#!/bin/sh # TODO: # - Alguna manera de buscar el lenguaje del sistema para pasarlo en set_lang # - Extraer fichero y automatizar el proceso de instalación descrito en: # https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ set_lang() { # See: /var/lib/AccountsService/users/ SLANG="$(sed '/^ *#/d;/^ *$/d;s/^.*="//g;s/_.*//g' /etc/default/locale | head -n 1)" [ -z "$SLANG" ] && SLANG="es" if [ "$SLANG" = "es" ] ; then TITLE="Instalador firma digital" PROMPT_WELCOME="Bienvenido al asistente de instalación de certificados para firma digial." PROMPT_FILE="Seleccione el fichero que corresponde a su sistema operativo." PROMPT_DEPS="Instalando dependencias." FILENAME="Archivo" FILEDESC="Sistema" PROMPT_SERIAL="Ingrese el número serial impreso al reverso de la tarjeta." PROMPT_ERR_SERIAL="Error al obtener el número serial de la tarjeta, abortando." PROMPT_ERR_DOWNLOAD="Error al descargar el fichero desde Centro de Soporte Firma Digital, abortando." PROMPT_DIR_FILE="A continuación, deberá seleccionar la carpeta donde quiere que se descargue y se extraigan los contenidos del fichero seleccionado" PROMPT_ERR_DIR_FILE="Error al seleccionar la carpeta de descarga para el fichero, abortando." PROMPT_DOWNLOAD="Descargando $FILE desde Centro de Soporte Firma Digital..." PROMPT_ERR_DOWN_FILE="Error al descargar el fichero, abortando." SUDO_DEB_BROWSER="Ingrese la contraseña de la computadora para instalar Firefox desde mozilla." SUDO_DEB_DEPS="Ingrese la contraseña de la computadora para instalar las dependencias." SUDO_DEB_CERTS="Ingrese la contraseña de la computadora para instalar los certificados." elif [ "$SLANG" = "en" ] ; then TITLE="Digital signature installer" PROMPT_WELCOME="Welcome to the digital signing certificate installation wizard." PROMPT_FILE="Select the file that corresponds to your operating system." PROMPT_DEPS="Installing dependencies." FILENAME="File" FILEDESC="System" PROMPT_SERIAL="Enter the serial number printed on the back of the card." PROMPT_ERR_SERIAL="Error obtaining the card serial number, aborting." PROMPT_ERR_DOWNLOAD="Error downloading the file from the Digital Signature Support Center, aborting." PROMPT_DIR_FILE="Next, you must select the folder where you want the contents of the selected file to be downloaded and extracted" PROMPT_ERR_DIR_FILE="Error selecting the download folder for the file, aborting." PROMPT_DOWNLOAD="Downloading $FILE from the Digital Signature Support Center..." PROMPT_ERR_DOWN_FILE="Error downloading file, aborting." SUDO_DEB_BROWSER="Enter the computer password to install Firefox from mozilla." SUDO_DEB_DEPS="Enter the computer password to install dependencies." SUDO_DEB_CERTS="Enter the computer password to install certificates." elif [ "$SLANG" = "fr" ] ; then TITLE="Installation de signature" TITLE="Installateur de signature" PROMPT_WELCOME="Bienvenue dans l'assistant d'installation du certificat de signature." PROMPT_FILE="Sélectionnez le fichier qui correspond à votre système d'exploitation." PROMPT_DEPS="Installation des dépendances." FILENAME="Fichier" FILEDESC="Système" PROMPT_SERIAL="Entrez le numéro de série imprimé au dos de la carte." PROMPT_ERR_SERIAL="Erreur d'obtention du numéro de série de la carte, abandon." PROMPT_ERR_DOWNLOAD="Erreur lors du téléchargement du fichier depuis le Centre de support des signatures numériques, abandon." PROMPT_DIR_FILE="Ensuite, vous devez sélectionner le dossier dans lequel vous souhaitez que le contenu du fichier sélectionné soit téléchargé et extrait" PROMPT_ERR_DIR_FILE="Erreur lors de la sélection du dossier de téléchargement du fichier, abandon." PROMPT_DOWNLOAD="Téléchargement de $FILE depuis le Centre de support des signatures numériques..." PROMPT_ERR_DOWN_FILE="Erreur de téléchargement du fichier, abandon." SUDO_DEB_BROWSER="Entrez le mot de