okhttp-peer-certificate-extractor
okhttp-peer-certificate-extractor copied to clipboard
pure shell implementation
# pin.sh
CERT="$1"
if [ -z "$CERT" ]; then
echo 'usage: pin.sh CERT.pem'
echo
echo 'example:'
echo
echo ' $ openssl s_client -showcerts -connect google.com:443 </dev/null > google.pem'
echo ' depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1'
echo ' verify return:1'
echo ' depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com'
echo ' verify return:1'
echo ' DONE'
echo ' $ ./pin.sh google.pem'
echo ' sha256/xG5DOW4qfP5Rkg21faMmkxUHNSlfL5OASmHYtD1dWyY='
exit 1;
fi
echo -n 'sha256/'; printf '\'x$(openssl x509 -in $CERT -noout -sha256 -fingerprint | cut -f 2 -d = | sed 's/:/\\x/g') | base64
# maybe a bit more readable, at the price of needing python:
# echo -n sha256/
#openssl x509 -in "$CERT" -noout -sha256 -fingerprint | cut -f 2 -d = | python -c 'import binascii; print(binascii.b2a_base64(binascii.unhexlify(input().replace(":",""))))'
this is public domain. do with it what you will. hope it helps someone out.
most systems have base64 installed. all of them have awk and cut. and if you're already working with certs you certainly have openssl installed, so this should be widely compatible, easy to install, and fast.