me@mybox:/usr/ibm_java/jre/lib/security
$ keytool -list -keystore cacerts -storepass changeit >~/keytool.out
me@mybox:/usr/ibm_java/jre/lib/security
$ cd ~
me@mybox:~
$ perl -ane '$f{$F[-1]}++ if /fingerprint/; END {for $k (sort {$a <=> $b} keys %f) {print "$k\n";}}' <keytool.out >fingerprints.list
I do this to both keystores.
Once I've got my list of fingerprints from each file, I get a list of fingerprints that are in one file, but not another.
me@mybox:~
$ diff fingerprints_123.list fingerprints.list | perl -ane 'print "$F[-1]\n" if /^>/' >diff_fingerprints.list
Then I wrote this script to read the list of missing fingerprints and tell me the aliases that correspond to these fingerprints in the keystore that has them.
#!/usr/bin/perl -w
# 1st arg = file with list of missing fingerprints.
# 2nd arg = file with keytool output from keystore with additional certs.
use strict;
use warnings;
use Data::Dumper;
# Slurp up all the missing fingerprints.
open my $want_fh, '<', $ARGV[0] or die;
my @wanted = <$want_fh>;
chomp @wanted;
close $want_fh;
my $previous; # Previous line of keytool.out.
my %data; # Key = fingerprint, value = line prior to fingerprint.
# Populate %data with all relevant keytool output from file with additional certs.
open my $data_fh, '<', $ARGV[1] or die;
while (<$data_fh>) {
chomp;
if (/fingerprint/) {
$data{(split(/\s/, $_))[-1]} = $previous;
}
$previous = $_;
}
close $want_fh;
#print Dumper(\%data);
# Find hash key in %data for each item in @wanted, and print the previous keytool output line.
for my $finger (@wanted) {
print "$data{$finger}\n";
}
exit 0;
Now that I think about it, I should have just written this as one bigger script instead of two one-liners and a script plus miscellaneous temp files. Oh, well. I'll do that another day.
No comments:
Post a Comment