From b5d8bcad66e5bdb50101185571f7d904d0039669 Mon Sep 17 00:00:00 2001
From: tavo-wasd <gustavo@gustavocalvo.xyz>
Date: Wed, 8 May 2024 07:17:28 -0600
Subject: [PATCH] auto select, support for more distros

---
 01-utils.sh   | 117 ++++++++++++++++-----------------------
 03-install.sh | 149 ++++++++++++++++++++++++++++++++++----------------
 04-main.sh    |  64 +++++++---------------
 3 files changed, 171 insertions(+), 159 deletions(-)

diff --git a/01-utils.sh b/01-utils.sh
index 2b63af2..b3deee7 100644
--- a/01-utils.sh
+++ b/01-utils.sh
@@ -1,6 +1,4 @@
 #!/bin/sh
-# - TODO:
-# - kdialog and terminal get_pass
 
 urlencode() {
     ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )"
@@ -17,95 +15,74 @@ get_asp_var() {
     done
 }
 
-download_iso() {
-    hiddenISO="$1" SN="$2"
+get_archive() {
     URL="https://soportefirmadigital.com/sfdj/dl.aspx"
+    VERSION="$(printf '%s' "$VERSION" | urlencode)"
     RESPONSE="$(curl -s --compressed "$URL" -o -)"
     ASP_VARS="$(get_asp_var)"
 
-    curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
+    FILE="$(curl -s "$URL" --data-raw "$ASP_VARS" --data-raw "ctl00%24certContents%24ddlInstaladores=$VERSION" |
+        grep 'hiddenISO.*value="' | sed 's/^.*value="//g;s/".*$//g')"
+    [ -z "$FILE" ] && return 1
+
+    TEMPKEY="$(curl -s --compressed "$URL" --data-raw "$ASP_VARS" \
         --data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \
-        --data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \
-        --data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \
+        --data-raw "ctl00%24certContents%24hiddenISO=$FILE" \
+        --data-raw "ctl00%24certContents%24txtSerialNumber=$SERIAL" \
         --data-raw "ctl00%24certContents%24chkConfirmo=on" \
-        -o -
+        -o - | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
+    [ -z "$TEMPKEY" ] && return 1
+
+    printf '%s %s' "$FILE" "$TEMPKEY"
 }
 
 set_version() {
-    # Linux
     for os in /etc/os-release /usr/lib/os-release; do
         [ -f $os ] && . $os && break
     done
-    [ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')"
-    [ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')"
-    [ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')"
-    [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')"
-    [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')"
 
-    # MacOS
-    if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then
-        temp=
-        while read -r line; do
-            case $line in
-                *ProductVersion*) temp=.;;
-                *)
-                    [ "$temp" ] || continue
-                    VERSION_ID=${line#*>}
-                    break
-            esac
-        done < "$v"
-        ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')"
-    fi
+    case "$ID" in
+        debian) ID="$ID" ;;
+        ubuntu) ID="debian" ;;
+        fedora) ID="$ID" ;;
+        rhel) ID="fedora" ;;
+        centos) [ "$VERSION_ID" -eq 9 ] && ID="fedora" ;;
+        *suse*) ID="suse" ;;
+        sles) ID="suse" ;;
+        sled) ID="suse" ;;
+        arch) ID="$ID" ;;
+        manjaro) ID="arch" ;;
+        *) ID="${ID_LIKE%% *}" ;;
+    esac
 
-    [ "$ID" = "debian" ] || [ "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
-    [ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
-    [ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
-    [ "$ID" = "macos" ]  && FILE="ClientesMAC_rev35.dmg"
-}
+    [ "$ID" = "ubuntu" ] && ID="debian"
+    [ "$ID" = "rhel" ]   && ID="fedora"
+    [ -f /System/Library/CoreServices/SystemVersion.plist ] && ID="macos"
 
