csabavirag · January 28, 2019 19:58
diff --git a/generate_aw_authheader.sh b/generate_aw_authheader.sh
 #!/bin/bash
 # AirWatch/Workspace One API - certificate based authentication
 # 
 # Generate Auth header
 #
 # Configuration:
 # ==============
 # 
 # 1. Download the admin user certificate in p12 format from Workspace One 
 # 2. Convert the p12 file to pem and remove the password
 #
 # Example: 
 #   $ openssl pkcs12 -in $CERT_P12 -out $CERT_PEM -nodes
 #   Enter Import Password:
 #   MAC verified OK
 
 # Usage:
 # ======
 #
 # call the script with the URL as parameter to get the Authorization header value
 # 
 # eg. generate_aw_authheader.sh https://cnxxx.awmdm.com/api/system/info


 # Integrate the script with eg. curl
 #
 # $export url="https://cnxxx.awmdm.com/api/system/info"
 # $export tenantcode="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 # $curl $url -H "Accept: application/json" -H "Authorization: $(./generate_aw_authheader.sh $url)" -H "aw-tenant-code: $tenantcode"

 PREFIX="CMSURL\`1"

 url="$@"

 [ "$url" == "" ] && { echo "Usage: $0 url"; exit 1; }

 ## Split to hostname and path ##
 HOST="$(echo $url | awk -F/ '{ print $3}')"
 UPATH="/"$(echo $url | grep / | cut -d/ -f4-)

 ## Set the certificate ##
 case $HOST in
    xx1.awmdm.com) 
       CERT_PEM="cert1.pem";;
    xx2.awmdm.com)
       CERT_PEM="cert2.pem";;
    *) 
       echo "No certificate is found for $HOST";
       exit 1;;
 esac


 SIGNATURE="$(echo -n $UPATH | openssl cms -sign -signer $CERT_PEM -binary -outform der |base64)"

 echo $PREFIX" "$SIGNATURE
	#!/bin/bash
	# AirWatch/Workspace One API - certificate based authentication
	#
	# Generate Auth header
	#
	# Configuration:
	# ==============
	#
	# 1. Download the admin user certificate in p12 format from Workspace One
	# 2. Convert the p12 file to pem and remove the password
	#
	# Example:
	# $ openssl pkcs12 -in $CERT_P12 -out $CERT_PEM -nodes
	# Enter Import Password:
	# MAC verified OK

	# Usage:
	# ======
	#
	# call the script with the URL as parameter to get the Authorization header value
	#
	# eg. generate_aw_authheader.sh https://cnxxx.awmdm.com/api/system/info


	# Integrate the script with eg. curl
	#
	# $export url="https://cnxxx.awmdm.com/api/system/info"
	# $export tenantcode="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
	# $curl $url -H "Accept: application/json" -H "Authorization: $(./generate_aw_authheader.sh $url)" -H "aw-tenant-code: $tenantcode"

	PREFIX="CMSURL\`1"

	url="$@"

	[ "$url" == "" ] && { echo "Usage: $0 url"; exit 1; }

	## Split to hostname and path ##
	HOST="$(echo $url \| awk -F/ '{ print $3}')"
	UPATH="/"$(echo $url \| grep / \| cut -d/ -f4-)

	## Set the certificate ##
	case $HOST in
	xx1.awmdm.com)
	CERT_PEM="cert1.pem";;
	xx2.awmdm.com)
	CERT_PEM="cert2.pem";;
	*)
	echo "No certificate is found for $HOST";
	exit 1;;
	esac


	SIGNATURE="$(echo -n $UPATH \| openssl cms -sign -signer $CERT_PEM -binary -outform der \|base64)"

	echo $PREFIX" "$SIGNATURE