okhttp-peer-certificate-extractor icon indicating copy to clipboard operation
okhttp-peer-certificate-extractor copied to clipboard

Published 20 hours ago verified publisher icon fabiomsr

pure shell implementation

Open kousu opened this issue 3 years ago • 3 comments 

# pin.sh

CERT="$1"
if [ -z "$CERT" ]; then
  echo 'usage: pin.sh CERT.pem'
  echo
  echo 'example:'
  echo
  echo '    $ openssl s_client -showcerts -connect google.com:443 </dev/null > google.pem'
  echo '    depth=1 C = US, O = Google Trust Services, CN = GTS CA 1O1'
  echo '    verify return:1'
  echo '    depth=0 C = US, ST = California, L = Mountain View, O = Google LLC, CN = *.google.com'
  echo '    verify return:1'
  echo '    DONE'
  echo '    $ ./pin.sh google.pem'
  echo '    sha256/xG5DOW4qfP5Rkg21faMmkxUHNSlfL5OASmHYtD1dWyY='
  exit 1;
fi

echo -n 'sha256/'; printf '\'x$(openssl x509 -in $CERT -noout -sha256 -fingerprint  | cut -f 2 -d = | sed 's/:/\\x/g') | base64

# maybe a bit more readable, at the price of needing python:
# echo -n sha256/
#openssl x509 -in "$CERT" -noout -sha256 -fingerprint  | cut -f 2 -d = | python -c 'import binascii; print(binascii.b2a_base64(binascii.unhexlify(input().replace(":",""))))'

this is public domain. do with it what you will. hope it helps someone out.

most systems have base64 installed. all of them have awk and cut. and if you're already working with certs you certainly have openssl installed, so this should be widely compatible, easy to install, and fast.

kousu avatar Nov 28 '20 02:11 kousu