Apq
/
MoeClub-Note
镜像来自 https://github.com/MoeClub/Note.git


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899
							#!/bin/bash

[[ "$#" -ge "1" ]] || exit 1
CERT_URL="${1:-}"
CERT_PWD="${2:-}"
CERT_TMP="/tmp/MacOS"


# DO NOT EDIT
[[ -n "${CERT_URL}" ]] || exit 1
[[ "$(sudo whoami)" == "root" ]] || exit 1
CERT_PWD=`echo "${CERT_PWD}" |tr -d ' '`
USER_HOME=`echo "$HOME"`

[[ -e "${USER_HOME}/.cisco" ]] && rm -rf "${USER_HOME}/.cisco"
[[ -e "${USER_HOME}/.anyconnect" ]] && rm -rf "${USER_HOME}/.anyconnect"
[[ ! -d "/opt/cisco/anyconnect/profile" ]] && mkdir -p "/opt/cisco/anyconnect/profile" && chmod 777 "/opt/cisco/anyconnect"

cat >"${USER_HOME}/.anyconnect"<<EOF
<?xml version="1.0" encoding="UTF-8"?>
	<AnyConnectPreferences>
	<DefaultUser></DefaultUser>
	<DefaultSecondUser></DefaultSecondUser>
	<ClientCertificateThumbprint></ClientCertificateThumbprint>
	<MultipleClientCertificateThumbprints></MultipleClientCertificateThumbprints>
	<ServerCertificateThumbprint></ServerCertificateThumbprint>
	<DefaultHostName></DefaultHostName>
	<DefaultHostAddress></DefaultHostAddress>
	<DefaultGroup>Default</DefaultGroup>
	<ProxyHost></ProxyHost>
	<ProxyPort></ProxyPort>
	<SDITokenType>none</SDITokenType>
	<ControllablePreferences>
		<AutoConnectOnStart>true</AutoConnectOnStart>
		<LocalLanAccess>true</LocalLanAccess>
		<BlockUntrustedServers>false</BlockUntrustedServers>
		<DisableCaptivePortalDetection>true</DisableCaptivePortalDetection>
	</ControllablePreferences>
</AnyConnectPreferences>
EOF

chmod 777 "${USER_HOME}/.anyconnect"
cp -f "${USER_HOME}/.anyconnect" "/opt/cisco/anyconnect/.anyconnect_global"
chmod 777 "/opt/cisco/anyconnect/.anyconnect_global"

cat >"/opt/cisco/anyconnect/profile/profile.xml"<<EOF
<?xml version="1.0" encoding="UTF-8"?>
<AnyConnectProfile xmlns="http://schemas.xmlsoap.org/encoding/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://schemas.xmlsoap.org/encoding/ AnyConnectProfile.xsd">
	<ClientInitialization>
		<UseStartBeforeLogon UserControllable="false">false</UseStartBeforeLogon>
		<StrictCertificateTrust>false</StrictCertificateTrust>
		<RestrictPreferenceCaching>false</RestrictPreferenceCaching>
		<RestrictTunnelProtocols>false</RestrictTunnelProtocols>
		<BypassDownloader>true</BypassDownloader>
		<AutoUpdate>false</AutoUpdate>
		<CertificateStore>All</CertificateStore>
		<CertificateStoreMac>All</CertificateStoreMac>
		<CertificateStoreLinux>All</CertificateStoreLinux>
		<CertificateStoreOverride>true</CertificateStoreOverride>
		<AuthenticationTimeout>16</AuthenticationTimeout>
		<WindowsVPNEstablishment>AllowRemoteUsers</WindowsVPNEstablishment>
		<LinuxVPNEstablishment>AllowRemoteUsers</LinuxVPNEstablishment>
		<CertEnrollmentPin>pinAllowed</CertEnrollmentPin>
		<CertificateMatch>
			<KeyUsage>
				<MatchKey>Digital_Signature</MatchKey>
			</KeyUsage>
			<ExtendedKeyUsage>
				<ExtendedMatchKey>ClientAuth</ExtendedMatchKey>
			</ExtendedKeyUsage>
		</CertificateMatch>
	</ClientInitialization>
</AnyConnectProfile>
EOF
chmod 777 "/opt/cisco/anyconnect/profile/profile.xml"


[[ -f "${CERT_URL}" ]] && cp -f "${CERT_URL}" "${CERT_TMP}.p12" || curl -ksSL -H "User-Agent: wget/1.0" -o "${CERT_TMP}.p12" "${CERT_URL}"
if [[ -f "${CERT_TMP}.p12" ]]; then
  openssl pkcs12 -in "${CERT_TMP}.p12" -nodes -nokeys -nocerts -clcerts -cacerts -password pass:"${CERT_PWD}"
  [[ "$?" -ne "0" ]] && rm -rf "${CERT_TMP}.p12" && exit 1
  openssl pkcs12 -in "${CERT_TMP}.p12" -nodes -nokeys -clcerts -out "${CERT_TMP}_Cert.pem" -password pass:"${CERT_PWD}"
  openssl pkcs12 -in "${CERT_TMP}.p12" -nodes -nocerts -out "${CERT_TMP}_Key.pem" -password pass:"${CERT_PWD}"
  openssl pkcs12 -in "${CERT_TMP}.p12" -nodes -nokeys -cacerts -out "${CERT_TMP}_CA.pem" -password pass:"${CERT_PWD}"
  openssl pkcs12 -export -inkey "${CERT_TMP}_Key.pem" -in "${CERT_TMP}_Cert.pem" -certfile "${CERT_TMP}_CA.pem" -out "${CERT_TMP}_New.p12" -passout pass:NewCert
  security import "${CERT_TMP}_New.p12" -P "NewCert"
  if [[ "$?" -ne "0" ]]; then
    KEYCHAIN=`security login-keychain |cut -d'"' -f2`
    if [[ -n "${KEYCHAIN}" ]]; then
      security import "${CERT_TMP}_New.p12" -P "NewCert" -k "${KEYCHAIN}"
      [[ "$?" -ne "0" ]] && echo "Import Certificate Fail."
    else
      echo "Get login-keychain Fail."
    fi
  fi
  rm -rf "${CERT_TMP}.p12" "${CERT_TMP}_New.p12" "${CERT_TMP}_CA.pem" "${CERT_TMP}_Cert.pem" "${CERT_TMP}_Key.pem"
  exit 0
fi
exit 1