mirror of
https://github.com/zeek/zeek.git
synced 2025-10-02 14:48:21 +00:00
55 lines
1.3 KiB
Bash
Executable file
55 lines
1.3 KiB
Bash
Executable file
#! /usr/bin/env bash
|
|
#
|
|
# A diff canonifier that removes all X.509 public key information
|
|
# which, in the specific case of the RDP protocol's misuse of
|
|
# md5WithRSAEncryption, seems that OpenSSL 1.0 is able to manually
|
|
# workaround by setting to rsaEncryption, but OpenSSL 1.1 still fails
|
|
# to extract the key, so the corresponding fields are always removed here.
|
|
|
|
awk '
|
|
BEGIN { FS="\t"; OFS="\t"; key_type_col = -1; key_length_col = -1; exponent_col = -1; curve_col = -1 }
|
|
|
|
/^#/ {
|
|
if ( $1 == "#fields" )
|
|
{
|
|
for ( i = 2; i <= NF; ++i )
|
|
{
|
|
if ( $i == "certificate.key_type" )
|
|
key_type_col = i-1;
|
|
if ( $i == "certificate.key_length" )
|
|
key_length_col = i-1;
|
|
if ( $i == "certificate.exponent" )
|
|
exponent_col = i-1;
|
|
if ( $i == "certificate.curve" )
|
|
curve_col = i-1;
|
|
}
|
|
}
|
|
|
|
print;
|
|
next;
|
|
}
|
|
|
|
key_type_col > 0 {
|
|
# Mark it regardless of whether it is set.
|
|
$key_type_col = "x";
|
|
}
|
|
|
|
key_length_col > 0 {
|
|
# Mark it regardless of whether it is set.
|
|
$key_length_col = "x";
|
|
}
|
|
|
|
exponent_col > 0 {
|
|
# Mark it regardless of whether it is set.
|
|
$exponent_col = "x";
|
|
}
|
|
|
|
curve_col > 0 {
|
|
# Mark it regardless of whether it is set.
|
|
$curve_col = "x";
|
|
}
|
|
|
|
{
|
|
print;
|
|
}
|
|
'
|