summaryrefslogtreecommitdiffstats
path: root/krebs/5pkgs/simple
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/5pkgs/simple')
-rw-r--r--krebs/5pkgs/simple/certaids.nix109
1 files changed, 109 insertions, 0 deletions
diff --git a/krebs/5pkgs/simple/certaids.nix b/krebs/5pkgs/simple/certaids.nix
new file mode 100644
index 000000000..34f4c3e14
--- /dev/null
+++ b/krebs/5pkgs/simple/certaids.nix
@@ -0,0 +1,109 @@
+{ pkgs }:
+
+pkgs.write "certaids" {
+ "/bin/cert2json".link = pkgs.writeDash "cert2json" ''
+ # usage: cert2json < CERT > JSON
+ set -efu
+
+ ${pkgs.openssl}/bin/openssl crl2pkcs7 -nocrl -certfile /dev/stdin |
+ ${pkgs.openssl}/bin/openssl pkcs7 -print_certs -text |
+ ${pkgs.gawk}/bin/awk -F, -f ${pkgs.writeText "cert2json.awk" ''
+ function abort(msg) {
+ print(msg) > "/dev/stderr"
+ exit 1
+ }
+
+ function toJSON(x, type, ret) {
+ type = typeof(x)
+ switch (type) {
+ case "array":
+ if (isArray(x)) return arrayToJSON(x)
+ if (isObject(x)) return objectToJSON(x)
+ abort("cannot render array to JSON", x)
+ case "number":
+ return numberToJSON(x)
+ case "string":
+ return stringToJSON(x)
+ case "strnum":
+ case "unassigned":
+ case "regexp":
+ case "untyped":
+ default:
+ abort("cannot render type: " type)
+ }
+ }
+
+ function isArray(x, i, k) {
+ i = 1
+ for (k in x) {
+ if (k != i++) return 0
+ i++
+ }
+ return 1
+ }
+
+ function isObject(x, k) {
+ for (k in x) {
+ if (typeof(k) != "string") return 0
+ }
+ return 1
+ }
+
+ function arrayToJSON(x, k, ret) {
+ ret = "["
+ for (k in x) {
+ ret=ret toJSON(x[k]) ","
+ }
+ sub(/,$/,"",ret)
+ ret=ret "]"
+ return ret
+ }
+
+ function objectToJSON(x, k,ret) {
+ ret = "{"
+ for (k in x) {
+ ret = ret toJSON(k) ":" toJSON(x[k]) ","
+ }
+ sub(/,$/, "", ret)
+ ret = ret "}"
+ return ret
+ }
+
+ function numberToJSON(x) {
+ return x
+ }
+
+ function stringToJSON(x) {
+ gsub(/\\/, "&&",x)
+ gsub(/\n/, "\\n", x)
+ return "\"" x "\""
+ }
+
+ $1 ~ /^ *(Subject|Issuer):/ {
+ sub(/^ */, "")
+ sub(/: */, ",")
+ key=tolower($1)
+ sub(/[^,]*,/, "")
+
+ # Normalize separators between relative distinguished names.
+ # [1]: RFC2253, 3. Parsing a String back to a Distinguished Name
+ # TODO support any distinguished name
+ gsub(/ *[;,] */, ",")
+
+ for(i = 0; i <= NF; i++) {
+ split($i, a, "=")
+ cache[key][a[1]] = a[2]
+ }
+ }
+
+ /BEGIN CERTIFICATE/,/END CERTIFICATE/{
+ cache["certificate"] = cache["certificate"] $0 "\n"
+ }
+
+ /END CERTIFICATE/{
+ print toJSON(cache)
+ delete cache
+ }
+ ''}
+ '';
+}