tashian/fetch_tpm_certs.sh

## fetch_tpm_certs.sh
#!/bin/bash
# Using a TPM EKcert filename as input, this script recursively fetches TPM CA certificates.
# It depends on the EKcert having an AIA (Authority Information Access) Issuer URI field.
# This field is not required and may not be present.
# If available, the CA certificates will be saved into the current directory.
#
# To use this script, you will need the following programs:
# jq — https://jqlang.github.io/jq/
# step — https://smallstep.com/docs/step-cli/installation/
# curl

# Function to download a certificate from a URL
download_certificate() {
    local url="$1"
    local filename="${url##*/}"

    echo "Downloading certificate from $url..."
    curl -LO "$url"

    if [ $? -eq 0 ]; then
        echo "Certificate downloaded: $filename"
        extract_urls "$filename"
    else
        echo "Failed to download certificate from $url"
    fi
}

# Function to extract URLs from a certificate file
extract_urls() {
    local cert_file="$1"
    local urls=$(step certificate inspect "$cert_file" --format json | jq -r '.extensions.authority_info_access.issuer_urls[]?')

    if [ -n "$urls" ]; then
        while read -r url; do
            download_certificate "$url"
        done <<< "$urls"
    else
        echo "No URLs found in certificate: $cert_file"
    fi
}

# Main function
main() {
    if [ $# -ne 1 ]; then
        echo "Usage: $0 <input_certificate>"
        exit 1
    fi

    input_certificate="$1"

    if [ ! -f "$input_certificate" ]; then
        echo "Input certificate not found: $input_certificate"
        exit 1
    fi

    extract_urls "$input_certificate"
}

main "$@"
	#!/bin/bash
	# Using a TPM EKcert filename as input, this script recursively fetches TPM CA certificates.
	# It depends on the EKcert having an AIA (Authority Information Access) Issuer URI field.
	# This field is not required and may not be present.
	# If available, the CA certificates will be saved into the current directory.
	#
	# To use this script, you will need the following programs:
	# jq — https://jqlang.github.io/jq/
	# step — https://smallstep.com/docs/step-cli/installation/
	# curl

	# Function to download a certificate from a URL
	download_certificate() {
	local url="$1"
	local filename="${url##*/}"

	echo "Downloading certificate from $url..."
	curl -LO "$url"

	if [ $? -eq 0 ]; then
	echo "Certificate downloaded: $filename"
	extract_urls "$filename"
	else
	echo "Failed to download certificate from $url"
	fi
	}

	# Function to extract URLs from a certificate file
	extract_urls() {
	local cert_file="$1"
	local urls=$(step certificate inspect "$cert_file" --format json \| jq -r '.extensions.authority_info_access.issuer_urls[]?')

	if [ -n "$urls" ]; then
	while read -r url; do
	download_certificate "$url"
	done <<< "$urls"
	else
	echo "No URLs found in certificate: $cert_file"
	fi
	}

	# Main function
	main() {
	if [ $# -ne 1 ]; then
	echo "Usage: $0 <input_certificate>"
	exit 1
	fi

	input_certificate="$1"

	if [ ! -f "$input_certificate" ]; then
	echo "Input certificate not found: $input_certificate"
	exit 1
	fi

	extract_urls "$input_certificate"
	}

	main "$@"