Last active
February 23, 2022 19:55
-
-
Save infamousjoeg/f38bc7dbf0691950899b76300928c203 to your computer and use it in GitHub Desktop.
Automated Building of Certificates when OpenShift SNI Present
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
APIURL="https://cluster.com" | |
PORT="6443" | |
SERVERNAME="cluster.com" | |
output_prefix="final-" | |
extension="temp" | |
dlfilename="retrieved.pem" | |
pullcerticate_test() { | |
local tofile="$1" | |
cp ca-chain.cert.pem "$tofile" | |
} | |
pullcertificate() { | |
local tofile="$1" | |
echo q | \ | |
openssl s_client \ | |
-connect "$SERVERNAME:$PORT" \ | |
-showcerts \ | |
2>&1 | \ | |
sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \ | |
>> "$tofile" | |
} | |
pullcertificate_sni() { | |
local tofile="$1" | |
echo q | \ | |
openssl s_client \ | |
-connect "$SERVERNAME:$PORT" \ | |
-servername "$SERVERNAME" \ | |
-showcerts \ | |
2>&1 | \ | |
sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \ | |
>> "$tofile" | |
} | |
splitcerts() { | |
local fromfile="$1" | |
local roundcnt="$2" | |
echo "Splitting downloaded certificates..." | |
awk -v cnt="$roundcnt" \ | |
-v ext="$extension" \ | |
"/BEGIN/{x=\"F-\"cnt\"-\"++i\".\"ext;}{print > x;}" \ | |
"$fromfile" | |
} | |
removeduplicates() { | |
echo "Reduce duplicates..." | |
# shellcheck disable=2046 | |
md5sum $(find ./ -type f -name "*.$extension") | sort -k1 | uniq -w32 -d | xargs rm -fv | |
} | |
createlinkedlist() { | |
local jsonstr="" | |
#declare -a certarr | |
for i in F*.temp;do | |
jsonstr="$jsonstr$(printf '{ "issuer": "%s", "subject": "%s", "file": "%s" },' \ | |
"$(openssl x509 -noout -issuer -in "$i" | sed 's/issuer=//g')" \ | |
"$(openssl x509 -noout -subject -in "$i" | sed 's/subject=//g')" \ | |
"$i")" | |
done | |
jsonstr="[${jsonstr::-1}]" | |
# find the root cert first - not as efficient but it's a bash script... | |
root="$(jq '.[] | select(.issuer == .subject).file' <<<"$jsonstr")" | |
echo "$jsonstr" | jq '.' | |
} | |
main() { | |
for cnt in {1..5};do | |
echo "Round $cnt..." | |
pullcertificate "$dlfilename" | |
pullcertificate_sni "$dlfilename" | |
splitcerts "$dlfilename" "$cnt" | |
removeduplicates | |
rm -f "$dlfilename" | |
done | |
createlinkedlist | |
} | |
main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment