#!/bin/bash

HOSTNAME="sto-sparta-ise-3.cisco.com"
USERNAME="admin"
PASSWORD="Lab@12345"
APPSESSIONID=0
CSRFTOKEN=0
JWT_TOKEN=0
QPC=0

GREP="grep"
BASE64="base64"
if [[ "$OSTYPE" == "darwin"* ]]; then
  echo -e "Using g* tools because of course macOS"
  GREP="ggrep"
  BASE64="gbase64"
fi

# Get the CSRF token and APPSESSIONID
echo -e "Getting CSRF token and initial APPSESSIONID"
output=$(curl -c - -k -L -s --compressed --request POST \
  --url https://$HOSTNAME/admin/JavaScriptServlet \
  --header 'Accept: */*' \
  --header 'Accept-Encoding: gzip, deflate, br, zstd' \
  --header 'Accept-Language: en-US,en;q=0.5' \
  --header 'Connection: keep-alive' \
  --header 'Content-Length: 0' \
  --header 'DNT: 1' \
  --header 'FETCH-CSRF-TOKEN: 1' \
  --header 'Origin: CWILLIA5-M-WJ2C' \
  --header 'Sec-Fetch-Dest: empty' \
  --header 'Sec-GPC: 1' \
  --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0' 2>/dev/null )

CSRFTOKEN=$(echo $output | $GREP -oP '(?<=OWASP_CSRFTOKEN:)[^#]*')
APPSESSIONID=$(echo $output | awk '{print $NF}')
echo -e "CSRFTOKEN: $CSRFTOKEN"
echo -e "APPSESSIONID: $APPSESSIONID"

# Get the JWT token
echo -e "Logging in, getting JWT token and updating APPSESSIONID"
output=$(curl -k -c - --request POST \
  --cookie "APPSESSIONID=$APPSESSIONID" \
  --url https://$HOSTNAME/admin/LoginAction.do \
  --header 'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8' \
  --header 'Accept-Encoding: gzip, deflate, br, zstd' \
  --header 'Accept-Language: en-US,en;q=0.5' \
  --header 'Connection: keep-alive' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --header 'DNT: 1' \
  --header 'Priority: u=1' \
  --header 'Sec-Fetch-Dest: document' \
  --header 'Sec-Fetch-Mode: navigate' \
  --header 'Sec-Fetch-User: ?1' \
  --header 'Sec-GPC: 1' \
  --header 'Upgrade-Insecure-Requests: 1' \
  --header 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:126.0) Gecko/20100101 Firefox/126.0' \
  --data username=$USERNAME \
  --data password=$PASSWORD \
  --data samlLogin=false \
  --data rememberme=off \
  --data name=$USERNAME \
  --data password=$PASSWORD \
  --data authType=Internal \
  --data CSRFTokenNameValue=OWASP_CSRFTOKEN=$CSRFTOKEN \
  --data OWASP_CSRFTOKEN=$CSRFTOKEN \
  --data locale=en \
  --data hasSelectedLocale=false 2>/dev/null)

# APPSESSIONID Gets updated here so we need to reassign APPSESSIONID
APPSESSIONID=$(echo -e "$output" | awk '/APPSESSIONID/ {print $7}')
JWT_TOKEN=$(echo -e "$output" | awk '/MNTLA_JWT_TOKEN/ {print $7}')
echo -e "JWT_TOKEN: $JWT_TOKEN"