en:
-# https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
-
-set_lang() {
- # See: /var/lib/AccountsService/users/
- SLANG="$(sed '/^ *#/d;/^ *$/d;s/^.*="//g;s/_.*//g' /etc/default/locale | head -n 1)"
- [ -z "$SLANG" ] && SLANG="es"
-
- if [ "$SLANG" = "es" ] ; then
- TITLE="Instalador firma digital"
- PROMPT_WELCOME="Bienvenido al asistente de instalación de certificados para firma digial."
- PROMPT_FILE="Seleccione el fichero que corresponde a su sistema operativo."
- PROMPT_DEPS="Instalando dependencias."
- FILENAME="Archivo"
- FILEDESC="Sistema"
- PROMPT_SERIAL="Ingrese el número serial impreso al reverso de la tarjeta."
- PROMPT_ERR_SERIAL="Error al obtener el número serial de la tarjeta, abortando."
- PROMPT_ERR_DOWNLOAD="Error al descargar el fichero desde Centro de Soporte Firma Digital, abortando."
- PROMPT_DIR_FILE="A continuación, deberá seleccionar la carpeta donde quiere que se descargue y se extraigan los contenidos del fichero seleccionado"
- PROMPT_ERR_DIR_FILE="Error al seleccionar la carpeta de descarga para el fichero, abortando."
- PROMPT_DOWNLOAD="Descargando $FILE desde Centro de Soporte Firma Digital..."
- PROMPT_ERR_DOWN_FILE="Error al descargar el fichero, abortando."
- SUDO_DEB_BROWSER="Ingrese la contraseña de la computadora para instalar Firefox desde mozilla."
- SUDO_DEB_DEPS="Ingrese la contraseña de la computadora para instalar las dependencias."
- SUDO_DEB_CERTS="Ingrese la contraseña de la computadora para instalar los certificados."
-
- elif [ "$SLANG" = "en" ] ; then
- TITLE="Digital signature installer"
- PROMPT_WELCOME="Welcome to the digital signing certificate installation wizard."
- PROMPT_FILE="Select the file that corresponds to your operating system."
- PROMPT_DEPS="Installing dependencies."
- FILENAME="File"
- FILEDESC="System"
- PROMPT_SERIAL="Enter the serial number printed on the back of the card."
- PROMPT_ERR_SERIAL="Error obtaining the card serial number, aborting."
- PROMPT_ERR_DOWNLOAD="Error downloading the file from the Digital Signature Support Center, aborting."
- PROMPT_DIR_FILE="Next, you must select the folder where you want the contents of the selected file to be downloaded and extracted"
- PROMPT_ERR_DIR_FILE="Error selecting the download folder for the file, aborting."
- PROMPT_DOWNLOAD="Downloading $FILE from the Digital Signature Support Center..."
- PROMPT_ERR_DOWN_FILE="Error downloading file, aborting."
- SUDO_DEB_BROWSER="Enter the computer password to install Firefox from mozilla."
- SUDO_DEB_DEPS="Enter the computer password to install dependencies."
- SUDO_DEB_CERTS="Enter the computer password to install certificates."
-
- elif [ "$SLANG" = "fr" ] ; then
- TITLE="Installation de signature"
- TITLE="Installateur de signature"
- PROMPT_WELCOME="Bienvenue dans l'assistant d'installation du certificat de signature."
- PROMPT_FILE="Sélectionnez le fichier qui correspond à votre système d'exploitation."
- PROMPT_DEPS="Installation des dépendances."
- FILENAME="Fichier"
- FILEDESC="Système"
- PROMPT_SERIAL="Entrez le numéro de série imprimé au dos de la carte."
- PROMPT_ERR_SERIAL="Erreur d'obtention du numéro de série de la carte, abandon."
- PROMPT_ERR_DOWNLOAD="Erreur lors du téléchargement du fichier depuis le Centre de support des signatures numériques, abandon."
- PROMPT_DIR_FILE="Ensuite, vous devez sélectionner le dossier dans lequel vous souhaitez que le contenu du fichier sélectionné soit téléchargé et extrait"
- PROMPT_ERR_DIR_FILE="Erreur lors de la sélection du dossier de téléchargement du fichier, abandon."
- PROMPT_DOWNLOAD="Téléchargement de $FILE depuis le Centre de support des signatures numériques..."
- PROMPT_ERR_DOWN_FILE="Erreur de téléchargement du fichier, abandon."
