From 8116232b7d3965ae36e671bf0385dac108bd1ed5 Mon Sep 17 00:00:00 2001
From: Daniel von Obernitz <daniel.vonobernitz@uni-greifswald.de>
Date: Thu, 9 Jan 2025 11:12:59 +0100
Subject: [PATCH] Add script to setup easyroam on Ubuntu

---
 configure-eduroam-with-easyroam | 92 +++++++++++++++++++++++++++++++++
 1 file changed, 92 insertions(+)
 create mode 100755 configure-eduroam-with-easyroam

diff --git a/configure-eduroam-with-easyroam b/configure-eduroam-with-easyroam
new file mode 100755
index 0000000..82c85a1
--- /dev/null
+++ b/configure-eduroam-with-easyroam
@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# This script is generating an eduroam network configuration using NetworkManager.
+# At first, you have to generate an easyroam profile on https://www.easyroam.de/ that
+# is generating an pkcs12 file as input for this script.
+
+# Usage:   bash configure-eduroam-with-easyroam.sh <YOUR-PKCS12-File>
+
+set -e
+
+# check for nmcli
+
+if ! type nmcli >/dev/null 2>&1; then
+	echo ""
+	echo "ERROR: nmcli not found!" >&2
+	echo "This wizard assumes that your network connections are managed by NetworkManager." >&2
+	echo ""
+	exit 1
+fi
+
+# check for wifi device
+
+if ! nmcli -g TYPE,DEVICE device | grep wifi >/dev/null; then
+	echo ""
+	echo "ERROR: Unable to find any wifi device!" >&2
+	echo ""
+	exit 1
+fi
+
+# check input file
+
+if [ -z "$1" ]; then
+	echo ""
+	echo "Your pkcs12 file is missed as input parameter."
+	echo ""
+	exit 1
+else
+	InputFile="$1"
+fi
+
+# set openssl legacy options if necessary
+
+LegacyOption=
+OpenSSLversion=$(openssl version | awk '{print $2}' | sed -e 's/\..*$//')
+if [ "$OpenSSLversion" -eq "3" ]; then
+	LegacyOption="-legacy"
+fi
+
+# check pkcs12 file
+
+Pwd="pkcs12"
+
+if ! openssl pkcs12 -in "$InputFile" $LegacyOption -info -passin pass: -passout pass:"$Pwd" > /dev/null 2>&1; then
+	echo ""
+	echo "ERROR: The given input file does not seem to be a valid pkcs12 file."
+	echo ""
+	exit 1
+fi
+
+# configure parameters
+
+WLANName="eduroam"
+ConfDir="$HOME/.easyroam"
+[ -d "$ConfDir" ] || mkdir -p "$ConfDir"
+
+# extract key, cert, ca and identity
+
+openssl pkcs12 -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_client_cert.pem"
+openssl pkcs12 -in "$InputFile" $LegacyOption -nocerts -passin pass: -passout pass:"$Pwd" -out "$ConfDir/easyroam_client_key.pem"
+openssl pkcs12 -info -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_root_ca.pem" > /dev/null 2>&1
+Identity=$(openssl x509 -noout -in "$ConfDir/easyroam_client_cert.pem" -subject | awk -F \, '{print $1}' | sed -e 's/.*=//' -e 's/\s*//')
+
+# Remove existing connections
+
+nmcli connection show | \
+	awk '$1==c{ print $2 }' c="$WLANName" | \
+	xargs -rn1 nmcli connection delete uuid
+
+# Create new connection
+
+nmcli connection add \
+	type wifi \
+	con-name "$WLANName" \
+	ssid "$WLANName" \
+	-- \
+	wifi-sec.key-mgmt wpa-eap \
+	802-1x.eap tls \
+	802-1x.identity "$Identity" \
+	802-1x.ca-cert "$ConfDir/easyroam_root_ca.pem" \
+	802-1x.client-cert "$ConfDir/easyroam_client_cert.pem" \
+	802-1x.private-key-password "$Pwd" \
+	802-1x.private-key "$ConfDir/easyroam_client_key.pem"