-
Notifications
You must be signed in to change notification settings - Fork 2
/
structure_dot.sh
executable file
·91 lines (83 loc) · 4.05 KB
/
structure_dot.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
#!/bin/bash
certs=$(find . -type f -path '*certs*/*' -name '*.crt' ! -path '*trash*/*' ! -path '*revoked*/*')
#Set the field separator to new line
IFS=$'\n'
echo "digraph D{">graphviz.dot
echo "subgraph cluster_testing{label=\"Tests\"">>graphviz.dot
for cert in ${certs}
do
echo "$cert"
openssl x509 -noout -text -in "$cert"|grep "CA:TRUE" >/dev/null
if [ $? -eq 0 ]; then
# echo "found: $cert"
subject=$(openssl x509 -noout -subject -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
sdn=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p')
sdnu=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p'| tr '[:lower:]' '[:upper:]')
if [[ $sdnu == *"TEST"* && ! $sdnu == *"INDEPENDENT"* ]]; then
startdate=$(openssl x509 -noout -startdate -in "${cert}"|cut -d '=' -f 2)
enddate=$(openssl x509 -noout -enddate -in "${cert}"|cut -d '=' -f 2)
#echo "${subject} [shape=box label=\"$sdn\lexpires on: $enddate\"]">>graphviz.dot
echo "${subject} [shape=box label=<$sdn<br align=\"left\"/><font point-size=\"8\">From: $startdate<br/>To: $enddate</font>>]">>graphviz.dot
fi
fi
done
echo "subgraph cluster_independent{label=\"Independent Hierarchy\"">>graphviz.dot
for cert in ${certs}
do
echo "$cert"
openssl x509 -noout -text -in "$cert"|grep "CA:TRUE" >/dev/null
if [ $? -eq 0 ]; then
# echo "found: $cert"
subject=$(openssl x509 -noout -subject -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
sdn=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p')
sdnu=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p'| tr '[:lower:]' '[:upper:]')
if [[ $sdnu == *"TEST"* && $sdnu == *"INDEPENDENT"* ]]; then
echo "${subject} [shape=box label=<$sdn<br align=\"left\"/><font point-size=\"8\">From: $startdate<br/>To: $enddate</font>>]">>graphviz.dot
fi
fi
done
echo "}">>graphviz.dot
echo "}">>graphviz.dot
echo "subgraph cluster_external{label=\"External Hierarchies\"">>graphviz.dot
for cert in ${certs}
do
echo "$cert"
openssl x509 -noout -text -in "$cert"|grep "CA:TRUE" >/dev/null
if [ $? -eq 0 ]; then
# echo "found: $cert"
subject=$(openssl x509 -noout -subject -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
sdn=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p')
sdnu=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p'| tr '[:lower:]' '[:upper:]')
if [[ $sdnu == *"EXT PARTY"* || $sdnu == *"EXTERNAL PARTY"* ]]; then
echo "${subject} [shape=box label=<$sdn<br align=\"left\"/><font point-size=\"8\">From: $startdate<br/>To: $enddate</font>>]">>graphviz.dot
fi
fi
done
echo "}">>graphviz.dot
echo "subgraph cluster_production{label=\"Production\"">>graphviz.dot
for cert in ${certs}
do
openssl x509 -noout -text -in "$cert"|grep "CA:TRUE" >/dev/null
if [ $? -eq 0 ]; then
# echo "found: $cert"
subject=$(openssl x509 -noout -subject -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
sdn=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p')
sdnu=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p'| tr '[:lower:]' '[:upper:]')
if [[ ! $sdnu == *"EXTERNAL PARTY"* && ! $sdnu == *"EXT PARTY"* && ! $sdnu == *"TEST"* ]]; then
echo "${subject} [shape=box label=<$sdn<br align=\"left\"/><font point-size=\"8\">From: $startdate<br/>To: $enddate</font>>]">>graphviz.dot
fi
fi
done
echo "}">>graphviz.dot
for cert in ${certs}
do
openssl x509 -noout -text -in "$cert"|grep "CA:TRUE" >/dev/null
if [ $? -eq 0 ]; then
# echo "found: $cert"
subject=$(openssl x509 -noout -subject -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
issuer=$(openssl x509 -noout -issuer -in "${cert}"|cut -d '=' -f 2-| sed 's/[\*\.\" ,=-]//g')
#sdn=$(openssl x509 -noout -subject -in "${cert}"| sed -n '/^subject/s/^.*CN\s*=\s*//p')
echo "$issuer -> ${subject}">>graphviz.dot
fi
done
echo "}">>graphviz.dot