1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
{ pkgs }:
pkgs.write "certaids" {
"/bin/cert2json".link = pkgs.writeDash "cert2json" ''
# usage: cert2json < CERT > JSON
set -efu
${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text |
${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" ''
function abort(msg) {
print(msg) > "/dev/stderr"
exit 1
}
function toJSON(x, type, ret) {
type = typeof(x)
switch (type) {
case "array":
if (isArray(x)) return arrayToJSON(x)
if (isObject(x)) return objectToJSON(x)
abort("cannot render array to JSON", x)
case "number":
return numberToJSON(x)
case "string":
return stringToJSON(x)
case "strnum":
case "unassigned":
case "regexp":
case "untyped":
default:
abort("cannot render type: " type)
}
}
function isArray(x, i, k) {
i = 1
for (k in x) {
if (k != i++) return 0
i++
}
return 1
}
function isObject(x, k) {
for (k in x) {
if (typeof(k) != "string") return 0
}
return 1
}
function arrayToJSON(x, k, ret) {
ret = "["
for (k in x) {
ret=ret toJSON(x[k]) ","
}
sub(/,$/,"",ret)
ret=ret "]"
return ret
}
function objectToJSON(x, k,ret) {
ret = "{"
for (k in x) {
ret = ret toJSON(k) ":" toJSON(x[k]) ","
}
sub(/,$/, "", ret)
ret = ret "}"
return ret
}
function numberToJSON(x) {
return x
}
function stringToJSON(x) {
gsub(/\\/, "&&",x)
gsub(/\n/, "\\n", x)
return "\"" x "\""
}
$1 ~ /^ *(Subject|Issuer):/ {
sub(/^ */, "")
sub(/: */, ",")
key=tolower($1)
sub(/[^,]*,/, "")
# Normalize separators between relative distinguished names.
# [1]: RFC2253, 3. Parsing a String back to a Distinguished Name
# TODO support any distinguished name
gsub(/ *[;,] */, ",")
for(i = 0; i <= NF; i++) {
split($i, a, "=")
cache[key][a[1]] = a[2]
}
}
/BEGIN CERTIFICATE/,/END CERTIFICATE/{
cache["certificate"] = cache["certificate"] $0 "\n"
}
/END CERTIFICATE/{
print toJSON(cache)
delete cache
}
''}
'';
}
|