ETOOBUSY 🚀 minimal blogging for the impatient
ekeca - better print
TL;DR
Added an enhanded
From time to time I have to deal with TLS certificates and this usually gets me to the point where I think oh, it would be great to do… X.
Then I have that harry-potter-ish moment when the (disguised) professor Moody reminds Harry that he has a wand. Well, I guess I have the shell wand in this case! Which invariably brings me to this:
(from Automation) without thinking about this:
(from Is It Worth The Time?).
This specific time I have a file with two certificates inside, and I want to
print them both. So… I extended the print sub-command in ekeca to just
do this:
cmd_print() {
local l chunk inside='no' n=0
while read l ; do
if [ "$inside" = 'yes' ] ; then
chunk="$(printf '%s\n%s' "$chunk" "$l")"
local type="$(printf %s "$l" | _type_of)"
[ -n "$type" ] || continue
local cmd
case "$type" in
(CERTIFICATE)
cmd=x509
;;
(CERTIFICATE\ REQUEST)
cmd=req
;;
(PRIVATE\ KEY)
cmd=rsa
;;
(*)
printf >&2 '%s\n' "unhandled type '$type'"
return 1
;;
esac
n=$(( n + 1 ))
[ $n -lt 2 ] || printf '\n'
printf '# item #%d %s\n' "$n" "$type"
printf %s "$chunk" | openssl "$cmd" -noout -text
inside='no'
elif printf %s "$l" | grep '^-\+BEGIN .*-\+ *$' >/dev/null 2>&1; then
chunk="$l"
inside='yes'
fi
done <"$1"
}
The outer loop takes care to divide the input file’s contents in chunks,
each containing one thing (like a certificate, a certificate signing
request, or a key). When we hit the END line of the chunk, we just use the
older code to figure out what the chunk represents and call the right
OpenSSL sub-command.
That’s it for today!