-
-
Save dlenski/4af7088320def44711845fc1bd4b9e35 to your computer and use it in GitHub Desktop.
| #!/bin/bash | |
| # | |
| # This script takes one or more x509 certificates in .PEM format (from | |
| # stdin or files listed on command line) and adds helpful "bag | |
| # attributes" before each certificate. This makes it easier for | |
| # humans to identify the contents of the bundle. | |
| # | |
| # Requires (g)awk and openssl's x509 command line utility. | |
| # | |
| # Output fields included can be specified via openssl-x509 options: | |
| # | |
| # subject= /C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA | |
| # issuer= /C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA | |
| # notBefore=Mar 8 12:00:00 2013 GMT | |
| # notAfter=Mar 8 12:00:00 2023 GMT | |
| # SHA256 Fingerprint=15:4C:43:3C:49:19:29:C5:EF:68:6E:83:8E:32:36:64:A0:0E:6A:0D:82:2C:CC:95:8F:B4:DA:B0:3E:49:A0:8F | |
| # -----BEGIN CERTIFICATE----- | |
| # ... | |
| # -----END CERTIFICATE----- | |
| awk -vZ="openssl x509 -subject -issuer -email -dates -sha256 -fingerprint" \ | |
| '/^-----BEGIN/{b=Z;x=1}x{print|b}/^-----END/{close(b);x=0;print""}' "$@" |
No idea what Papercut is, but I'm glad it's useful @ChicagoJay!
Wonderful !
Would you mind to explain what this awk script does, step by step ?
I've struggled to find this kind of commands online, but nothing came out.
So far I understand that you print everything between BEGIN and END and pipe it to b which has been set to Z.
Why ?
We couldn't use Z directly ?
What is the use of x=1 then x alone outside the {} ?
Thanks in advance,
Well I better understand the use of the x flag now (to print between everything between the two patterns).
What is the use of b=Z then close(b) ?
Explained like this, even if there is still a bit of magic in this :-)
-vZ="openssl x509 -subject -issuer -email -dates -sha256 -fingerprint"
store the openssl command into an awk variable named Z
'
start of the awk script
/^-----BEGIN/{b=Z;x=1}
when hitting a -----BEGIN CERTIFICATE----- line, set variables b and x
x{print|b}
now x==1 , print lines and pipe to openssl cmd stored in b
/^-----END/{close(b);x=0;print""}
when hitting a -----END CERTIFICATE----- line,
- close
b - reset x to 0, otherwise it will send non-certificate lines to the openssl command
- simply prints an empty line
'
end of the awk script
"$@"
pass all the args of the script to the awk command
or with "renaming"
awk \
--assign=OPENSSL_CMD="openssl x509 -subject -issuer -email -dates -sha256 -fingerprint" \
'/^-----BEGIN/{inside_cert=1} \
inside_cert{print|OPENSSL_CMD} \
/^-----END/{close(OPENSSL_CMD);inside_cert=0;}' \
"$@"
Bless you for this! Helped me solve a problem with Papercut! So simple, but so powerful!