first commit

[threegates.git] / bin / certs_extractor.sh

#/bin/bash
# set -x

if [ "$THREEGATES_CA_BASE" != "" ]; then
    ca_dir="${THREEGATES_CA_BASE}"
else
    ca_dir="ca"
fi

if [ -d "$ca_dir" ]; then
    rm -rf "$ca_dir"
fi
mkdir -p "$ca_dir"

IFS='
'
ct=1
for i in $(cat raw/IT_TSL_CNS.xml raw/IT_TSL_signed.xml | tr -d '\n' | tr -d '\r' | sed 's@\(</\?tsl:X509Certificate>\)@\n\1@g' | grep '^<tsl:X509Certificate>' | sed 's/<tsl:X509Certificate>//g' | grep -v '^$' | sort | uniq ); do
    # oname="$(printf "%06d" $ct).pem"
    oname=tmp.pem
    ( echo "-----BEGIN CERTIFICATE-----"
    echo "$i" | sed 's/\(.\{60\}\)/\1\n/g' 
    echo "-----END CERTIFICATE-----" ) | grep -v '^$'  > ${ca_dir}/$oname

    hname="$(cat ${ca_dir}/$oname | md5sum | cut -d ' ' -f 1).pem"
    mv "${ca_dir}/$oname" "${ca_dir}/$hname"
    
    hash="$(cat "${ca_dir}/$hname" | openssl x509 -inform PEM  -hash -noout)"
    link="$(cat "${ca_dir}/$hname" | openssl x509 -inform PEM  -issuer -noout | sed 's/^issuer= //g;s@/@~@g')"
    
    cd ${ca_dir}
    for n in $(seq 0 100); do
        if [ -f ${hash}.$n ]; then
            continue
        fi
        ln -s "$hname" ${hash}.$n
        break
    done

    if [ $n -eq 100 ]; then
        echo "n exceeds maximum value (hash)."
        exit 1
    fi

    for n in $(seq 1 100); do
        if [ $n -eq 1 ]; then
            lname="${link}.pem"
        else
            lname="${link}_($n).pem"
        fi
        
        if [ -f "$lname" ]; then
            continue
        fi
        ln -s "$hname" "$lname"
        break
    done

    if [ $n -eq 100 ]; then
        echo "n exceeds maximum value (link)."
        exit 2
    fi

    cd - >/dev/null 2>&1

    ct=$((ct + 1))
done

exit 0