-get_pass() {
-    MENU="$1" TITLE="$2"
-
-    if [ "$MENU" = "zenity" ] ; then
-        zenity --title "$TITLE" --password
-    else
-        echo
-    fi
+    case "$ID" in
+        debian) VERSION="Usuarios Linux (DEB 64bits)" ;;
+        fedora) VERSION="Usuarios Linux (RPM 64bits)" ;;
+        suse)   VERSION="Usuarios Linux (RPM 64bits)" ;;
+        arch)   VERSION="Usuarios Linux (RPM 64bits)" ;;
+        centos) VERSION="Usuarios Linux RPM (CentOS 7)" ;;
+        macos)  VERSION="Usuarios MAC" ;;
+        *) return 1 ;;
+    esac
 }
 
 term_prompt() {
-    TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4"
-    if [ "$MODE" = "info" ]  ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi
-    if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi
-    if [ "$MODE" = "list" ]  ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi
-    if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi
+    MODE="$1" PROMPT="$2"
+    [ "$MODE" = "info" ]  && printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT"
+    [ "$MODE" = "entry" ] && printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT"
+    [ "$MODE" = "error" ] && printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n'     "$TITLE" "$PROMPT"
 }
 
 firmador_libre() {
-FIRMADOR="https://firmador.libre.cr/firmador.jar"
-
-if [ "$FILE" = "ClientesMAC_rev35.dmg" ] ; then
-    echo
-elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
+    FIRMADOR="https://firmador.libre.cr/firmador.jar"
     DIR="$HOME/.local/share/firmador"
-elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
-    echo
-elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
-    echo
-fi
+    [ "$ID" = "macos" ] && DIR="$HOME/.local/share/firmador"
 
-mkdir -p "$DIR"
-(cd "$DIR" && curl -O "$FIRMADOR")
-# Add DESKTOP entry
-}
-
-check_deps() {
-[ "$FILE" = "ClientesMAC_rev35.dmg" ] &&
-    echo
-[ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] &&
-    for cmd in curl unzip ; do if ! command -v "$cmd" > /dev/null ; then printf '%s ' "$cmd" ; fi ; done
-[ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] &&
-    echo
-[ "$FILE" = "ClientesLinux_RPM64_Rev24" ] &&
-    echo
+    mkdir -p "$DIR"
+    (cd "$DIR" && curl -O "$FIRMADOR")
+    # Add DESKTOP entry
 }
diff --git a/03-install.sh b/03-install.sh
index 6785d27..44f511f 100644
--- a/03-install.sh
+++ b/03-install.sh
@@ -1,43 +1,37 @@
 #!/bin/sh
 
-deb_install_certs() {
+debian_install_certs() {
 # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/
-SAVE_FILE="$1"
-SAVE_DIR="${SAVE_FILE%/*}"
-[ -z "$SAVE_DIR" ] && return 1
+# Extraer fichero descargado
+printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
+    certname="${cert##*/}"
+    printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
+done
 
-SUDO_PASSWORD="$(get_pass "$MENU" "$TITLE")"
-[ -z "$SUDO_PASSWORD" ] && return 1
+# Extraer módulo privativo
+printf '\033[1mExtraer módulo privativo...\033[0m\n' # DEBUG
+PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.deb")"
+PACKAGE_DIR="${PACKAGE%/*}"
+PACKAGE="${PACKAGE##*/}"
+(cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
 
