Perl one-liner: getting sorted fingerprint list from keytool.

I need to determine which X.509 certificates in one Java keystore are missing from another. I do this by comparing fingerprints. Here is how I get a sorted list of fingerprints from one keystore.

$ keytool -list -keystore cacerts -storepass changeit >~/keytool.out
$ cd ~
$ perl -ane '$f{$F[-1]}++ if /fingerprint/; END {for $k (sort {$a <=> $b} keys %f) {print "$k\n";}}' <keytool.out >fingerprints.list

I do this to both keystores.

Once I've got my list of fingerprints from each file, I get a list of fingerprints that are in one file, but not another.

$ diff fingerprints_123.list fingerprints.list | perl -ane 'print "$F[-1]\n" if /^>/' >diff_fingerprints.list

Then I wrote this script to read the list of missing fingerprints and tell me the aliases that correspond to these fingerprints in the keystore that has them.

#!/usr/bin/perl -w

# 1st arg = file with list of missing fingerprints.
# 2nd arg = file with keytool output from keystore with additional certs.

use strict;
use warnings;
use Data::Dumper;

# Slurp up all the missing fingerprints.
open my $want_fh, '<', $ARGV[0] or die;
my @wanted = <$want_fh>;
chomp @wanted;
close $want_fh;

my $previous; # Previous line of keytool.out.
my %data; # Key = fingerprint, value = line prior to fingerprint.

# Populate %data with all relevant keytool output from file with additional certs.
open my $data_fh, '<', $ARGV[1] or die;
while (<$data_fh>) {
if (/fingerprint/) {
$data{(split(/\s/, $_))[-1]} = $previous;
$previous = $_;
close $want_fh;

#print Dumper(\%data);

# Find hash key in %data for each item in @wanted, and print the previous keytool output line.
for my $finger (@wanted) {
print "$data{$finger}\n";

exit 0;

Now that I think about it, I should have just written this as one bigger script instead of two one-liners and a script plus miscellaneous temp files. Oh, well. I'll do that another day.

No comments:

Post a Comment