This shell script gets the public key in DER format for a given host and port and returns the publicKey Hashes in the TrustKit Format

getPublicKeyHashes.sh

# Prequisites: (Tested on Mac only)
# 1. Install openssl
# 2. Install python
# 3. Clone the trustkit repository 
# 4. cd into the trustkit repository and create the getPublicKeyHashes.sh file in there

if [ -z "$1" ]
  then
    echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443"
elif [ -z "$2" ]
  then
    echo "Please provide a hostname and port. E.g ./getPublicKeyHashes.sh google.com 443"
else
    openssl s_client -showcerts -connect $1:$2 < /dev/null | openssl x509 -outform DER > $1.der
    python get_pin_from_certificate.py --type DER $1.der
fi

# Sample output:
# ➜  TrustKit git:(master) ✗ ./getPublicKeyHashes.sh google.com 443
# depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
# verify error:num=20:unable to get local issuer certificate
# verify return:0
# poll error
# CERTIFICATE INFO
# ----------------
# subject= /C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
# issuer= /C=US/O=Google Inc/CN=Google Internet Authority G2
# SHA1 Fingerprint=54:7B:BB:F6:8D:57:0D:1F:FD:6F:30:37:63:17:24:59:6A:DF:97:FF

# TRUSTKIT CONFIGURATION
# ----------------------
# kTSKPublicKeyHashes: @[@"BJDcocvi2UGI5t4xELJI5sG+LR7j6x3G8WYCMdmJ5JQ="] // You will also need to configure a backup pin
# kTSKPublicKeyAlgorithms: @[kTSKAlgorithmRsa2048]