- SUDO_DEB_BROWSER="Entrez le mot de passe de l'ordinateur pour installer Firefox depuis mozilla."
- SUDO_DEB_DEPS="Entrez le mot de passe de l'ordinateur pour installer les dépendances."
- SUDO_DEB_CERTS="Entrez le mot de passe de l'ordinateur pour installer les certificats."
-
- fi
-}
-
-set_file() {
- # Linux
- for os in /etc/os-release /usr/lib/os-release; do
- [ -f $os ] && . $os && break
- [ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')"
- [ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')"
- [ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')"
- [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')"
- [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')"
- done
-
- # MacOS
- if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then
- temp=
- while read -r line; do
- case $line in
- *ProductVersion*) temp=.;;
- *)
- [ "$temp" ] || continue
- VERSION_ID=${line#*>}
- break
- esac
- done < "$v"
- ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')"
- fi
-
- [ "$ID" = "debian" -o "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
- [ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
- [ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
- [ "$ID" = "macos" ] && FILE="ClientesMac_rev34.zip"
-}
-
-urlencode() {
- ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )"
- printf '%s' "$ENCODEDURL" | sed 's/%0[aA]$//;s/^.*[?]//'
-}
-
-get_asp_var() {
- i=0
- for VAR in __VIEWSTATE __VIEWSTATEGENERATOR __EVENTVALIDATION ; do
- VAL="$(printf '%s' "$RESPONSE" | grep "id=\"$VAR\"" | cut -d '"' -f 8 | urlencode)"
- [ "$i" != 0 ] && printf '&'
- printf '%s=%s' "$VAR" "$VAL"
- i=+1
- done
-}
-
-download_iso() {
- hiddenISO="$1" SN="$2"
- URL="https://soportefirmadigital.com/sfdj/dl.aspx"
- RESPONSE="$(curl -s --compressed "$URL" -o -)"
- ASP_VARS="$(get_asp_var)"
-
- curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
- --data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \
- --data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \
- --data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \
- --data-raw "ctl00%24certContents%24chkConfirmo=on" \
- -o -
-}
-
-get_pass() {
- # @@@ Add kdialog
- MENU="$1" TITLE="$2"
-
- if [ "$MENU" = "zenity" ] ; then
- zenity --title "$TITLE" --password
- else
- echo
- fi
-}
-
-install_deps() {
- # @@@ Support other distros
- MENU="$1"
- if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
- echo
- elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
- if [ "$DEB_BROWSER" = "yes" ] ; then
- # Source: https://support.mozilla.org/en-US/kb/install-firefox-linux
- get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
- snap remove --purge firefox
- apt remove --purge -y firefox
- install -d -m 0755 /etc/apt/keyrings
- printf "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | tee /etc/apt/sources.list.d/mozilla.list > /dev/null
- wget -qO - https://packages.mozilla.org/apt/repo-signing-key.gpg | tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null
- printf "Package: *\nPin: origin packages.mozilla.org\nPin-Priority: 1000" | tee /etc/apt/preferences.d/mozilla
- apt-get update
- apt-get install -y firefox firefox-l10n-es-*
- '
- fi
- # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
- get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
- apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx
- systemctl enable --now pcscd.socket
- '
- elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
- echo
- elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
- echo
- fi
-}
-
-config_deb_idpclientdb() {
-mkdir -p /etc/Athena/
-echo "
-
-
-
-
-
- 3BDC00FF8091FE1FC38073C821106600000000000000
- FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000
-
-
-
-
-
-
- 3BEA00008131FE450031C173C840000090007A
- FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF
-
-
-
-
-" | tee /etc/Athena/IDPClientDB.xml
-}
-
-config_deb_update_symlinks() {
-echo "#!/bin/sh
-
-FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so
-FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so
-THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so
-NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so
-
-if [ -e \"\$FIREFOX_LIB\" ]
-then
- if ! [ -L \"\$FIREFOX_LIB\" ]
- then
- echo \"Firefox libnssckbi.so is not a symlink. Fixing...\"
- mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak
- ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\"
- fi
-fi
-
-if [ -e \"\$FIREFOX_ESR_LIB\" ]
-then
- if ! [ -L \"\$FIREFOX_ESR_LIB\" ]
- then
- echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\"
- mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak
- ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\"
- fi
-fi
-
-if [ -e \"\$THUNDERBIRD_LIB\" ]
-then
- if ! [ -L \"\$THUNDERBIRD_LIB\" ]
- then
- echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\"
- mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak
- ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\"
- fi
-fi
-
-if [ -e \"\$NSS_LIB\" ]
-then
- if ! [ -L \"\$NSS_LIB\" ]
- then
- echo \"NSS libnssckbi.so is not a symlink. Fixing...\"
- mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak
- ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\"
- fi
-fi" | tee /usr/local/sbin/update-p11-kit-symlinks
-chmod +x /usr/local/sbin/update-p11-kit-symlinks
-}
-
-config_deb_systemd_p11_update() {
-echo "[Unit]
-Description=mantenimiento de enlaces a p11-kit-proxy
-
-[Service]
-Type=oneshot
-ExecStart=/usr/local/sbin/update-p11-kit-symlinks
-
-[Install]
-WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service
