forked from miloops/Bravo
-
Notifications
You must be signed in to change notification settings - Fork 1
/
wsaa-client.sh
189 lines (184 loc) · 4.7 KB
/
wsaa-client.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
#!/bin/bash
# FUNCTION: Bash script to get a TA from WSAA
# AUTHOR: Gerardo Fisanotti - AFIP/SDG-SI/DIITEC/DEARIN - 15-nov-2010
# Dependencies: curl, openssl >= 1.0, xmllint
#
# Modify following definitions according to your environment:
#
# URL=https://wsaahomo.afip.gov.ar/ws/services/LoginCms # WSAA URL
# KEY=spec/fixtures/pkey # file containing the private key in PEM format
# CRT=spec/fixtures/cert.crt # file containing the X.509 certificate in PEM format
TAFN="TA.xml" # file name of the output file
# modify next line if you need a proxy to get to the Internet or comment it out
# if you don't need a proxy
# export https_proxy="http://10.20.152.112:80"
#
# No further modifications should be needed below this line
#==============================================================================
function MakeTRA()
#
# Generate the XML containing the Access Ticket Request (TRA)
#
{
# FROM=$(date -j -f "%a %b %d %T %Z %Y" "`date -v0H -v0M -v0S`" "+%s")
# TO=$(date -j -f "%a %b %d %T %Z %Y" "`date -v23H -v59M -v59S`" "+%s")
FROM=$(date "+%Y-%m-%dT00:00:00-03:00")
TO=$(date "+%Y-%m-%dT23:59:59-03:00")
ID=$(date "+%s")
TRA=$(cat <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<loginTicketRequest version="1.0">
<header>
<uniqueId>$ID</uniqueId>
<generationTime>$FROM</generationTime>
<expirationTime>$TO</expirationTime>
</header>
<service>wsfe</service>
</loginTicketRequest>
EOF
)
}
#------------------------------------------------------------------------------
function MakeCMS()
#
# Generate de CMS container (TRA + sign + certificate)
#
{
CMS=$(
echo "$TRA" |
openssl cms -sign -in /dev/stdin -signer $CRT -inkey $KEY -nodetach \
-outform der |
openssl base64 -e
)
}
#------------------------------------------------------------------------------
function MakeSOAPrequest()
#
# Generate the SOAP request XML
#
{
REQUEST=$(cat <<EOF
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="http://wsaa.view.sua.dvadac.desein.afip.gov">
<SOAP-ENV:Body>
<ns1:loginCms>
<ns1:in0>
$CMS
</ns1:in0>
</ns1:loginCms>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
EOF
)
}
#------------------------------------------------------------------------------
function CallWSAA()
#
# Invoke WSAA sending SOAP request XML to LoginCMS method
#
{
RESPONSE=$(
echo "$REQUEST" |
curl -k -H 'Content-Type: application/soap+xml; action=""' -d @- $URL
)
echo "$REQUEST"
}
#------------------------------------------------------------------------------
function ParseTA()
#
# Try to parse the results obtained from WSAA
#
{
TOKEN=$(
echo "$RESPONSE" |
grep token |
sed -e 's/<token>//' |
sed -e 's/<\/token>//' |
sed -e 's/ //g'
)
SIGN=$(
echo "$RESPONSE" |
grep sign |
sed -e 's/<sign>//' |
sed -e 's/<\/sign>//' |
sed -e 's/ //g'
)
# If we did not get TOKEN, then it was a SOAP Fault, show the error message
# and exit
#
if [ "$TOKEN" == "" ]
then
echo "ERROR: "
ERROR=$(
echo "$RESPONSE" |
xmllint --format - |
grep faultstring |
xargs
)
echo $ERROR
#exit 1
fi
}
#------------------------------------------------------------------------------
function WriteTA()
#
# Write the token and sign to the output file
#
{
cat <<EOF > $TAFN
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<loginTicketResponse version="1">
<credentials>
<token>$TOKEN</token>
<sign>$SIGN</sign>
</credentials>
</loginTicketResponse>
EOF
}
function WriteYAML()
{
cat <<EOF > $DATAFILE
token: '$TOKEN'
sign: '$SIGN'
EOF
if [ "$TOKEN" == "" ]
then
cat <<EOF >> $DATAFILE
error: '$ERROR'
EOF
fi
}
#------------------------------------------------------------------------------
#
# MAIN program
#
# If we were invoked with a service name in arg #1, use it
#[ $# -eq 1 ] && SERVICE=$1
# otherwise, ask for it
#[ $# -eq 0 ] && read -p "Service name: " SERVICE
# Parse commandline arguments
while getopts 'k:u:c:a:' OPTION
do
case $OPTION in
c) CRT=$OPTARG
;;
k) KEY=$OPTARG
;;
u) URL=$OPTARG
;;
a) DATAFILE=$OPTARG
;;
esac
done
echo "Using output file $DATAFILE"
shift $(($OPTIND - 1))
MakeTRA # Generate TRA
MakeCMS # Generate CMS (TRA + signature + certificate)
MakeSOAPrequest # Generate the SOAP request XML
CallWSAA # Invoke WSAA sending SOAP request
ParseTA # Parse the WSAA SOAP response, extract Token and Sign
# WriteTA # Write an abbreviated TA.xml with Token and Sign only
WriteYAML
echo "Access Ticket acquired, written to: $TAFN" # Inform success and exit
echo $REQUEST
echo $TRA