0

I have the following string being exported from a program that is analyzing the certificate on a website which will be part of a bugfix analysis

CERT_SUMMARY:127.0.0.1:127.0.0.1:631:sha256WithRSAEncryption:
/O=bfcentos7-test/CN=bfcentos7-test/emailAddress=root$bfcentos7-
test:/O=bfcentos7-test/CN=bfcentos7-test/emailAddress=root$bfcentos7-
test:170902005715Z:270831005715Z:self signed certificate

(consider output above to be a single line)

What I need is the best way in a bash shell to extract the sha256WithRSAEncryption. This could be anything like sha384withRSAEncryption or something else.

After the CERTSUMMARY it will always be 127.0.0.1:127.0.0.1:portnum above its port 631, but it could be anything.

This runs internally on a system and returns this string along with SSL or TLS (not pictured)

Here is another example of a return

CERT_SUMMARY:127.0.0.1:127.0.0.1:52311:sha256WithRSAEncryption:
/CN=ServerSigningCertificate_0/name=Type`Administrator
/name=DBName`ServerSigningCertificate_0:/C=US/CN=BLAHBLAH/
ST=California/L=Address, Emeryville CA 94608/O=IBM BigFix Evaluation 
License/OU=Customer/[email protected]/name=
Hash`sha1/name=Server`bigfix01/name=CustomActions`Enable
/name=LicenseAllocation`999999/name=CustomRetrievedProperties`Enable:
170702212459Z:270630212459Z:unable to get local issuer certificate

Thanks in advance. Novice at shell programming, but learning!!

Improve this question
8
  • What do you mean by "extract"? You want to know if sha256WithRSAEncryption or sha384withRSAEncryption is in the string or you want to extract values following that string? Please clarify. Commented Sep 22, 2017 at 21:38
  • Do you remember this posting? Commented Sep 22, 2017 at 21:38
  • Yes.. I want to extract the sha256WithRSAEncryption or whatever value is in that section of the text Commented Sep 22, 2017 at 21:40
  • 1
    awk -F ":" '/CERT_SUMMARY/ {print $5}' file? Commented Sep 22, 2017 at 21:42
  • @cyrus is it really as simple as picking the right column with awk? Commented Sep 22, 2017 at 21:43

6 Answers 6

Reset to default
2

you need the best way and yet do not seem to provide the best description - "This could be anything like sha384withRSAEncryption or something else." Given the examples, the string you are looking for is the 4th, when : is a separator, so the command should be OK:

cut -f4 -d":"

If the output string has a strict length format, one easy option is the 'cut' command with -c. This is not the case though since there is a port number. CERT_SUMMARY:127.0.0.1:127.0.0.1:631:sha256WithRSAEncryption:

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Right approach but it's the 5th field, not the 4th.
1

as @cyrus pointed out, this was as simple as picking the right column with awk... I am learning. This worked

awk -F ":" '/CERT_SUMMARY/ {print $5}'

Thanks for the help!!

Improve this answer

Comments

1 
| sed -E 's/^([^:]*:){4}([^:]*):.*/\2/'

Regular expressions are you friend. If there is one thing one really should be familiar with if one needs to do a lot of string parsing or string processing, it's definitely regular expressions.

echo 'CERT_SUMMARY:127.0.0.1:127.0.0.1:52311:sha256WithRSAEncryption:
/CN=ServerSigningCertificate_0/name=Type`Administrator
/name=DBName`ServerSigningCertificate_0:/C=US/CN=BLAHBLAH/ST=California
/L=Address, Emeryville CA 94608/O=IBM BigFix Evaluation 
License/OU=Customer/[email protected]/name=Hash`sha1
/name=Server`bigfix01/name=CustomActions`Enable
/name=LicenseAllocation`999999
/name=CustomRetrievedProperties
`Enable:170702212459Z:270630212459Z:unable to get local issuer 
certificate' 
| sed -E 's/^([^:]*:){4}([^:]*):.*/\2/'

prints

sha256WithRSAEncryption

It's probably a bit overkill here, but there is almost nothing that cannot be done with regular expressions and as you have also built-in regex support in many languages today, knowing regex is never going to be a waste of time.

See also here to get a nice explanation of what each regex expression actually means, including an interactive editing view. Basically I'm telling the regex parser to skip the first 4 groups consisting of any number of characters that are not :, followed by a single : and then capture the 5th group that consists of any number of characters that are not : and finally match anything else (no matter what) to the end of the string. The whole regex is part of a sed "replace" operation, where I replace the whole string by just the content that has been captured by the second capture group (everything in round parenthesis is a capture group).

Improve this answer

Comments

0

Could you please use following also, not printing it by field's number so if your Input_file's sha256 location is a bit here and there too than shown one then this could be more helpful too.

awk '{match($0,/sha.*Encryption:/);if(substr($0,RSTART,RLENGTH)){print substr($0,RSTART,RLENGTH-1)}}'  Input_file
Improve this answer

Comments

0

Pipe the output to:

awk ‘BEGIN{FS=“:”} {print $5}’
Improve this answer

Comments

0

You could also take a step back to the openssl x509 command 'name options'. Using sep_comma_plus avoids the slashes in the output and therefore your regex will be simpler.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.