93 lines
2.4 KiB
Bash
Executable File
93 lines
2.4 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# This script is generating an eduroam network configuration using NetworkManager.
|
|
# At first, you have to generate an easyroam profile on https://www.easyroam.de/ that
|
|
# is generating an pkcs12 file as input for this script.
|
|
|
|
# Usage: bash configure-eduroam-with-easyroam.sh <YOUR-PKCS12-File>
|
|
|
|
set -e
|
|
|
|
# check for nmcli
|
|
|
|
if ! type nmcli >/dev/null 2>&1; then
|
|
echo ""
|
|
echo "ERROR: nmcli not found!" >&2
|
|
echo "This wizard assumes that your network connections are managed by NetworkManager." >&2
|
|
echo ""
|
|
exit 1
|
|
fi
|
|
|
|
# check for wifi device
|
|
|
|
if ! nmcli -g TYPE,DEVICE device | grep wifi >/dev/null; then
|
|
echo ""
|
|
echo "ERROR: Unable to find any wifi device!" >&2
|
|
echo ""
|
|
exit 1
|
|
fi
|
|
|
|
# check input file
|
|
|
|
if [ -z "$1" ]; then
|
|
echo ""
|
|
echo "Your pkcs12 file is missed as input parameter."
|
|
echo ""
|
|
exit 1
|
|
else
|
|
InputFile="$1"
|
|
fi
|
|
|
|
# set openssl legacy options if necessary
|
|
|
|
LegacyOption=
|
|
OpenSSLversion=$(openssl version | awk '{print $2}' | sed -e 's/\..*$//')
|
|
if [ "$OpenSSLversion" -eq "3" ]; then
|
|
LegacyOption="-legacy"
|
|
fi
|
|
|
|
# check pkcs12 file
|
|
|
|
Pwd="pkcs12"
|
|
|
|
if ! openssl pkcs12 -in "$InputFile" $LegacyOption -info -passin pass: -passout pass:"$Pwd" > /dev/null 2>&1; then
|
|
echo ""
|
|
echo "ERROR: The given input file does not seem to be a valid pkcs12 file."
|
|
echo ""
|
|
exit 1
|
|
fi
|
|
|
|
# configure parameters
|
|
|
|
WLANName="eduroam"
|
|
ConfDir="$HOME/.easyroam"
|
|
[ -d "$ConfDir" ] || mkdir -p "$ConfDir"
|
|
|
|
# extract key, cert, ca and identity
|
|
|
|
openssl pkcs12 -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_client_cert.pem"
|
|
openssl pkcs12 -in "$InputFile" $LegacyOption -nocerts -passin pass: -passout pass:"$Pwd" -out "$ConfDir/easyroam_client_key.pem"
|
|
openssl pkcs12 -info -in "$InputFile" $LegacyOption -nokeys -passin pass: -out "$ConfDir/easyroam_root_ca.pem" > /dev/null 2>&1
|
|
Identity=$(openssl x509 -noout -in "$ConfDir/easyroam_client_cert.pem" -subject | awk -F \, '{print $1}' | sed -e 's/.*=//' -e 's/\s*//')
|
|
|
|
# Remove existing connections
|
|
|
|
nmcli connection show | \
|
|
awk '$1==c{ print $2 }' c="$WLANName" | \
|
|
xargs -rn1 nmcli connection delete uuid
|
|
|
|
# Create new connection
|
|
|
|
nmcli connection add \
|
|
type wifi \
|
|
con-name "$WLANName" \
|
|
ssid "$WLANName" \
|
|
-- \
|
|
wifi-sec.key-mgmt wpa-eap \
|
|
802-1x.eap tls \
|
|
802-1x.identity "$Identity" \
|
|
802-1x.ca-cert "$ConfDir/easyroam_root_ca.pem" \
|
|
802-1x.client-cert "$ConfDir/easyroam_client_cert.pem" \
|
|
802-1x.private-key-password "$Pwd" \
|
|
802-1x.private-key "$ConfDir/easyroam_client_key.pem"
|