infamousjoeg/sni_builder.sh

## sni_builder.sh
#!/usr/bin/env bash
APIURL="https://cluster.com"
PORT="6443"
SERVERNAME="cluster.com"
output_prefix="final-"
extension="temp"
dlfilename="retrieved.pem"

pullcerticate_test() {
   local tofile="$1"
   cp ca-chain.cert.pem "$tofile"
}

pullcertificate() {
   local tofile="$1"
   echo q | \
   openssl s_client \
      -connect "$SERVERNAME:$PORT" \
      -showcerts \
      2>&1 | \
   sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \
   >> "$tofile"
}

pullcertificate_sni() {
   local tofile="$1"
   echo q | \
   openssl s_client \
      -connect "$SERVERNAME:$PORT" \
      -servername "$SERVERNAME" \
      -showcerts \
      2>&1 | \
   sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \
   >> "$tofile"
}

splitcerts() {
   local fromfile="$1"
   local roundcnt="$2"
   echo "Splitting downloaded certificates..."
   awk -v cnt="$roundcnt" \
      -v ext="$extension" \
      "/BEGIN/{x=\"F-\"cnt\"-\"++i\".\"ext;}{print > x;}" \
      "$fromfile"
}

removeduplicates() {
    echo "Reduce duplicates..."
    # shellcheck disable=2046
    md5sum $(find ./ -type f -name "*.$extension") | sort -k1 | uniq -w32 -d | xargs rm -fv
}

createlinkedlist() {
   local jsonstr=""
   #declare -a certarr
   for i in F*.temp;do
      jsonstr="$jsonstr$(printf '{ "issuer": "%s", "subject": "%s", "file": "%s" },' \
         "$(openssl x509 -noout -issuer -in "$i" | sed 's/issuer=//g')" \
         "$(openssl x509 -noout -subject -in "$i" | sed 's/subject=//g')" \
         "$i")"
   done
   jsonstr="[${jsonstr::-1}]"
   # find the root cert first - not as efficient but it's a bash script...
   root="$(jq '.[] | select(.issuer == .subject).file' <<<"$jsonstr")"
   echo "$jsonstr" | jq '.'
}

main() {
   for cnt in {1..5};do
      echo "Round $cnt..."
      pullcertificate "$dlfilename"
      pullcertificate_sni "$dlfilename"

      splitcerts    "$dlfilename" "$cnt"

      removeduplicates
      rm -f "$dlfilename"
   done
   createlinkedlist
}

main "$@"
	#!/usr/bin/env bash
	APIURL="https://cluster.com"
	PORT="6443"
	SERVERNAME="cluster.com"
	output_prefix="final-"
	extension="temp"
	dlfilename="retrieved.pem"

	pullcerticate_test() {
	local tofile="$1"
	cp ca-chain.cert.pem "$tofile"
	}

	pullcertificate() {
	local tofile="$1"
	echo q \| \
	openssl s_client \
	-connect "$SERVERNAME:$PORT" \
	-showcerts \
	2>&1 \| \
	sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \
	>> "$tofile"
	}

	pullcertificate_sni() {
	local tofile="$1"
	echo q \| \
	openssl s_client \
	-connect "$SERVERNAME:$PORT" \
	-servername "$SERVERNAME" \
	-showcerts \
	2>&1 \| \
	sed -ne '/--BEGIN CERTIFICATE--/,/--END CERTIFICATE--/p' \
	>> "$tofile"
	}

	splitcerts() {
	local fromfile="$1"
	local roundcnt="$2"
	echo "Splitting downloaded certificates..."
	awk -v cnt="$roundcnt" \
	-v ext="$extension" \
	"/BEGIN/{x=\"F-\"cnt\"-\"++i\".\"ext;}{print > x;}" \
	"$fromfile"
	}

	removeduplicates() {
	echo "Reduce duplicates..."
	# shellcheck disable=2046
	md5sum $(find ./ -type f -name "*.$extension") \| sort -k1 \| uniq -w32 -d \| xargs rm -fv
	}

	createlinkedlist() {
	local jsonstr=""
	#declare -a certarr
	for i in F*.temp;do
	jsonstr="$jsonstr$(printf '{ "issuer": "%s", "subject": "%s", "file": "%s" },' \
	"$(openssl x509 -noout -issuer -in "$i" \| sed 's/issuer=//g')" \
	"$(openssl x509 -noout -subject -in "$i" \| sed 's/subject=//g')" \
	"$i")"
	done
	jsonstr="[${jsonstr::-1}]"
	# find the root cert first - not as efficient but it's a bash script...
	root="$(jq '.[] \| select(.issuer == .subject).file' <<<"$jsonstr")"
	echo "$jsonstr" \| jq '.'
	}

	main() {
	for cnt in {1..5};do
	echo "Round $cnt..."
	pullcertificate "$dlfilename"
	pullcertificate_sni "$dlfilename"

	splitcerts "$dlfilename" "$cnt"

	removeduplicates
	rm -f "$dlfilename"
	done
	createlinkedlist
	}

	main "$@"