From ac18195b215c4cc1b877f089bcbfe357761411b1 Mon Sep 17 00:00:00 2001 From: Hubert Kario Date: Sat, 4 Oct 2014 13:41:40 +0200 Subject: [PATCH] process-certificate-statistics.sh - the script HOWTO to turn results to CA stats --- top1m/process-certificate-statistics.sh | 47 +++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100755 top1m/process-certificate-statistics.sh diff --git a/top1m/process-certificate-statistics.sh b/top1m/process-certificate-statistics.sh new file mode 100755 index 0000000..b9256d8 --- /dev/null +++ b/top1m/process-certificate-statistics.sh @@ -0,0 +1,47 @@ +#!/bin/bash + +if [ ! -d ./ca_files ]; then + echo "Directory with collected CA certificates missing!" >&2 + exit 1 +fi + +if [ ! -d ./ca_trusted ]; then + echo "Directory with just trust anchors missing!" >&2 + exit 1 +fi + +if [ ! -d ./certs ]; then + echo "Directory with certificates missing!" >&2 + exit 1 +fi + +if ! ls -f ./ca_files/????????.? > /dev/null; then + echo "CA certificates directory not hashed properly (use c_rehash)" >&2 + exit 1 +fi + +if ! ls -f ./ca_trusted/????????.? > /dev/null; then + echo "Directory with trust anchors not hashed properly (use c_rehash)" >&2 + exit 1 +fi + +if [ ! -d ./results ]; then + echo "Directory with scan results missing!" >&2 + exit 1 +fi + +if [ ! -x ./parse_CAs ]; then + echo "Compiling parse_CAs script" + gcc -o parse_CAs parse_CAs.c -lssl -lcrypto -ljson-c --std=gnu99 + if [ $? -ne 0 ]; then + echo "Compilation failed, aborting" >&2 + exit 1 + fi +fi + +echo "Verifying certificate chains from results files" +./parse_CAs > parsed +echo "Calculating statistics for verified certificate chains" +python parse_CAs.py > trust_scan +echo "Done!" +echo "Results are in \"trust_scan\" file"