-printf '\033[1mInstalando y habilitando dependencias...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
+# Instalar componentes
+printf '\033[1mPaquetería, certificados y módulos...\033[0m\n' # DEBUG
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c '
+# --- Prerequisitos ---
 apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx > /dev/null
 systemctl enable --now pcscd.socket > /dev/null
-'
-
-# Instalación de los certificados
-(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
-printf '\033[1mInstalando Certificados...\033[0m\n' # DEBUG
-for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do
-    certname="${cert##*/}" ; printf '%s' "$SUDO_PASSWORD" | sudo -S cp "$cert" /usr/local/share/ca-certificates/"${certname%.cer}.crt"
-done
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
+# --- Certificados ---
 for file in /usr/local/share/ca-certificates/*.crt ; do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done
 find /usr/local/share/ca-certificates/ -type f -empty -delete
 for i in /usr/local/share/ca-certificates/*.tmp ; do mv "$i" "${i%.tmp}" ; done
 update-ca-certificates --fresh > /dev/null
-'
-
-# Instalación del módulo PKCS#11
-printf '\033[1mInstalando Módulo PKCS#11...\033[0m\n' # DEBUG
-PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient_*.deb")"
-PACKAGE_DIR="${PACKAGE%/*}"
-PACKAGE="${PACKAGE##*/}"
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
-mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/ ; mkdir -p /usr/lib/x86_64-linux-gnu/'
-(cd "$PACKAGE_DIR" && ar p "$PACKAGE" data.tar.gz | tar zx ./usr/lib/x64-athena/libASEP11.so)
-printf '%s' "$SUDO_PASSWORD" | sudo -S cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c '
+# --- Instalación del módulo PKCS#11 ---
+mkdir -p /usr/lib/x64-athena
+mkdir -p /Firma_Digital/LIBRERIAS
 ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/
 ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/
 ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/
@@ -45,9 +39,11 @@ ln -sf /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/
 ln -sf /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS
 '
 
+# Archivos de configuración
+
 printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
-mkdir -p /etc/Athena/
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+mkdir -p /etc/Athena
 echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 <IDProtect>
  <TokenLibs>
@@ -72,13 +68,13 @@ echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
 "
 
 printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
 mkdir -p /usr/share/p11-kit/modules
 echo 'remote: |bwrap --unshare-all --dir /tmp --ro-bind /etc/Athena /etc/Athena --proc /proc --dev /dev --ro-bind /usr /usr --ro-bind /lib /lib --ro-bind /lib64 /lib64 --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd p11-kit remote /usr/lib/x86_64-linux-gnu/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
 "
 
 printf '\033[1mConfigurando p11-kit update symlinks...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
 mkdir -p /usr/local/sbin
 echo \"#!/bin/sh
 
@@ -130,7 +126,7 @@ chmod +x /usr/local/sbin/update-p11-kit-symlinks
 "
 
 printf '\033[1mConfigurando módulo mantenimiento systemd...\033[0m\n' # DEBUG
-sudo sh -c "
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
 mkdir -p /etc/systemd/system
 echo \"[Unit]
 Description=mantenimiento de enlaces a p11-kit-proxy
@@ -146,23 +142,84 @@ systemctl enable --now p11-kit-proxy-updater.service > /dev/null
 "
 
 printf '\033[1mInstalando trust module pk11...\033[0m\n' # DEBUG
-printf '%s' "$SUDO_PASSWORD" | sudo -S sh -c "
-mkdir -p /etc/pkcs11/modules/
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+mkdir -p /etc/pkcs11/modules
 echo 'disable-in:' > /etc/pkcs11/modules/p11-kit-trust.module
 "
 }
 
-install_certs() {
-SAVE_FILE="$1"
-FILE="${SAVE_FILE##*/}"
+fedora_install_certs() {
+# Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-fedora/
+# Extraer fichero descargado
+printf '\033[1mExtraer fichero...\033[0m\n' # DEBUG
+(cd "$SAVE_DIR" && unzip -u "$SAVE_FILE" > /dev/null)
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$(find "$SAVE_DIR" -name "Certificados")"/* /usr/share/pki/ca-trust-source/anchors/
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk update-ca-trust
 
