locked
copying files between two phrases RRS feed

  • Question

  • Hello Team,

    Please help me with the below requirment,

    From The below text, i need to copy only the certificate details using a powershell script. Can you please give me the regular expression that will help me to find out the words between (-----BEGIN CERTIFICATE-----   and -----END CERTIFICATE-----) i.e. the certificate from the below raw data.

    ==================================================

    CONNECTED(00000184)
    ---
    Certificate chain
     0 s:/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com
       i:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
     1 s:/C=US/O=Google Trust Services/CN=Google Internet Authority G3
       i:/OU=GlobalSign Root CA - R2/O=GlobalSign/CN=GlobalSign
    ---
    Server certificate
    -----BEGIN CERTIFICATE-----
    MIII2zCCB8OgAwIBAgIQOGsBet/MsOThCgO8ib3bKjANBgkqhkiG9w0BAQsFADBU
    MQswCQYDVQQGEwJVUzEeMBwGA1UEChMVR29vZ2xlIFRydXN0IFNlcnZpY2VzMSUw
    IwYDVQQDExxHb29nbGUgSW50ZXJuZXQgQXV0aG9yaXR5IEczMB4XDTE5MDYxODA4
    MjkxM1oXDTE5MDkxMDA4MTYwMFowZjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNh
    bGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxEzARBgNVBAoMCkdvb2ds
    ZSBMTEMxFTATBgNVBAMMDCouZ29vZ2xlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQAD
    ggEPADCCAQoCggEBAJl+ihJXEAC3d+WkHaZ8BChFb0Qbcrwx53qvEsQlhWTVvWSi
    d97Hml7ho01+JNrY++qmmO69bx7aE2+FRAHwmfxWyVAy3ZsnE9WFiJxd/g19Uk9I
    Q2YSWd4umAkOB1MMP9+1qpDy312tQ/uX44dgCx6NgwqnlnsGWuiqFgiyI194rOvL
    7m4o/000fDkXHfKNayLrotBW0u1xYU9Aqn+S7qVLDkRxk/SrEr6V6i3kQMsl1SFg
    X8V9+Vl6CMQqTukmUDP8p7ALwCI61yYyv+L/TIuGJOZd4auRj/KXzySyceru2W64
    YK/hd/ZIpV1EBXzNO0ZI822S2wfICCb1XnNUZd0CAwEAAaOCBZUwggWRMBMGA1Ud
    JQQMMAoGCCsGAQUFBwMBMIIEagYDVR0RBIIEYTCCBF2CDCouZ29vZ2xlLmNvbYIN
    Ki5hbmRyb2lkLmNvbYIWKi5hcHBlbmdpbmUuZ29vZ2xlLmNvbYISKi5jbG91ZC5n
    b29nbGUuY29tghgqLmNyb3dkc291cmNlLmdvb2dsZS5jb22CBiouZy5jb4IOKi5n
    Y3AuZ3Z0Mi5jb22CESouZ2NwY2RuLmd2dDEuY29tggoqLmdncGh0LmNughYqLmdv
    b2dsZS1hbmFseXRpY3MuY29tggsqLmdvb2dsZS5jYYILKi5nb29nbGUuY2yCDiou
    Z29vZ2xlLmNvLmlugg4qLmdvb2dsZS5jby5qcIIOKi5nb29nbGUuY28udWuCDyou
