certs.sh

#!/usr/bin/env bash

#!/usr/bin/env bash

function getCertChain() {
	curl -fsSL <url_to_ca_certificate_chain_pem>
}

getCertChain | csplit -f paychex-indv-cert- - '/-----BEGIN CERTIFICATE-----/' '{*}'

[[ `cat *-00` -eq '' ]] && rm *-00

for cert in paychex-indv-cert-*
do
	new_file_name=`openssl x509 -noout -subject -nameopt multiline -in "$cert" | sed -n 's/ *commonName *= //p'`
	new_file_name="${new_file_name// /_}"

	# Handle non-numbered certs by numbering them. 
	# If there is only one other cert (that is likely not numbered)
	if [[ -e "${new_file_name}.crt" ]]; then
		echo "${new_file_name}.crt already exists"
		# mv $new_file_name "${new_file_name}-1"
		file_num=2

		# If there are other numbered files. Get the highest one, and increment it. 
		if [[ `ls ${new_file_name}-*.crt 2>/dev/null | grep -Eo '\-[0-9]+\.crt$' | grep -o '[0-9]*' | sort | tail -n1` != '' ]]; then
			# List files that share the cert name, get the highest version. 
			file_num=`ls ${new_file_name}-*.crt | grep -Eo '\-[0-9]+\.crt$' | grep -o '[0-9]*' | sort | tail -n1`
			file_num=$((file_num + 1))
		fi

		new_file_name="${new_file_name}-${file_num}"
	fi


	echo "Writing ${new_file_name}.crt"
	mv $cert "${new_file_name}.crt"
done

for cert in *.crt
do
	if [[ $1 ]]; then 
		keytool -import -alias "payx:$cert" -file "$cert" -noprompt -storepass changeit --keystore "$1"
	else
		keytool -import -alias "payx:$cert" -file "$cert" -noprompt -storepass changeit
	fi
done