-systemctl enable --now p11-kit-proxy-updater.service
-}
-
-install_certs() {
- # @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/
- MENU="$1"
- if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then
- echo
- elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
- # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
- get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
- for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done
- for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
- for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done
- for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done
- update-ca-certificates --fresh
- '
- ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so
- get_pass "$MENU" "$TITLE" | sudo -Sk sh -c '
- cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
- mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/
- ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
- ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
- ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
- ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
- ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
- config_deb_idpclientdb
- config_deb_update_symlinks
- config_deb_systemd_p11_update
- mkdir -p /etc/pkcs11/modules/
- echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module
- '
- elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
- echo
- elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
- echo
- fi
-}
-
-term_prompt() {
- TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4"
- if [ "$MODE" = "info" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi
- if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi
- if [ "$MODE" = "list" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi
- if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi
-}
-
-# main
-set_lang
-
-if [ -e "/bin/zenity" ] ; then
- MENU="zenity"
- # Welcome
- zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
-
- set_file
- # Select file to be downloaded if os can't be determined
- [ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \
- --column "$FILENAME" --column "$FILEDESC" \
- "ClientesMac_rev34.zip" "macOSX 10.14 o superior" \
- "ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \
- "ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \
- "ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \
- --print-column=1)"
-
- install_deps "$MENU" | zenity --title "$TITLE" --text "$PROMPT_DEPS" --progress --pulsate --auto-close
-
- # Ask for serial number
- SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
- [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
-
- # Generate tempkey & Define DOWNLOAD_URL
- TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
- [ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
- DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
-
- # Define where to save file
- zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info
- SAVE_DIR="$(zenity --file-selection --directory)"
- [ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1
- SAVE_FILE="$SAVE_DIR/$FILE"
-
- # Download file & show progress
- SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
- (curl "$DOWNLOAD_URL" -o "$SAVE_FILE") &
- while true ; do
- DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0
- r=$(((DOWN*10000)/SIZE))
- printf '%d\n' ${r%??}
- sleep 0.5
- done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --auto-close
- while true ; do
- ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
- [ -z "$ACTIVE" ] && break
- sleep 0.5
- done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --pulsate --auto-close
- ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
- [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
-
- install_certs "$MENU"
-else
- # Welcome
- term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL
-
- # Select file to be downloaded
- LIST="$(printf '\033[4m1\033[0m - ClientesMac_rev34.zip | macOSX 10.14 o superior
-\033[4m2\033[0m - ClientesLinux_DEB64_Rev25.zip | Ubuntu 18.04 LTS o superior, Debian 10
-\033[4m3\033[0m - ClientesLinux_CentOS7_Rev6.zip | CentOS 7
-\033[4m4\033[0m - ClientesLinux_RPM64_Rev24.zip | Fedora 34 o superior, CentOS Stream 9')"
- term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE
- [ "$FILE" = "1" ] && FILE="ClientesMac_rev34.zip"
- [ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
- [ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
- [ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
-
- # Ask for serial number
- term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
- [ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
-
- # Generate tempkey & Define DOWNLOAD_URL
- TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
- [ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
- DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
-
- # Define where to save file
- mkdir -p "$HOME/Library/Caches/TemporaryItems/instalador-firma-digital"
- SAVE_FILE="$HOME/Library/Caches/TemporaryItems/instalador-firma-digital/$FILE"
-
- # Download file & show progress
- term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo
- curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar
-fi
diff --git a/tests/shellcheck.sh b/tests/shellcheck.sh
new file mode 100644
index 0000000..f76ec88
--- /dev/null
+++ b/tests/shellcheck.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+SCRIPT="$(grep 'SCRIPT *=' Makefile)"
+SCRIPT="${SCRIPT#*=}"
+
+shellcheck -x --shell=sh --format=gcc "$SCRIPT"