LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 11-14-2015, 05:48 PM   #1
networkguy
LQ Newbie
 
Registered: Sep 2015
Posts: 4

Rep: Reputation: Disabled
Bash script variable expansion question


Hi Guys

I am a bash n00b

I am trying to create a simple script where it compares certain parameters of SSL certificates using OpenSSL and prints out the results

I am having issues with variables

I am doing something wrong in the script below, because of which OpenSSL is trying to find a cert named CERT1 and CERT2 instead of actually picking up values (real file locations) of CERT1 and CERT2

**********************
Actual Script:


cat work_in_progress_cert_chain
#!/bin/bash

echo "How many certificates to evaluate? Please enter numerical value"
read NO_OF_CERTS
i=1




while [ $i -le $NO_OF_CERTS ]
do
echo "What's the cert file in PEM?"
read CERT$i
export CERT$i
((i++))
done



i=1




while [ $i -le $NO_OF_CERTS ]
do
if [ $(openssl x509 -subject -in CERT${i} -noout | tr -d ' ' | cut -c11- ) = $(openssl x509 -issuer -noout -in CERT${i} | tr -d ' ' | cut -c10- ) ] ;
then
echo "THIS IS A ROOT CERT"
((i++))
echo $CERT1
echo $CERT2
fi
done







**********************

o/p after running the script with -xv

bash -xv work_in_progress_cert_chain
#!/bin/bash

echo "How many certificates to evaluate? Please enter numerical value"
+ echo 'How many certificates to evaluate? Please enter numerical value'
How many certificates to evaluate? Please enter numerical value
read NO_OF_CERTS
+ read NO_OF_CERTS
2
i=1
+ i=1




while [ $i -le $NO_OF_CERTS ]
do
echo "What's the cert file in PEM?"
read CERT$i
export CERT$i
((i++))
done
+ '[' 1 -le 2 ']'
+ echo 'What'\''s the cert file in PEM?'
What's the cert file in PEM?
+ read CERT1
root.cer
+ export CERT1
+ (( i++ ))
+ '[' 2 -le 2 ']'
+ echo 'What'\''s the cert file in PEM?'
What's the cert file in PEM?
+ read CERT2
root.cer
+ export CERT2
+ (( i++ ))
+ '[' 3 -le 2 ']'





i=1
+ i=1




while [ $i -le $NO_OF_CERTS ]
do
if [ $(openssl x509 -subject -in CERT${i} -noout | tr -d ' ' | cut -c11- ) = $(openssl x509 -issuer -noout -in CERT${i} | tr -d ' ' | cut -c10- ) ] ;
then
echo "THIS IS A ROOT CERT"
((i++))
echo $CERT1
echo $CERT2
fi
done
+ '[' 1 -le 2 ']'
openssl x509 -subject -in CERT${i} -noout | tr -d ' ' | cut -c11-
++ cut -c11-
++ tr -d ' '
++ openssl x509 -subject -in CERT1 -noout
Error opening Certificate CERT1
140642268620448:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('CERT1','r')
140642268620448:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
openssl x509 -issuer -noout -in CERT${i} | tr -d ' ' | cut -c10-
++ cut -c10-
++ tr -d ' '
++ openssl x509 -issuer -noout -in CERT1
Error opening Certificate CERT1
140696964118176:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('CERT1','r')
140696964118176:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
+ '[' = ']'
+ echo 'THIS IS A ROOT CERT'
THIS IS A ROOT CERT
+ (( i++ ))
+ echo root.cer
root.cer
+ echo root.cer
root.cer
+ '[' 2 -le 2 ']'
openssl x509 -subject -in CERT${i} -noout | tr -d ' ' | cut -c11-
++ cut -c11-
++ tr -d ' '
++ openssl x509 -subject -in CERT2 -noout
Error opening Certificate CERT2
140007784900256:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('CERT2','r')
140007784900256:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
openssl x509 -issuer -noout -in CERT${i} | tr -d ' ' | cut -c10-
++ cut -c10-
++ tr -d ' '
++ openssl x509 -issuer -noout -in CERT2
Error opening Certificate CERT2
139664984991392:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('CERT2','r')
139664984991392:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load certificate
+ '[' = ']'
+ echo 'THIS IS A ROOT CERT'
THIS IS A ROOT CERT
+ (( i++ ))
+ echo root.cer
root.cer
+ echo root.cer
root.cer
+ '[' 3 -le 2 ']'

