Redhat shell script - OpenSSL x509 - loops

I am relatively new to scripting and would like to know how I can add more options in my for loop. Currently my script only checks the -enddate of a certificate, but I would like to get more information like: -serial, -subject, -issuer in a orderly output.
What I have currently is:
#! /bin/bash
FOLDER_LIST=/etc/httpd/certs
for FOLDER in $FOLDER_LIST
do
for pem in $FOLDER/*.crt; do
printf '%s: %s\n' \
"$(date --date="$(openssl x509 -enddate -noout -in "$pem" | cut -d= -f 2)" --iso-8601)" \
"$pem"
done | sort
done
I tried adding the extra options like this: "$(openssl x509 -enddate -subject -serial -issuer -noout -in "$pem" | cut -d= -f 2)" --iso-8601)"
But the output is not orderly.

Related

How to create solr password hash

From solr documentation to create a user I need to add following lines to security.json config file:
"authentication":{
"class":"solr.BasicAuthPlugin",
"credentials":{
"solr":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="
}
},
I know that under authentication.credentials the key solr is the username and value IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c= is the hash of password SolrRocks.
But my question is, how can I generate that hash?
The documentation does not mention it anywhere,
It does not look like md5, sha1, argon nor any hash known to me.
After decoding the base64 it seems to be stored as some binary data.
What kind of hash is that, and how can I create it from bash?
You'd usually use set-user in the Authentication API to add the user.
rmalchow on GitHub has created a standalone version for bash:
#!/bin/bash
PW=$1
SALT=$(pwgen 48 -1)
echo "hash : $(echo -n "$SALT$PW" | sha256sum -b | xxd -r -p | sha256sum -b | xxd -r -p | base64 -w 1024) $(echo -n "$SALT" | base64 -w1024)"

Curl, Adding hostname from array

I am trying to write a script that parses the output of a URL. Everything works great if I hard code a URL into the curl command, however when I try to add the URL from an array I am getting a syntax error.
Here is the script
#!/usr/bin/bash
hosts=(
room-f3185-dsp
room-c5180-dsp
room-f3187-dsp
room-f3183-dsp
)
for i in "${hosts[#]}"
url1=$(curl -d "action=login&userPassword=PASSWORD" -H "Content-Type: application/x-www-form-urlencoded" -X POST http://$i)
url2=$(echo $url | sed 's/,/\n/g')
url3=$(echo $url2 | sed 's/:/ /g' | grep macAddress ./mactest | awk '{print $2,$3,$4,$5,$6,$7,$8}')
url4=$(echo $url3 | sed 's/ /:/g' | tr -d '"')
mac=$(echo $url4 | sed 's/.$//' | sed 's/.$//' |sed 's/.$//')
echo "------------------------------------------------" >> dspmac
echo $i >> dspmac
echo "Mac Address = "$mac >> dspmac
done
Here is the error I am getting,
line 10: syntax error near unexpected token `url1=$(curl -d "action=login&userPassword=PASSWORD" -H "Content-Type: application/x-www-form-urlencoded" -X POST $i)'
Also in the url1 line when I put in HTTP:// it is highlighted as a link, but the $i is just showing as standard text
Thank in advance
If I replace the $i in the script with the full URL (http://room-f3185-dsp) it works great. I have also tried putting the full url as the host in the array, but still get the same error.
I also tried various quotes in different places.
How about adding do:
for i in "${hosts[#]}"
do
...
done

