内置可信证书解析脚本

2019-06-06 18:36:03 +08:00
parent 897125210d
commit d0554f0f2b
1 changed files with 53 additions and 0 deletions
--- a/src/main/resources/shell/cacert.sh
+++ b/src/main/resources/shell/cacert.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+if [[ $# != 1 ]];then
+echo "USAGE: cacert file absolute path is required"
+fi
+
+CACERT_FILE=$1
+#上传接口URL
+CACERT_URL='http://192.168.10.120:8082/v1/policy/profile/trustedcacertobj'
+#TOKEN 获取接口URL
+TOKEN_URL='http://192.168.10.120:8082/v1/user/login?username=admin&password=admin'
+
+#TOKEN=$(curl -s -X POST $TOKEN_URL|grep 'token'|awk -F':' '{print $2}'|awk -F'"' '{print $2}')
+
+temp=$(dirname $0)
+CUR_DIR=$(pwd $temp)
+#单个证书存放目录
+CACERT_DIR=${CUR_DIR}"/cacert"
+#日志文件
+LOG_FILE=${CUR_DIR}"/cacert.log"
+if [ -e $LOG_FILE ];then
+rm -rf $LOG_FILE
+fi
+rm -rf $CACERT_DIR
+if [[ ! -e $CACERT_DIR ]];then
+mkdir -p $CACERT_DIR
+fi
+
+awk 'BEGIN{flag=0;count=1;DIR="'$CACERT_DIR'"}{if(match($0,"BEGIN CERTIFICATE")){flag=1}else if(match($0,"END CERTIFICATE")){flag=0;count=count+1;};if(1==flag){print $0 >> DIR"/"count".pem"}}' $CACERT_FILE
+
+ENDLINE='-----END CERTIFICATE-----'
+
+for file in $(ls $CACERT_DIR);do
+path=${CACERT_DIR}"/"${file}
+echo $ENDLINE >> $path
+cacertName=$(openssl crl2pkcs7 -nocrl -certfile $path | openssl pkcs7 -print_certs -noout |grep -o "CN=.*"|awk '{if(NR==1){print $1}}'|cut -d '=' -f2)
+if [ -z $cacertName ];then
+cacertName=$(openssl crl2pkcs7 -nocrl -certfile $path | openssl pkcs7 -print_certs -noout |grep -o "OU=.*"|awk '{if(NR==1){print $1}}'|cut -d '=' -f2)
+fi
+
+if [ -z $cacertName ];then
+cacertName=$(openssl crl2pkcs7 -nocrl -certfile $path | openssl pkcs7 -print_certs -noout |grep -o "O=.*"|awk '{if(NR==1){print $1}}'|cut -d '=' -f2)
+fi
+
+#result=$(curl $CACERT_URL -s -X POST -F "file=@${path}" -H "Content-Type:multipart/form-data " -H "Authorization:${TOKEN}" -H "File-Desc:{'opAction':'add','certName':'${cacertName}','certId':null,'isValid':1}")
+#newPath=${CACERT_DIR}"/"$cacertName".pem"
+#mv $path $newPath
+TIMESTEMP=$(date '+%Y-%m-%d %H:%M:%S')
+#echo "upload [ ${cacertName} ]"
+#echo "[${TIMESTEMP}]upload [ ${cacertName} ] path:[ ${path} ] to [ ${CACERT_URL} ]" >> $LOG_FILE
+#echo "[${TIMESTEMP}]result:"${result} >> $LOG_FILE
+echo "" >> $LOG_FILE
+done
+