*************************


What am I missing/doing incorrectly here?

Thanks a lot!!
 
Old 11-14-2015, 07:22 PM   #2
berndbausch
LQ Addict
 
Registered: Nov 2013
Location: Tokyo
Distribution: Mostly Ubuntu and Centos
Posts: 6,316

Rep: Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002Reputation: 2002
Please use code tags to make your code more readable. Also, if you post a wall of text of debugging information, please point out where the program doesn't behave as expected.

Having said that, it seems your problem is the openssl command. You provide an option "-in CERT$i", and really want it to be something like "-in ${CERT${i}}". Do I understand you correctly?

The problem is that such nested variable evaulations don't work. They are syntactically incorrect; bash doesn't evaluate variables recursively. You can use the "eval" command to help, but it is considered problematic (google for eval evil to find out why).

I think your best solution here is to use arrays - ${CERT[$i]} (or whatever the correct syntax is) will work. For further information, see the bash guide at mywiki.wooledge.org, and the advanced bash scripting guide at tldp.org. The bash reference at gnu.org might be handy as well, concise though perhaps not that easy to read.
 
1 members found this post helpful.
Old 11-14-2015, 07:33 PM   #3
allend
LQ 5k Club
 
Registered: Oct 2003
Location: Melbourne
Distribution: Slackware64-15.0
Posts: 6,357

Rep: Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739Reputation: 2739
Please use [code][/code] tags when posting code.

I suggest that you read your input into an array. At the command line the input can be terminated with Ctrl-D (the EOF charecter).
Some example code showing assigning to the array and accessing the array
Code:
#!/bin/bash

n=0
while read line ; do
  CERT[$n]=$line
  ((n++))
done
echo "n= $n"

for ((i=0; i<=n; i++)); do
  echo "${CERT[$i]}"
done
I also suggest that you investigate the difference between the [ .. ], [[ .. ]] and (( .. )) constructs in bash. http://www.tldp.org/LDP/abs/html/testconstructs.html
 
1 members found this post helpful.
Old 11-14-2015, 08:35 PM   #4
frankbell
LQ Guru
 
Registered: Jan 2006
Location: Virginia, USA
Distribution: Slackware, Ubuntu MATE, Mageia, and whatever VMs I happen to be playing with
Posts: 19,272
Blog Entries: 28

Rep: Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124Reputation: 6124
Dave Morriss recently did a podcast at Hacker Public Radio in which he addressed variable expansion in BASH. It's part of a longer series on BASH.

I found it quite helpful; perhaps you will also.
 
1 members found this post helpful.
Old 11-16-2015, 01:02 PM   #5
networkguy
LQ Newbie
 
Registered: Sep 2015
Posts: 4

Original Poster
Rep: Reputation: Disabled
Thanks guys!

This helps a lot

I will take care of formatting going forward

Thank you!
 
  


Reply

Tags
bash, scripting, variable


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
variable expansion in bash coolhandluke1 Programming 4 01-09-2008 03:45 PM
Variable expansion in BASH champak Programming 5 11-26-2007 02:44 AM
Bash variable string expansion Reginald0 Linux - Software 5 02-13-2007 10:38 AM
Variable expansion inside of a bash script! A.S.Q. Linux - Newbie 4 09-29-2006 09:09 AM
bash script $n variable expansion cortez Programming 6 12-08-2003 04:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration