#!/bin/sh
set -e
usage()
{
echo "" >&2
echo " Usage: mkfingerprint.sh <certfile> <data> <hash> <representation>" >&2
echo " Valid values for 'data' are CERT or SPKI" >&2
echo " Valid values for 'hash' are SHA1, SHA256 or SHA512" >&2
echo " Valid values for 'representation' are HEX or B64" >&2
echo "" >&2
echo " The program 'openssl' is required" >&2
echo "" >&2
exit 1
}
[ "$#" -ne 4 ] && usage
CERT="$1"
DATA="$2"
HASH="$3"
REPR="$4"
case "${DATA}" in
"CERT") ;;
"SPKI") ;;
*) usage ;;
esac
case "${HASH}" in
"SHA1") ;;
"SHA256") ;;
"SHA512") ;;
*) usage ;;
esac
case "${REPR}" in
"HEX") ;;
"B64") ;;
*) usage ;;
esac
rawdata()
{
case "${DATA}" in
"CERT") openssl x509 -outform DER < "${CERT}" ;;
"SPKI") openssl x509 -pubkey -noout < "${CERT}" | openssl pkey -pubin -outform DER ;;
esac
}
digest()
{
local ALG PRG
case "${HASH}" in
"SHA1") ALG="-sha1" ;;
"SHA256") ALG="-sha256" ;;
"SHA512") ALG="-sha512" ;;
esac
case "${REPR}" in
"HEX") PRG="none" ;;
"B64") PRG="base" ;;
esac
case "${PRG}" in
"none") openssl dgst "${ALG}" -hex ;;
"base") openssl dgst "${ALG}" -binary | openssl enc -none -a -A ;;
esac
}
rawdata | digest