#!/bin/sh

SSID="SSID-of-your-network"
IDENTITY="your.identity@domain"
CA_CERT="/mnt/us/path/to/cacert.pem"
CLIENT_CERT="/mnt/us/path/to/certificate.p12.crt"
PRIVATE_KEY="/mnt/us/path/to/private_key.p12.key"
PRIVATE_KEY_PASSWD="SomeSecretPassphrase"

while [[ `wpa_cli list_networks | wc -l` -lt 3 ]]; do
  echo "Waiting..."
  sleep 5
done

id="$(wpa_cli list_networks | grep $SSID | cut -f1)"

if [[ "x$id" != "x" ]]; then
  echo "Network already on the list."
  if [[ "x`wpa_cli list_networks | grep $SSID | grep CURRENT`" == "x" ]]; then
    if [[ `iwlist scan 2> /dev/null | grep $SSID | wc -l` -gt 0 ]]; then
      echo "Enabling..."
      wpa_cli select_network $id
    else
      echo "Not in range."
    fi
  else
    echo "Already connected."
  fi
  exit
fi

echo "Adding new network..."

id="$(wpa_cli add_network | sed -n '2p')"

wpa_cli <<EOF
set_network $id ssid "$SSID"
set_network $id key_mgmt WPA-EAP
set_network $id eap TLS
set_network $id identity "$IDENTITY"
set_network $id ca_cert "$CA_CERT"
set_network $id client_cert "$CLIENT_CERT"
set_network $id private_key "$PRIVATE_KEY"
set_network $id private_key_passwd "$PRIVATE_KEY_PASSWD"
enable_network $id
quit
EOF

if [[ `iwlist scan 2> /dev/null | grep $SSID | wc -l` -gt 0 ]]; then
  echo "Trying to connect..."
  wpa_cli select_network $id
fi

echo "..done"