    Z29vZ2xlLmNvbS5hcoIPKi5nb29nbGUuY29tLmF1gg8qLmdvb2dsZS5jb20uYnKC
    DyouZ29vZ2xlLmNvbS5jb4IPKi5nb29nbGUuY29tLm14gg8qLmdvb2dsZS5jb20u
    dHKCDyouZ29vZ2xlLmNvbS52boILKi5nb29nbGUuZGWCCyouZ29vZ2xlLmVzggsq
    Lmdvb2dsZS5mcoILKi5nb29nbGUuaHWCCyouZ29vZ2xlLml0ggsqLmdvb2dsZS5u
    bIILKi5nb29nbGUucGyCCyouZ29vZ2xlLnB0ghIqLmdvb2dsZWFkYXBpcy5jb22C
    DyouZ29vZ2xlYXBpcy5jboIRKi5nb29nbGVjbmFwcHMuY26CFCouZ29vZ2xlY29t
    bWVyY2UuY29tghEqLmdvb2dsZXZpZGVvLmNvbYIMKi5nc3RhdGljLmNugg0qLmdz
    dGF0aWMuY29tghIqLmdzdGF0aWNjbmFwcHMuY26CCiouZ3Z0MS5jb22CCiouZ3Z0
    Mi5jb22CFCoubWV0cmljLmdzdGF0aWMuY29tggwqLnVyY2hpbi5jb22CECoudXJs
    Lmdvb2dsZS5jb22CFioueW91dHViZS1ub2Nvb2tpZS5jb22CDSoueW91dHViZS5j
    b22CFioueW91dHViZWVkdWNhdGlvbi5jb22CESoueW91dHViZWtpZHMuY29tggcq
    Lnl0LmJlggsqLnl0aW1nLmNvbYIaYW5kcm9pZC5jbGllbnRzLmdvb2dsZS5jb22C
    C2FuZHJvaWQuY29tghtkZXZlbG9wZXIuYW5kcm9pZC5nb29nbGUuY26CHGRldmVs
    b3BlcnMuYW5kcm9pZC5nb29nbGUuY26CBGcuY2+CCGdncGh0LmNuggZnb28uZ2yC
    FGdvb2dsZS1hbmFseXRpY3MuY29tggpnb29nbGUuY29tgg9nb29nbGVjbmFwcHMu
    Y26CEmdvb2dsZWNvbW1lcmNlLmNvbYIYc291cmNlLmFuZHJvaWQuZ29vZ2xlLmNu
    ggp1cmNoaW4uY29tggp3d3cuZ29vLmdsggh5b3V0dS5iZYILeW91dHViZS5jb22C
    FHlvdXR1YmVlZHVjYXRpb24uY29tgg95b3V0dWJla2lkcy5jb22CBXl0LmJlMGgG
    CCsGAQUFBwEBBFwwWjAtBggrBgEFBQcwAoYhaHR0cDovL3BraS5nb29nL2dzcjIv
    R1RTR0lBRzMuY3J0MCkGCCsGAQUFBzABhh1odHRwOi8vb2NzcC5wa2kuZ29vZy9H
    VFNHSUFHMzAdBgNVHQ4EFgQUFCjfWkbF12UYB0E/+/utjqnIoo0wDAYDVR0TAQH/
    BAIwADAfBgNVHSMEGDAWgBR3wrhQmmd2drEtwobQg6B+pn66SzAhBgNVHSAEGjAY
    MAwGCisGAQQB1nkCBQMwCAYGZ4EMAQICMDEGA1UdHwQqMCgwJqAkoCKGIGh0dHA6
    Ly9jcmwucGtpLmdvb2cvR1RTR0lBRzMuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQB8
    OGt5QNu4vZ3YH40buZM4pRRoyxEfHwts1M8YoLRTm2Gtlhz+7xDAnzpIXDlF0D6X
    4EY97UeoLg3D9h0deco1Uw3IByg0MVvLwTxZumCT9ftvTECsNcRLiAdUI/tCXT/7
    cXB3HBW69wFYT4RP7CtcQhTY+ZFmqa8At9R/WaiMvPrEkuJQ2WK7nNiccmA8KbOR
    eXP1jhscQl75RSyYJ91vvGx+WxLPhHGG/KfgqH6W8KBo8Km1Fmv95R9S1oYsM6RM
    1s7KKKM6yKOEPB9iMRzutOIhKAkFGlj3s28vTqyDAuiEL714UcwWKKbtOmrYioVe
    +idGN+nL2/3ykaUhCauP
    -----END CERTIFICATE-----
    subject=/C=US/ST=California/L=Mountain View/O=Google LLC/CN=*.google.com