-if [ "$FILE" = "ClientesMAC_rev35.dmg" ] ; then
-    open "$SAVE_FILE"
-elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then
-    deb_install_certs "$SAVE_FILE" || return 1
-elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then
-    echo
-elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then
+# Extraer módulo privativo
+printf '\033[1mExtraer módulo privativo...\033[0m\n' # DEBUG
+PACKAGE="$(find "$SAVE_DIR" -name "idprotectclient[-_]*.rpm")"
+PACKAGE_DIR="${PACKAGE%/*}"
+PACKAGE="${PACKAGE##*/}"
+(cd "$PACKAGE_DIR" && rpm2cpio "$PACKAGE" | cpio -dim ./usr/lib/x64-athena/libASEP11.so)
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk cp -p "$PACKAGE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib64/
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c '
+mkdir -p /usr/lib/x64-athena/
+mkdir -p /Firma_Digital/LIBRERIAS/
+ln -s /usr/lib64/libASEP11.so /usr/lib/x64-athena/
+ln -s /usr/lib64/libASEP11.so /usr/lib/
+ln -s /usr/lib64/libASEP11.so /usr/local/lib/
+ln -s /usr/lib64/libASEP11.so /Firma_Digital/LIBRERIAS/
+ln -s /usr/share/pki/ca-trust-source/anchors /Firma_Digital/CERTIFICADOS
+'
+
+# Archivos de configuración
+
+printf '\033[1mConfigurando IDPClientDB...\033[0m\n' # DEBUG
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+mkdir -p /etc/Athena
+echo \"<?xml version=\"1.0\" encoding=\"utf-8\" ?>
+<IDProtect>
+ <TokenLibs>
+  <IDProtect>
+   <Cards>
+    <IDProtectXF>
+     <ATR type='hexBinary'>3BDC00FF8091FE1FC38073C821106600000000000000</ATR>
+     <ATRMask type='hexBinary'>FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000</ATRMask>
+    </IDProtectXF>
+   </Cards>
+  </IDProtect>
+  <ChipDoc>
+   <Cards>
+    <ChipDocEMV>
+     <ATR type='hexBinary'>3BEA00008131FE450031C173C840000090007A</ATR>
+     <ATRMask type='hexBinary'>FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF</ATRMask>
+    </ChipDocEMV>
+   </Cards>
+  </ChipDoc>
+ </TokenLibs>
+</IDProtect>\" > /etc/Athena/IDPClientDB.xml
+"
+
+printf '\033[1mConfigurando p11-kit/modules...\033[0m\n' # DEBUG
+printf '%s' "$SUDO_PASSWORD" | sudo -Sk sh -c "
+mkdir -p /usr/share/p11-kit/modules
+echo 'remote: |bwrap --unshare-all --dir /tmp --proc /proc --dev /dev --ro-bind /etc/Athena /etc/Athena --ro-bind /usr /usr --ro-bind /var/run/pcscd /var/run/pcscd --ro-bind /run/pcscd /run/pcscd --symlink /usr/lib64 /lib64 p11-kit remote /usr/lib64/libASEP11.so' > /usr/share/p11-kit/modules/firma-digital.module
+"
+}
+
+install_certs() {
+[ -z "$SUDO_PASSWORD" ] && return 1
+[ -z "$SAVE_FILE" ] && return 1
+SAVE_DIR="${SAVE_FILE%/*}"
+
+if   [ "$ID" = "macos" ] ; then
+    open "$SAVE_FILE" || return 1
+elif [ "$ID" = "debian" ] ; then
+    debian_install_certs || return 1
+elif [ "$ID" = "fedora" ] ; then
+    fedora_install_certs || return 1
+elif [ "$ID" = "centos" ] ; then
     echo
 fi
 }
diff --git a/04-main.sh b/04-main.sh
index 743eb1e..29d44af 100644
--- a/04-main.sh
+++ b/04-main.sh
@@ -7,42 +7,29 @@
 # main
 set_lang
 set_version
-MISSING="$(check_deps)"
 
 if command -v zenity > /dev/null ; then
     MENU="zenity"
     zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info
-    [ -n "$MISSING" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS $MISSING" --error && exit 1
-
-    # Select file to be downloaded if os can't be determined
-    [ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \
-        --column "$FILENAME" --column "$FILEDESC" \
-        "ClientesMAC_rev35.dmg" "macOSX 10.14 o superior" \
-        "ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \
-        "ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \
-        "ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \
-        --print-column=1)"
+    ! command -v curl > /dev/null && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS curl" --error && exit 1
 
