Last active
October 10, 2023 20:03
-
-
Save tashian/83e44e6c9948547157e619e98b95ddd8 to your computer and use it in GitHub Desktop.
Revisions
-
tashian renamed this gist
Oct 10, 2023 . 1 changed file with 0 additions and 0 deletions.There are no files selected for viewing
File renamed without changes. -
Oct 10, 2023 . 1 changed file with 2 additions and 2 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -1,6 +1,6 @@ #!/bin/bash # Using a TPM EKcert filename as input, this script recursively fetches TPM CA certificates. # It depends on the EKcert having an AIA (Authority Information Access) Issuer URI field. # This field is not required and may not be present. # If available, the CA certificates will be saved into the current directory. # -
Oct 10, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,60 @@ #!/bin/bash # Using a TPM EKcert filename as input, this script recursively fetches the TPM CA certificate chain. # It depends on the EKcert having an Issuer URI field. # This field is not required and may not be present. # If available, the CA certificates will be saved into the current directory. # # To use this script, you will need the following programs: # jq — https://jqlang.github.io/jq/ # step — https://smallstep.com/docs/step-cli/installation/ # curl # Function to download a certificate from a URL download_certificate() { local url="$1" local filename="${url##*/}" echo "Downloading certificate from $url..." curl -LO "$url" if [ $? -eq 0 ]; then echo "Certificate downloaded: $filename" extract_urls "$filename" else echo "Failed to download certificate from $url" fi } # Function to extract URLs from a certificate file extract_urls() { local cert_file="$1" local urls=$(step certificate inspect "$cert_file" --format json | jq -r '.extensions.authority_info_access.issuer_urls[]?') if [ -n "$urls" ]; then while read -r url; do download_certificate "$url" done <<< "$urls" else echo "No URLs found in certificate: $cert_file" fi } # Main function main() { if [ $# -ne 1 ]; then echo "Usage: $0 <input_certificate>" exit 1 fi input_certificate="$1" if [ ! -f "$input_certificate" ]; then echo "Input certificate not found: $input_certificate" exit 1 fi extract_urls "$input_certificate" } main "$@"