xref: /openbsd-src/distrib/miniroot/trimcerts.awk (revision d2bbc4526577cfd9e38e970a23d2e6ca6a270b5d) 
1#	$OpenBSD: trimcerts.awk,v 1.2 2019/05/15 20:27:42 sthen Exp $
2#
3# Copyright (c) 2018 Stuart Henderson <sthen@openbsd.org>
4#
5# Permission to use, copy, modify, and distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16#
17#
18#	read in a formatted list of X509 certificates with long decodes,
19#	output only short comments plus the certificates themselves
20#
21
22BEGIN {
23	if (ARGC != 3) {
24		print "usage: awk -f trimcert.awk cert.pem outputfile";
25		bad=1;
26		exit 1;
27	}
28	ARGC=2;
29	incert=0;
30}
31
32{
33	if ($0 ~ /^-----BEGIN CERTIFICATE-----/) {
34		incert=1;
35	}
36	if ($0 ~ /^#/ || incert) {
37		print $0 > ARGV[2];
38	}
39	if ($0 ~ /^-----END CERTIFICATE-----/) {
40		incert=0;
41	}
42}
43
44END {
45	if (!bad) {
46		system("chmod 444 " ARGV[2]);
47		system("chown root:bin " ARGV[2]);
48	}
49}
50