     # Serial number is required for download
     SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)"
     [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1
+
     # Generate tempkey & Define DOWNLOAD_URL
-    TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
-    [ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
-    DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
-    # Define where to save file
-    if [ -d "/tmp" ] ; then
-        SAVE_DIR="/tmp/soportefirmadigital"
-        mkdir -p "$SAVE_DIR"
-    else
-        zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info
-        SAVE_DIR="$(zenity --file-selection --directory)"
-    fi
-    [ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1
+    ARCHIVE="$(get_archive)"
+    TEMPKEY="${ARCHIVE##* }"
+    FILE="${ARCHIVE%% *}"
+    DOWNLOAD_URL="$(printf 'https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=%s' "$TEMPKEY")"
+    [ -z "$DOWNLOAD_URL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
+    [ -z "$ARCHIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
+    SAVE_DIR="/tmp/soportefirmadigital"
     SAVE_FILE="$SAVE_DIR/$FILE"
+    mkdir -p "$SAVE_DIR"
+    SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
 
     # Download file & show progress
-    SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
     (curl -sL "$DOWNLOAD_URL" -o "$SAVE_FILE") &
     while true ; do
         sleep 0.5
@@ -58,39 +45,30 @@ if command -v zenity > /dev/null ; then
     ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')"
     [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1
 
-    # Install dependencies, components and
-    # certificates according to OS
-    install_certs "$SAVE_FILE" | zenity --title "$TITLE" --text "$PROMPT_DEPS_INSTALL" --progress --pulsate --auto-close
+    # Install dependencies, components and certificates according to OS
+    SUDO_PASSWORD="$(zenity --title "$TITLE" --password)"
+    [ -z "$SUDO_PASSWORD" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
+    install_certs | zenity --title "$TITLE" --text "$PROMPT_DEPS_INSTALL" --progress --pulsate --auto-close
     # zenity --title "$TITLE" --text "$PROMPT_ERR_DEPS_INSTALL" --error && exit 1
 
     zenity --title "$TITLE" --text "$PROMPT_END_SUCCESS" --info
 
 else
+    MENU="term"
     term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL
-    [ -n "$MISSING" ] && term_prompt "$TITLE" "$PROMPT_ERR_DEPS $MISSING" error && exit 1
-
-    # Select file automatically or manually otherwise
-    LIST="$(printf '1 - ClientesMAC_rev35.dmg           | macOSX 10.14 o superior
-2 - ClientesLinux_DEB64_Rev25.zip   | Ubuntu 18.04 LTS o superior, Debian 10
-3 - ClientesLinux_CentOS7_Rev6.zip  | CentOS 7
-4 - ClientesLinux_RPM64_Rev24.zip   | Fedora 34 o superior, CentOS Stream 9')"
-    [ -z "$FILE" ] && term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE
-    [ "$FILE" = "1" ] && FILE="ClientesMAC_rev35.dmg"
-    [ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip"
-    [ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip"
-    [ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip"
+    ! command -v curl && term_prompt "$TITLE" "$PROMPT_ERR_DEPS curl" error && exit 1
 
     # Serial number is required for download
     term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL
     [ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1
+
     # Generate tempkey & Define DOWNLOAD_URL
-    TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')"
-    [ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
-    DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY"
-    # Define where to save file
+    DOWNLOAD_URL="$(get_certs_url)"
+    [ -z "$DOWNLOAD_URL" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1
     SAVE_DIR="/tmp/soportefirmadigital"
     SAVE_FILE="$SAVE_DIR/$FILE"
     mkdir -p "$SAVE_DIR"
+    SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')"
 
     # Download file & show progress
     term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo