我想解析一个密钥库文件,只获取“别名:”的值和“直到:”旁边的到期日期。任何有 awk / sed 的东西都可以。
尝试了以下 2 个给出值的命令。但我希望它在一个命令中
line=`keytool -list -v -keystore nonprod_truststore.jks | grep -e "Alias name" | awk -F'Alias name:' '{print $2}'`
line2=`keytool -list -v -keystore nonprod_truststore.jks | grep -e "until:" | awk -F'until:' '{print $2}'`
Alias name: Vaerikeysamplename004
Creation date: Mar 25, 2004
Entry type: trustedCertEntry
Owner: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
Serial number: 1234jeyjfffdfd
Valid from: Sun May 17 20:00:00 EDT 1998 until: Tue Aug 01 19:59:59 EDT 2028
Certificate fingerprints:
MD5: DB:23:3D:F9:99:FA:4B:33:95:ee:44:73:5E:7D:41:83
SHA1: 27:3E:ss:24:57:FD:C4:F9:0C:55:E8:2B:56:16:ff:62:F5:32:E5:47
SHA256: 34:1D:E9:8B:13::6E:C6:5B:9A:51:CE:6E:D0:67:D0:0E:C7:CE:9B:7F
Signature algorithm name: RSASHASAM
Subject Public Key Algorithm: 1024-bit RSA key
Version: 1
Vaerikeysamplename004 Tue Aug 01 19:59:59 EDT 2028
使用任何awk:
$ awk 'sub(/^Alias name: /,""){name=$0} sub(/.*until: /,""){print name, $0}' file
Vaerikeysamplename004 Tue Aug 01 19:59:59 EDT 2028
使用您显示的示例,请尝试遵循 GNU
awk
.awk
和 RS
功能在 GNU RT
中编写和测试。
awk -v RS='Alias name: [^\n]*|Valid from: [^\n]*' '
RT && num=split(RT,arr,": "){
val=(val?val OFS :"") arr[num]
}
END{
if(val){
print val
}
}
' Input_file
$ awk -F': ' '$1=="Alias name" {a=$2} / until: / {print a,$NF}' file
Vaerikeysamplename004 Tue Aug 01 19:59:59 EDT 2028
我们使用
:
(冒号空格)作为字段分隔符。当第一个字段是Alias name
时,我们将第二个字段存储在变量a
中。当一行匹配空格-until
-冒号空格时,我们打印变量a
和最后一个字段。
这可能对你有用(GNU sed):
sed '/Alias name: /h;/until: /H;$!d;x;s/.*: //mg;y/\n/ /' file
复制包含
Alias name:
的行,并在其上附加另一行包含 until:
.
删除除最后一行以外的所有行,然后交换到副本并删除不需要的文本并打印结果。
注意替换命令上的
m
标志允许多行输入。
openssl
.
好消息是用它你可以梳理出部分
没有到达
awk
和公司的证书:你openssl
维护者来隔离你的keytool
命令可以导出openssl
到
消费。
坏消息是
openssl x509
命令进程所以,假设有一个
lib/security/cacerts
Java
密钥库keytool
已知),并且有需要## (DEFAULT PASSWORD: changeit)
## Export all cacerts certificates in base64 format (RFC 4648) and store
## them as cacerts.bundle:
cd /tmp
keytool -cacerts -list -rfc > cacerts.bundle
mkdir pems && cd pems
## Undo the bundle file into separate PEM files (with header and footer).
## (This is ugly and may require more massageing.)
csplit ../cacerts.bundle -qz -f '' -b '%04d.pem~' \
'%^Your keystore%2' \
'/^\*\*\*\*\*\*/4' '{*}'
## Process each PEM file (with header and footer):
for f in *.pem~
do
read a b alias_name < "$f"
ex=$(openssl x509 -noout -enddate < "$f")
## 'not{Before,After}' are part of X.509 syntax (§4.1, RFC 5280), whereas
## 'Valid from:' and 'until:' are the `-v` output details.
printf '%s %s\n' "$alias_name" "${ex#notAfter=}"
done
现在,通常,您想知道到期日期
对于已知的别名(证书),您可以尝试管道
例如(
eval
tomfoolery 仅用于说明):
alias=debian:go_daddy_root_certificate_authority_-_g2.pem
## Look for $alias in the cacerts keystore:
exporter="keytool -cacerts -exportcert -rfc -alias \$alias"
## Report the expiration date:
parser='openssl x509 -noout -enddate'
## (DEFAULT PASSWORD: changeit)
## Run the query:
ex=$(eval echo "\$($exporter | $parser)")
printf '%s %s\n' "$alias" "${ex#notAfter=}"