From ac18195b215c4cc1b877f089bcbfe357761411b1 Mon Sep 17 00:00:00 2001
From: Hubert Kario <hkario@redhat.com>
Date: Sat, 4 Oct 2014 13:41:40 +0200
Subject: [PATCH] process-certificate-statistics.sh - the script HOWTO to turn
 results to CA stats

---
 top1m/process-certificate-statistics.sh | 47 +++++++++++++++++++++++++
 1 file changed, 47 insertions(+)
 create mode 100755 top1m/process-certificate-statistics.sh

diff --git a/top1m/process-certificate-statistics.sh b/top1m/process-certificate-statistics.sh
new file mode 100755
index 0000000..b9256d8
--- /dev/null
+++ b/top1m/process-certificate-statistics.sh
@@ -0,0 +1,47 @@
+#!/bin/bash
+
+if [ ! -d ./ca_files ]; then
+    echo "Directory with collected CA certificates missing!" >&2
+    exit 1
+fi
+
+if [ ! -d ./ca_trusted ]; then
+    echo "Directory with just trust anchors missing!" >&2
+    exit 1
+fi
+
+if [ ! -d ./certs ]; then
+    echo "Directory with certificates missing!" >&2
+    exit 1
+fi
+
+if ! ls -f ./ca_files/????????.? > /dev/null; then
+    echo "CA certificates directory not hashed properly (use c_rehash)" >&2
+    exit 1
+fi
+
+if ! ls -f ./ca_trusted/????????.? > /dev/null; then
+    echo "Directory with trust anchors not hashed properly (use c_rehash)" >&2
+    exit 1
+fi
+
+if [ ! -d ./results ]; then
+    echo "Directory with scan results missing!" >&2
+    exit 1
+fi
+
+if [ ! -x ./parse_CAs ]; then
+    echo "Compiling parse_CAs script"
+    gcc -o parse_CAs parse_CAs.c -lssl -lcrypto -ljson-c --std=gnu99
+    if [ $? -ne 0 ]; then
+        echo "Compilation failed, aborting" >&2
+        exit 1
+    fi
+fi
+
+echo "Verifying certificate chains from results files"
+./parse_CAs > parsed
+echo "Calculating statistics for verified certificate chains"
+python parse_CAs.py > trust_scan
+echo "Done!"
+echo "Results are in \"trust_scan\" file"