-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathSSLVPNAuth.sh
120 lines (102 loc) · 3.46 KB
/
SSLVPNAuth.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#!/bin/bash
# Configuration file path
CONFIG_FILE="$HOME/.vpn_config"
KEYCHAIN_NAME="VPNAuth"
# Colors for output
GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# Function to get value from keychain
get_from_keychain() {
local key=$1
security find-generic-password -a "$USER" -s "${KEYCHAIN_NAME}_${key}" -w 2>/dev/null
}
# Function to save value to keychain
save_to_keychain() {
local key=$1
local value=$2
security add-generic-password -a "$USER" -s "${KEYCHAIN_NAME}_${key}" -w "$value" 2>/dev/null
}
# Function to get stored credentials
get_stored_credentials() {
if [ -f "$CONFIG_FILE" ]; then
username=$(get_from_keychain "username")
vpn_auth=$(get_from_keychain "vpnauth")
base_uri=$(get_from_keychain "uri")
if [ -n "$username" ] && [ -n "$vpn_auth" ] && [ -n "$base_uri" ]; then
return 0
fi
fi
return 1
}
# Function to save credentials
save_credentials() {
local username=$1
local vpn_auth=$2
local base_uri=$3
save_to_keychain "username" "$username"
save_to_keychain "vpnauth" "$vpn_auth"
save_to_keychain "uri" "$base_uri"
touch "$CONFIG_FILE"
echo -e "${GREEN}Credentials saved securely to Keychain${NC}"
}
# Function to create SHA256 hash
create_hash() {
local input=$1
printf "%s" "$input" | shasum -a 256 | cut -d' ' -f1
}
# Function to make HTTP request
make_request() {
local uri=$1
local vpn_auth=$2
response=$(curl -4 -s -w "\n%{http_code}" "$uri" -H "VPNAuth: $vpn_auth")
http_code=$(echo "$response" | tail -n1)
content=$(echo "$response" | sed '$d')
case $http_code in
200)
echo -e "${GREEN}Success! Please wait up to 2 minutes before connecting to the SSLVPN. Your session will be valid for 8 hours.${NC}"
;;
401)
echo -e "${RED}Authentication failed. Invalid pre-shared key.${NC}"
;;
429)
echo -e "${YELLOW}Rate limit exceeded. Try again in 8 hours.${NC}"
;;
404)
echo -e "${RED}Invalid username hash or key not found.${NC}"
;;
500)
echo -e "${RED}Server error occurred. Details:${NC}"
echo -e "${RED}URI: $uri${NC}"
echo -e "${RED}Response: $content${NC}"
;;
*)
echo -e "${RED}Error occurred: HTTP $http_code${NC}"
echo -e "${RED}Response: $content${NC}"
;;
esac
}
# Main script
if get_stored_credentials; then
read -p "Found stored credentials. Use them? (Y/N): " use_stored
if [ "${use_stored:0:1}" = "Y" ] || [ "${use_stored:0:1}" = "y" ]; then
username=$(get_from_keychain "username")
vpn_auth=$(get_from_keychain "vpnauth")
base_uri=$(get_from_keychain "uri")
fi
fi
if [ -z "$username" ] || [ -z "$vpn_auth" ] || [ -z "$base_uri" ]; then
read -p "Enter username: " userentered
username=$(echo ${userentered} | tr '[:upper:]' '[:lower:]')
read -p "Enter pre-shared key: " vpn_auth
read -p "Enter base URL (e.g., https://vpn-auth.organization.workers.dev): " base_uri
read -p "Save credentials for future use? (Y/N): " save_creds
if [ "${save_creds:0:1}" = "Y" ] || [ "${save_creds:0:1}" = "y" ]; then
save_credentials "$username" "$vpn_auth" "$base_uri"
fi
fi
# Create hash and make request
hash=$(create_hash "$username")
uri="${base_uri}/${hash}"
make_request "$uri" "$vpn_auth"