passe de l'ordinateur pour installer Firefox depuis mozilla." SUDO_DEB_DEPS="Entrez le mot de passe de l'ordinateur pour installer les dépendances." SUDO_DEB_CERTS="Entrez le mot de passe de l'ordinateur pour installer les certificats." fi } set_file() { # Linux for os in /etc/os-release /usr/lib/os-release; do [ -f $os ] && . $os && break [ "$ID" = "debian" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 10) print $1}')" [ "$ID" = "ubuntu" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 18.04) print $1}')" [ "$ID" = "fedora" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 >= 34) print $1}')" [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 7) print $1}')" [ "$ID" = "centos" ] && ID="$(printf '%s %s' "$ID" "$VERSION_ID" | awk '{if ($2 = 9) print "fedora"}')" done # MacOS if v=/System/Library/CoreServices/SystemVersion.plist; [ -f "$v" ]; then temp= while read -r line; do case $line in *ProductVersion*) temp=.;; *) [ "$temp" ] || continue VERSION_ID=${line#*>} break esac done < "$v" ID="$(printf '%s' "$VERSION_ID" | awk '{if ($1 >= 10.14) print "macos"}')" fi [ "$ID" = "debian" -o "$ID" = "ubuntu" ] && FILE="ClientesLinux_DEB64_Rev25.zip" [ "$ID" = "fedora" ] && FILE="ClientesLinux_RPM64_Rev24.zip" [ "$ID" = "centos" ] && FILE="ClientesLinux_CentOS7_Rev6.zip" [ "$ID" = "macos" ] && FILE="ClientesMac_rev34.zip" } urlencode() { ENCODEDURL="$(curl -Gs -w %{url_effective} --data-urlencode @- ./ ||: )" printf '%s' "$ENCODEDURL" | sed 's/%0[aA]$//;s/^.*[?]//' } get_asp_var() { i=0 for VAR in __VIEWSTATE __VIEWSTATEGENERATOR __EVENTVALIDATION ; do VAL="$(printf '%s' "$RESPONSE" | grep "id=\"$VAR\"" | cut -d '"' -f 8 | urlencode)" [ "$i" != 0 ] && printf '&' printf '%s=%s' "$VAR" "$VAL" i=+1 done } download_iso() { hiddenISO="$1" SN="$2" URL="https://soportefirmadigital.com/sfdj/dl.aspx" RESPONSE="$(curl -s --compressed "$URL" -o -)" ASP_VARS="$(get_asp_var)" curl -s --compressed "$URL" --data-raw "$ASP_VARS" \ --data-raw "__EVENTTARGET=ctl00%24certContents%24LinkButton3" \ --data-raw "ctl00%24certContents%24hiddenISO=$hiddenISO" \ --data-raw "ctl00%24certContents%24txtSerialNumber=$SN" \ --data-raw "ctl00%24certContents%24chkConfirmo=on" \ -o - } get_pass() { # @@@ Add kdialog MENU="$1" TITLE="$2" if [ "$MENU" = "zenity" ] ; then zenity --title "$TITLE" --password else echo fi } install_deps() { # @@@ Support other distros MENU="$1" if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then echo elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then if [ "$DEB_BROWSER" = "yes" ] ; then # Source: https://support.mozilla.org/en-US/kb/install-firefox-linux get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' snap remove --purge firefox apt remove --purge -y firefox install -d -m 0755 /etc/apt/keyrings printf "deb [signed-by=/etc/apt/keyrings/packages.mozilla.org.asc] https://packages.mozilla.org/apt mozilla main" | tee /etc/apt/sources.list.d/mozilla.list > /dev/null wget -qO - https://packages.mozilla.org/apt/repo-signing-key.gpg | tee /etc/apt/keyrings/packages.mozilla.org.asc > /dev/null printf "Package: *\nPin: origin packages.mozilla.org\nPin-Priority: 1000" | tee /etc/apt/preferences.d/mozilla apt-get update apt-get install -y firefox firefox-l10n-es-* ' fi # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' apt install -y p11-kit pcscd binutils bubblewrap icedtea-netx systemctl enable --now pcscd.socket ' elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then echo elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then echo fi } config_deb_idpclientdb() { mkdir -p /etc/Athena/ echo " 3BDC00FF8091FE1FC38073C821106600000000000000 FFFF00FFF0FFFFFFFFFFFFFFFFF0FF00000000000000 3BEA00008131FE450031C173C840000090007A FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF " | tee /etc/Athena/IDPClientDB.xml } config_deb_update_symlinks() { echo "#!