#!/bin/sh
#
# Script which uses openssl to encrypt Paypal buy buttons and other
# transactions.
#
# Copyright 2005 by Gray Watson
#
# Permission to use, copy, modify, and distribute this software for
# any purpose and without fee is hereby granted, provided that the
# above copyright notice and this permission notice appear in all
# copies, and that the name of Gray Watson not be used in advertising
# or publicity pertaining to distribution of the document or software
# without specific, written prior permission.
#
# Gray Watson makes no representations about the suitability of the
# software described herein for any purpose.  It is provided "as is"
# without express or implied warranty.
#
# The author may be contacted via http://256.com/gray/
# More details: http://256.com/gray/docs/paypal_encrypt/
#

# Private key file to use which should match MY_CERT
MY_KEY_FILE=sample_key.pem
# Public certificate that was uploaded to my Paypal
# Profile > Website-Certificate page.  Should match MY_CERT_ID
MY_CERT_FILE=sample_cert.pem

# Paypal's public certificate that they publish on the Profile >
# Website-Certificate page.  Default is to use the sandbox cert.
PAYPAL_CERT_FILE=paypal_sandbox_cert.pem

# File that holds extra parameters for the paypal transaction.
MY_PARAM_FILE=params.txt

# path to the openssl binary
#OPENSSL=/usr/bin/openssl
OPENSSL=/usr/local/bin/openssl

###############################################################################

# start of our webpage
cat <<EOF
<html>
<head><title> Sample.html </title></head>
<body>
<h1>Donate</h1>
<!-- We are using the sandbox here for testing -->
<form action="https://www.sandbox.paypal.com/cgi-bin/webscr" method="post">
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="encrypted" value="
EOF

###############################################################################

# Send arguments into the openssl commands needed to do the sign,
# encrypt, s/mime magic commands.  This works under FreeBSD with
# OpenSSL '0.9.7e 25 Oct 2004' but segfaults with '0.9.7d 17 Mar
# 2004'.  It also works under OpenBSD with OpenSSL '0.9.7c 30 Sep
# 2003'.
#
sed -e '/^#/d' -e '/^$/d' < $MY_PARAM_FILE | \
    $OPENSSL smime -sign -signer $MY_CERT_FILE -inkey $MY_KEY_FILE \
	-outform der -nodetach -binary | \
    $OPENSSL smime -encrypt -des3 -binary -outform pem $PAYPAL_CERT_FILE

###############################################################################

# now finish our html
cat <<EOF
" />
<input type="submit" value="Donate US\$10" />
</form>

</body>
</html>
EOF