get each line of a command in an array bash raspbian

I'm trying to improve my scripting skills.
I know there's online converters that are doing it but i'd like to make a script that compare in a certain folder (/opt/Citrix/ICAClient/keystore/cacerts/), if the .crt are already in the .pem format and if not convert them.
So i know this clearly isn't the best way to do so... But i've started like this:
`
#!/bin/bash
#remove both files if they already exists
rm crt.txt
rm pem.txt
#certificate selection in .crt format
Certificate_crt=$(sudo ls /opt/Citrix/ICAClient/keystore/cacerts/ | grep .crt | sed 's/\(.*\)\..*/\1/')
#certificate selection in .pem format
Certificate_pem=$(sudo ls /opt/Citrix/ICAClient/keystore/cacerts/ | grep .pem | sed 's/\(.*\)\..*/\1/')
#sending results in text files
echo "$Certificate_crt" >> crt.txt
echo "$Certificate_pem" >> pem.txt
#recovery of certificate names in .crt not having a .pem equivalent
Certificate_crt_WO_pem=$(cat crt.txt | grep -v "$Certificate_pem" | tr " " "\n")
#echo "$Certificate_crt_WO_pem"
#initialisation
i=0
#Print the split string
for i in "${Certificate_crt_WO_pem[#]}"
do
name_certificate=$(echo $i | tr " " "\n")
echo "${name_certificate[#]}"
echo "$i"
i=i+1
done
`
The thing is that when my "for" is launched, it stores all the result of "Certificate_crt_WO_pem" in the array $name_certificate[0] and then stop it self.
What i want is to store, line by line, the result of "cat crt.txt | grep -v "$Certificate_pem" | tr " " "\n"" into the array name_certificate.
This array will be use to launch something like this " openssl -in $name_certificate[$i].crt -out $name_certificate[$i].pem PEM" (in a for loop in the will to convert every namefile.crt in every namefile.pem).
If someone can help me i'll be more than gratefull... (And yes i've already tried to search on the net, had followed some online courses but none of them was saying the same thing about the bash's arrays, so i'm a bit lost...)
What i want is to store, line by line, the result of
Then do that.
var=$(something)
# ^^ - normal variable assignment
var=( $(something) )
# ^^ ^ - array assignment
# the unquoted result of expansions is split on IFS
# default on tabs, newlines and spaces
so I guess you want:
Certificate_crt_WO_pem=($(grep -v "$Certificate_pem" crt.txt))
Doing cat file | grep is a useless use of cat. Use grep .. file or < file grep ....
Remember do not parse ls output. Don't ls | something. Prefer globulation or find instead.
Read how to read a stream line by line in bashfaq. Read how to use arrays in bashfaq.
Note that grep parses a regex, so grep .pem matches any character followed by pem. I guess you wanted grep '\.pem'. I do not think grep -v "$Certificate_pem" does what you think it does - I guess you meant to use comm or join to filter elements from one newline separated separated that are present in the other list.
This array will be use to launch something like this " openssl -in $name_certificate[$i].crt -out $name_certificate[$i].pem PEM"
The best would be not do it, rather parse the data as they come, not store them in variables.
# get all .crt fiels
find /opt/Citrix/ICAClient/keystore/cacerts/ -maxdepth 1 -mindepth 1 -type f -name '*.crt' |
# remove extension
sed 's/\.crt$//' |
# filter out files where .pem does exists already
while IFS= read -r file; do
if [[ -r "$file".pem ]]; then continue; fi
printf "%s\n" "$file"
done |
# execute openssl for the rest
xargs -d'\n' -i{} openssl -in {}.crt -out {}.pem PEM
but if you want, rather use mapfile to store a string with a newline separated list into an array (be sure to understand how to store variables in a pipeline).
mapfile -t Certificate_crt_WO_pem < <(something)

How can i use wget in order to obtain the public key?

Is there any way to use wget directly or tweak the source code or use it with openssl in order to obtain the public key from a certificate and save it to a file?
Not with wget, but with OpenSSL, you can use the same method as in this question for LDAP (except on port 443, if you're interested in HTTPS, presumably).
You can also pipe the output into the openssl x509 -pubkey to get the public key itself.
Something like this should do:
echo -n | openssl s_client -connect www.google.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | openssl x509 -pubkey -noout

Pass stdin into Unix host or dig command

Let's say I have a list of IPs coming into a log that I'm tailing:
1.1.1.1
1.1.1.2
1.1.1.3
I'd like to easily resolve them to host names. I'd like to be able to
tail -f access.log | host -
Which fails as host doesn't understand input from stdin in this way. What's the easiest way to do with without having to write a static file or fallback to perl/python/etc.?
Use xargs -l:
tail -f access.log | xargs -l host
You could also use the read builtin:
tail -f access.log | while read line; do host $line; done
In the commands below, replace cat with tail -f, etc. if needed.
Using host:
$ cat my_ips | xargs -i host {}
1.1.1.1.in-addr.arpa domain name pointer myhost1.mydomain.com.
1.1.1.2.in-addr.arpa domain name pointer myhost2.mydomain.com.
Using dig:
$ cat my_ips | xargs -i dig -x {} +short
myhost1.mydomain.com.
myhost2.mydomain.com.
Note that the -i option to xargs implies the -L 1 option.
To first get the IPs of one's host, see this answer.
In bash You can do:
stdout | (dig -f <(cat))
Example program:
(
cat <<EOF
asdf.com
ibm.com
microsoft.com
nonexisting.domain
EOF
) | (dig -f <(cat))
This way You only invoke 'dig' once.

Resources