/bin/sh FIREFOX_LIB=/usr/lib/firefox/libnssckbi.so FIREFOX_ESR_LIB=/usr/lib/firefox-esr/libnssckbi.so THUNDERBIRD_LIB=/usr/lib/thunderbird/libnssckbi.so NSS_LIB=/usr/lib/x86_64-linux-gnu/nss/libnssckbi.so if [ -e \"\$FIREFOX_LIB\" ] then if ! [ -L \"\$FIREFOX_LIB\" ] then echo \"Firefox libnssckbi.so is not a symlink. Fixing...\" mv -f \"\$FIREFOX_LIB\" \"\$FIREFOX_LIB\".bak ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_LIB\" fi fi if [ -e \"\$FIREFOX_ESR_LIB\" ] then if ! [ -L \"\$FIREFOX_ESR_LIB\" ] then echo \"Firefox ESR libnssckbi.so is not a symlink. Fixing...\" mv -f \"\$FIREFOX_ESR_LIB\" \"\$FIREFOX_ESR_LIB\".bak ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$FIREFOX_ESR_LIB\" fi fi if [ -e \"\$THUNDERBIRD_LIB\" ] then if ! [ -L \"\$THUNDERBIRD_LIB\" ] then echo \"Thunderbird libnssckbi.so is not a symlink. Fixing...\" mv -f \"\$THUNDERBIRD_LIB\" \"\$THUNDERBIRD_LIB\".bak ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$THUNDERBIRD_LIB\" fi fi if [ -e \"\$NSS_LIB\" ] then if ! [ -L \"\$NSS_LIB\" ] then echo \"NSS libnssckbi.so is not a symlink. Fixing...\" mv -f \"\$NSS_LIB\" \"\$NSS_LIB\".bak ln -s /usr/lib/x86_64-linux-gnu/p11-kit-proxy.so \"\$NSS_LIB\" fi fi" | tee /usr/local/sbin/update-p11-kit-symlinks chmod +x /usr/local/sbin/update-p11-kit-symlinks } config_deb_systemd_p11_update() { echo "[Unit] Description=mantenimiento de enlaces a p11-kit-proxy [Service] Type=oneshot ExecStart=/usr/local/sbin/update-p11-kit-symlinks [Install] WantedBy=multi-user.target" | tee /etc/systemd/system/p11-kit-proxy-updater.service systemctl enable --now p11-kit-proxy-updater.service } install_certs() { # @@@ !!! Doesn't work, $SAVE_DIR not found, copies / to /usr/local/share/ca-certificates/ MENU="$1" if [ "$FILE" = "ClientesMac_rev34.zip" ] ; then echo elif [ "$FILE" = "ClientesLinux_DEB64_Rev25.zip" ] ; then # Source: https://fran.cr/instalar-firma-digital-costa-rica-gnu-linux-ubuntu-debian/ get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' for cert in "$(find "$SAVE_DIR" -name "Certificados")"/* ; do cp "$cert" /usr/local/share/ca-certificates/"${cert%%.cer}.crt" ; done for file in /usr/local/share/ca-certificates/*.crt do openssl x509 -inform DER -in "$file" -out "$file.tmp" 2> /dev/null ; done for file in /usr/local/share/ca-certificates/* do [ ! -s "$file" ] && rm -f "$file" ; done for i in /usr/local/share/ca-certificates/*.tmp do mv "$i" "${i%%.tmp}" ; done update-ca-certificates --fresh ' ar p "$(find "$SAVE_DIR" -name "idprotectclient_7.24.02-0_amd64.deb")" data.tar.gz | tar zx "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so get_pass "$MENU" "$TITLE" | sudo -Sk sh -c ' cp -p "$SAVE_DIR"/usr/lib/x64-athena/libASEP11.so /usr/lib/x86_64-linux-gnu/ mkdir -p /usr/lib/x64-athena/ ; mkdir -p /Firma_Digital/LIBRERIAS/ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/x64-athena/ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/lib/ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /usr/local/lib/ ln -s /usr/lib/x86_64-linux-gnu/libASEP11.so /Firma_Digital/LIBRERIAS/ ln -s /usr/local/share/ca-certificates /Firma_Digital/CERTIFICADOS config_deb_idpclientdb config_deb_update_symlinks config_deb_systemd_p11_update mkdir -p /etc/pkcs11/modules/ echo "disable-in:" | tee /etc/pkcs11/modules/p11-kit-trust.module ' elif [ "$FILE" = "ClientesLinux_CentOS7_Rev6" ] ; then echo elif [ "$FILE" = "ClientesLinux_RPM64_Rev24" ] ; then echo fi } term_prompt() { TITLE="$1" ; PROMPT="$2" ; MODE="$3" ; LIST="$4" if [ "$MODE" = "info" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s ENTER' "$TITLE" "$PROMPT" ; fi if [ "$MODE" = "entry" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s\n -> ' "$TITLE" "$PROMPT" ; fi if [ "$MODE" = "list" ] ; then printf '\n\033[1m\033[34m=== %s ===\033[0m\n%s (1, 2, 3, ...)