Trust store generator scripts for various Gemini clients
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

59 lines
1.9 KiB

#!/bin/sh
# Generate markdown and CSV files containing cert info for each host.
set -o errexit # (-e) exit immediately if any command has a non-zero exit status
set -o nounset # (-u) don't accept undefined variables
#set -o xtrace # for debugging
# Go where this script is.
cd "$(dirname "$0")" || exit
# Table header
md_table="| Host | Cert | Expiry | Key Algorithm | Key Size (bits) | Signature Algorithm |
--- | --- | --- | --- | --- | ---\n"
csv_table="Host,Expiry,Key Algorithm,Key Size (bits),Signature Algorithm\n"
for cert_file in certs/*.pem; do
host=$(expr "$cert_file" : '^certs\/\(.*\)\:[0-9]*\.pem$')
port=$(expr "$cert_file" : '^certs\/.*\:\([0-9]*\)\.pem$')
if [ "$port" != 1965 ]; then
host="$host:$port"
fi
# Get cert details: expiry, key algo, key size, signature algo.
end_date=$(openssl x509 -in "$cert_file" -enddate -noout | cut -d '=' -f 2)
end_date=$(date -d "$end_date" +"%Y-%m-%d" --utc)
cert_details=$(openssl x509 -in "$cert_file" -noout -text)
key_algo=$(echo "$cert_details" | grep 'Public Key Algorithm:' | cut -d ':' -f 2)
if [ "$key_algo" = ' id-ecPublicKey' ]; then
key_algo='ECDSA'
elif [ "$key_algo" = ' rsaEncryption' ]; then
key_algo='RSA'
elif [ "$key_algo" = ' ED25519' ]; then
key_algo='ED25519'
fi
if [ "$key_algo" = 'ED25519' ]; then
key_size='256'
else
key_size=$(echo "$cert_details" | grep 'Public-Key:' | cut -d ':' -f 2)
key_size=$(expr "$key_size" : '^..\([0-9]*\).*$')
fi
sig_algo=$(echo "$cert_details" | grep ' Signature Algorithm:' | cut -d ':' -f 2 | cut -c2-)
# Add a table row.
md_table="$md_table| [$host](gemini://$host/) | [PEM]($cert_file) | $end_date | $key_algo | $key_size | $sig_algo |\n"
csv_table="$csv_table""$host,$end_date,$key_algo,$key_size,$sig_algo\n"
done
# Write to files.
echo "$md_table" > cert-details.md
echo "$csv_table" > cert-details.csv
echo OK