    issuer=/C=US/O=Google Trust Services/CN=Google Internet Authority G3
    ---
    No client certificate CA names sent
    Peer signing digest: SHA256
    Server Temp Key: ECDH, P-256, 256 bits
    ---
    SSL handshake has read 4099 bytes and written 433 bytes
    ---
    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-GCM-SHA256
    Server public key is 2048 bit
    Secure Renegotiation IS supported
    Compression: NONE
    Expansion: NONE
    No ALPN negotiated
    SSL-Session:
        Protocol  : TLSv1.2
        Cipher    : ECDHE-RSA-AES128-GCM-SHA256
        Session-ID: 8820359AEB557BE3F51F6EB080EDD2C2A4C3DED3C7A42ACF39CF9CC2D85D17B6
        Session-ID-ctx: 
        Master-Key: FE30372ADE34934884F2C6521EE3986E696261AFC47A674BFBF9B4C1252D4386DE1D3FF718A28089AC7692FB5A4793E3
        Key-Arg   : None
        PSK identity: None
        PSK identity hint: None
        SRP username: None
        TLS session ticket lifetime hint: 100800 (seconds)
        TLS session ticket:
        0000 - 00 ea 62 71 13 be 34 95-97 3c c2 e1 aa 02 ae ba   ..bq..4..<......
        0010 - e0 f8 d7 94 86 1d 4d 66-9d 6d df bf 0d 34 fd c9   ......Mf.m...4..
        0020 - 5d ee 9d f3 eb 15 ae 0e-35 76 82 c9 51 27 7e 04   ].......5v..Q'~.
        0030 - 74 30 6d 32 cd 69 88 3d-f3 fb 64 3e b7 29 93 db   t0m2.i.=..d>.)..
        0040 - 6a 5b f4 88 71 26 dc 24-7f 97 81 39 72 a3 a6 3c   j[..q&.$...9r..<
        0050 - aa 66 ab 37 03 80 4e 81-78 82 e7 79 33 df 94 90   .f.7..N.x..y3...
        0060 - 41 73 a9 1d 67 72 61 96-f3 b7 14 f7 94 12 17 e1   As..gra.........
        0070 - 5e 34 7a 80 c4 9e f7 39-f0 4f e5 e1 02 38 e4 0a   ^4z....9.O...8..
        0080 - e4 6d 3c 4c b4 66 26 28-d2 2a e5 8e bc 09 31 f0   .m<L.f&(.*....1.
        0090 - bf 1a 2d 67 69 ce 61 f4-8b d5 c7 98 96 f7 ec e1   ..-gi.a.........
        00a0 - 0c 13 14 a7 d7 98 2e ec-c4 96 94 9c a4 7a ed 00   .............z..
        00b0 - d6 34 d7 f4 b2 7a 29 56-20 c1 27 5c 5e c7 81 aa   .4...z)V .'\^...
        00c0 - e6 f6 90 74 eb df ee 59-b0 6a d3 fc ba 79 26 79   ...t...Y.j...y&y
        00d0 - 8e 38 48 88 95                                    .8H..