\n%s\n -> ' "$TITLE" "$PROMPT" "$LIST" ; fi if [ "$MODE" = "error" ] ; then printf '\n\033[1m\033[31m=== %s ===\033[0m\n%s\n' "$TITLE" "$PROMPT" ; fi } # main set_lang if [ -e "/bin/zenity" ] ; then MENU="zenity" # Welcome zenity --title "$TITLE" --text "$PROMPT_WELCOME" --info set_file # Select file to be downloaded if os can't be determined [ -z "$FILE" ] && FILE="$(zenity --title "$TITLE" --text "$PROMPT_FILE" --list \ --column "$FILENAME" --column "$FILEDESC" \ "ClientesMac_rev34.zip" "macOSX 10.14 o superior" \ "ClientesLinux_DEB64_Rev25.zip" "Ubuntu 18.04 LTS o superior, Debian 10" \ "ClientesLinux_CentOS7_Rev6.zip" "CentOS 7" \ "ClientesLinux_RPM64_Rev24.zip" "Fedora 34 o superior, CentOS Stream 9" \ --print-column=1)" install_deps "$MENU" | zenity --title "$TITLE" --text "$PROMPT_DEPS" --progress --pulsate --auto-close # Ask for serial number SERIAL="$(zenity --title "$TITLE" --text "$PROMPT_SERIAL" --entry)" [ -z "$SERIAL" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_SERIAL" --error && exit 1 # Generate tempkey & Define DOWNLOAD_URL TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')" [ -z "$TEMPKEY" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1 DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY" # Define where to save file zenity --title "$TITLE" --text "$PROMPT_DIR_FILE" --info SAVE_DIR="$(zenity --file-selection --directory)" [ -z "$SAVE_DIR" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DIR_FILE" --error && exit 1 SAVE_FILE="$SAVE_DIR/$FILE" # Download file & show progress SIZE="$(curl -sI "$DOWNLOAD_URL" | sed '/[Cc]ontent-[Ll]ength/!d;s/^.*: //g' | awk '{$1/=1024;printf "%d",$1}')" (curl "$DOWNLOAD_URL" -o "$SAVE_FILE") & while true ; do DOWN="$(du "$SAVE_FILE" 2>/dev/null | awk '{print $1}')" ; [ -z "$DOWN" ] && DOWN=0 r=$(((DOWN*10000)/SIZE)) printf '%d\n' ${r%??} sleep 0.5 done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --auto-close while true ; do ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')" [ -z "$ACTIVE" ] && break sleep 0.5 done | zenity --title "$TITLE" --text "$PROMPT_DOWNLOAD" --progress --pulsate --auto-close ACTIVE="$(ps aux | grep 'curl.*soportefirmadigital' | sed '/grep/d')" [ -n "$ACTIVE" ] && zenity --title "$TITLE" --text "$PROMPT_ERR_DOWNLOAD" --error && exit 1 install_certs "$MENU" else # Welcome term_prompt "$TITLE" "$PROMPT_WELCOME" info && read -r NULL # Select file to be downloaded LIST="$(printf '\033[4m1\033[0m - ClientesMac_rev34.zip | macOSX 10.14 o superior \033[4m2\033[0m - ClientesLinux_DEB64_Rev25.zip | Ubuntu 18.04 LTS o superior, Debian 10 \033[4m3\033[0m - ClientesLinux_CentOS7_Rev6.zip | CentOS 7 \033[4m4\033[0m - ClientesLinux_RPM64_Rev24.zip | Fedora 34 o superior, CentOS Stream 9')" term_prompt "$TITLE" "$PROMPT_FILE" list "$LIST" && read -r FILE [ "$FILE" = "1" ] && FILE="ClientesMac_rev34.zip" [ "$FILE" = "2" ] && FILE="ClientesLinux_DEB64_Rev25.zip" [ "$FILE" = "3" ] && FILE="ClientesLinux_CentOS7_Rev6.zip" [ "$FILE" = "4" ] && FILE="ClientesLinux_RPM64_Rev24.zip" # Ask for serial number term_prompt "$TITLE" "$PROMPT_SERIAL" entry && read -r SERIAL [ -z "$SERIAL" ] && term_prompt "$TITLE" "$PROMPT_ERR_SERIAL" error && exit 1 # Generate tempkey & Define DOWNLOAD_URL TEMPKEY="$(download_iso "$FILE" "$SERIAL" | sed '/tempkey/!d;s/.*tempkey=//g;s/".*$//g')" [ -z "$TEMPKEY" ] && term_prompt "$TITLE" "$PROMPT_ERR_DOWNLOAD" error && exit 1 DOWNLOAD_URL="https://soportefirmadigital.com/sfdj/getiso.aspx?tempkey=$TEMPKEY" # Define where to save file mkdir -p "$HOME/Library/Caches/TemporaryItems/instalador-firma-digital" SAVE_FILE="$HOME/Library/Caches/TemporaryItems/instalador-firma-digital/$FILE" # Download file & show progress term_prompt "$TITLE" "$PROMPT_DOWNLOAD" info && echo curl "$DOWNLOAD_URL" -o "$SAVE_FILE" --progress-bar fi