Lines Matching +full:0 +full:- +full:9 +full:a +full:- +full:d
2 # SPDX-License-Identifier: GPL-2.0
8 # Compute and print the To Be Signed (TBS) hash of a certificate. This is used
10 # This output should be redirected, without newline, in a file (hash0.txt) and
11 # signed to create a PKCS#7 file (hash0.p7s). Both of these files can then be
14 # Exemple on a workstation:
15 # ./print-cert-tbs-hash.sh certificate-to-invalidate.pem > hash0.txt
16 # openssl smime -sign -in hash0.txt -inkey builtin-private-key.pem \
17 # -signer builtin-certificate.pem -certfile certificate-chain.pem \
18 # -noattr -binary -outform DER -out hash0.p7s
20 # Exemple on a managed system:
23 set -u -e -o pipefail
25 CERT="${1:-}"
26 BASENAME="$(basename -- "${BASH_SOURCE[0]}")"
28 if [ $# -ne 1 ] || [ ! -f "${CERT}" ]; then
33 # Checks that it is indeed a certificate (PEM or DER encoded) and exclude the
35 if ! PEM="$(openssl x509 -inform DER -in "${CERT}" 2>/dev/null || openssl x509 -in "${CERT}")"; then
41 # Cf. https://tools.ietf.org/html/rfc3280#section-4.1
44 # 0:d=0 hl=4 l= 763 cons: SEQUENCE
45 # 4:d=1 hl=4 l= 483 cons: SEQUENCE
46 # 8:d=2 hl=2 l= 3 cons: cont [ 0 ]
47 # 10:d=3 hl=2 l= 1 prim: INTEGER :02
48 # 13:d=2 hl=2 l= 20 prim: INTEGER :3CEB2CB8818D968AC00EEFE195F0DF9665328B7B
49 # 35:d=2 hl=2 l= 13 cons: SEQUENCE
50 # 37:d=3 hl=2 l= 9 prim: OBJECT :sha256WithRSAEncryption
52 2s/^\s*\([0-9]\+\):d=\s*[0-9]\+\s\+hl=\s*[0-9]\+\s\+l=\s*\([0-9]\+\)\s\+cons:\s*SEQUENCE\s*$/\1 \2/…
53 7s/^\s*[0-9]\+:d=\s*[0-9]\+\s\+hl=\s*[0-9]\+\s\+l=\s*[0-9]\+\s\+prim:\s*OBJECT\s*:\(.*\)$/\1/p;
57 openssl asn1parse -in - | \
58 sed -n -e "${RANGE_AND_DIGEST_RE}"))
65 OFFSET="${RANGE_AND_DIGEST[0]}"
72 while read -r DIGEST_ITEM; do
73 if [ -z "${DIGEST_ITEM}" ]; then
76 if echo "${DIGEST}" | grep -qiF "${DIGEST_ITEM}"; then
80 done < <(openssl list -digest-commands | tr ' ' '\n' | sort -ur)
82 if [ -z "${DIGEST_MATCH}" ]; then
88 openssl x509 -in - -outform DER | \
90 openssl dgst "-${DIGEST_MATCH}" - | \