        Start Time: 1563192567
        Timeout   : 300 (sec)
        Verify return code: 20 (unable to get local issuer certificate)
    ---

    ======================================================

    Kind Regards

    Sreeram.R


    Shriram

    Sunday, July 14, 2019 1:29 PM

Answers

  • When a file just has a large, delimited, block of text the following method is cleaner and easier.

    Get-Content file.txt |
        ForEach-Object {$goflag = $false} {
            if($_ -match 'BEGIN CERTIFICATE') {
                $goflag = $true
            }
            if ($_ -match 'END CERTIFICATE') {
                $goflag = $false
            }
            if($goflag){$_}
        } |
        Where{$_ -notmatch 'BEGIN CERTIFICATE|END CERTIFICATE'} |
        Out-File Cert.txt


    \_(ツ)_/


    • Edited by jrv Monday, July 15, 2019 4:53 AM
    • Marked as answer by Shriram14 Monday, July 15, 2019 5:26 AM
    Monday, July 15, 2019 4:50 AM

All replies

  • Easy enough. Try this:

    $x = get-content C:\temp\TestCert.txt -raw
    if ($x -match "(?s)\r\n-----BEGIN CERTIFICATE-----\r\n(.+)\r\n-----END CERTIFICATE-----" ) {
        $cert = $matches[1]
    }
    else {
        Write-Host "No cert found"
    }


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Sunday, July 14, 2019 3:04 PM
  • Note that with Rich's example above, you won't get the any results because the dot '.' by default doesn't include newline characters.  The base64 text of the cert is formatted and has several newlines.

    Even if the newlines were removed, the $cert var would include the '-----BEGIN CERTIFICATE-----' text.  If you only wanted the base64 text, you'd have to use $cert.Groups[0].Value, from the above example. 

    a possible alternative pattern could be:  "(?<=BEGIN CERTIFICATE-----\s*\r?\n?)(?:[A-Z-a-z0-9+/](?:[A-Z-a-z0-9+/=]|\s|\r|\n)+)(?=-----END CERTIFICATE)".

    The pattern i show would translate to:  "a base64 character that is proceeded by 'BEGIN CERTIFICATE-----', but not included in the match, then followed one or more base64 characters, white-space, carriage-return, or a newline characters, but which are not followed by '-----END CERTIFICATE'"

    This pattern will return only the base64 chars and the newlines and white-space (if any) after each line.  you'll still need to remove those newlines if you want one contiguous base64 string.


    -Eriq VanBibber, CTO, Priasoft Inc.

    Sunday, July 14, 2019 3:45 PM
  • Hello Rich Matheisen,

    Thanks a lot for the suggesstion :)

    Can you help me to extract the certificate out from this raw file, Please.

    Kind Regards

    Sreeram.R


    Shriram

    Sunday, July 14, 2019 4:20 PM
  • Using the regex modifier "(?s)" at the beginning of the regex will allow the "." metacharacter to match the end-of-line character. That's present in the example I gave (which was tested, BTW).

    My example certainly doesn't include the BEGIN/END tags in the $cert variable. Note that the only group that's matched is the data between those delimiters.


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Sunday, July 14, 2019 6:17 PM
  • Just send the contents of the $cert variable to "Out-File <your-file-path-here>".

      $cert | Out-File <your-file-path-here>


    --- Rich Matheisen MCSE&I, Exchange Ex-MVP (16 years)

    Sunday, July 14, 2019 6:20 PM
  • Hello Rich Matheisen,

    I tried the below, but could not get the output file. Can you please correct me.

    $x = get-content C:\Users\A1447472\Desktop\Scriptcerts\123.txt
    if ($x -match "(?s)\r\n-----BEGIN CERTIFICATE-----\r\n(.+)\r\n-----END CERTIFICATE-----" ) {
        $cert = $matches[1] | Out-File C:\Users\A1447472\Desktop\Scriptcerts\1234.txt

    }

    Kind Regards,

    Sreeram.R


    Shriram

    Monday, July 15, 2019 4:11 AM
  • When a file just has a large, delimited, block of text the following method is cleaner and easier.

    Get-Content file.txt |
        ForEach-Object {$goflag = $false} {
            if($_ -match 'BEGIN CERTIFICATE') {
                $goflag = $true
            }
            if ($_ -match 'END CERTIFICATE') {
                $goflag = $false
            }
            if($goflag){$_}
        } |
        Where{$_ -notmatch 'BEGIN CERTIFICATE|END CERTIFICATE'} |
        Out-File Cert.txt


    \_(ツ)_/


    • Edited by jrv Monday, July 15, 2019 4:53 AM
    • Marked as answer by Shriram14 Monday, July 15, 2019 5:26 AM
    Monday, July 15, 2019 4:50 AM
  • Thanks a lot, its very helpful :) This is working as expected :)



    Shriram

    Monday, July 15, 2019 5:26 AM