Reputation: 63
Powershell regex to return a part of a line after finding a value on a previous line
I'm trying to audit certificate expiry and I want to grab the expiry date of a specific certificate from a Java keystore.
The certificate order potentially could change so i need to get the expiry line after a particular keystore alias.
Example keystore:
Keystore type: jks
Keystore provider: SUN
Your keystore contains 2 entries
Alias name: one
Creation date: Apr 25, 2010
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=host.domain.com, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Serial number: 4bd4e793
Valid from: Mon Apr 25 17:08:35 AKDT 2017 until: Mon Jul 24 17:08:35 AKDT 2019
Certificate fingerprints:
MD5: 55:20:B2:68:FD:0F:4E:BF:D5:E5:D5:04:47:6C:E3:10
SHA1: 25:17:A0:CA:86:CC:3E:6C:2D:C0:4E:8D:E8:33:05:F7:4B:50:FE:E5
*******************************************
*******************************************
Alias name: two
Creation date: Apr 25, 2015
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Serial number: 4bd4e793
Valid from: Tues Apr 25 17:08:35 AKDT 2010 until: Tues Jul 24 17:08:35 AKDT 2025
Certificate fingerprints:
MD5: 55:20:B2:68:FD:0F:4E:BF:D5:E5:D5:04:47:6C:E3:10
SHA1: 25:17:A0:CA:86:CC:3E:6C:2D:C0:4E:8D:E8:33:05:F7:4B:50:FE:E5
*******************************************
*******************************************
Alias name: three
Creation date: Apr 25, 2010
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=host.domain.com, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Issuer: CN=Alvin Alexander, OU=Application Development, O=devdaily.com, L=Louisville, ST=KY, C=US
Serial number: 4bd4e793
Valid from: Wed Apr 25 17:08:35 AKDT 2030 until: Wed Jul 24 17:08:35 AKDT 2035
Certificate fingerprints:
MD5: 55:20:B2:68:FD:0F:4E:BF:D5:E5:D5:04:47:6C:E3:10
SHA1: 25:17:A0:CA:86:CC:3E:6C:2D:C0:4E:8D:E8:33:05:F7:4B:50:FE:E5
*******************************************
*******************************************
So I'd like to return "Wed Jul 24 17:08:35 AKDT 2035" from certificate 'three'.
Essentially the regex needs to return the data after 'until:' on the 'Valid from:' line after it sees the certificate alias: 'three'
I'm doing this with powershell and I have the following:
(?<=three)(?:.*?)(?:Until:\s)(\s*.*)
The above fails as I'm trying to positively lookbehind on a different line. If I lookbehind on the same line it works:
(?<=Wed)(?:.*?)(?:Until:\s)(\s*.*)
I've looked at this for a few hours but I can't figure it out!
Upvotes: 1
Views: 213
Answers (1)
Reputation: 26170
This is an other approach using Select-String with the context parameter :
$c = Get-Content c:\temp\certs.txt
$three = $c |Select-String "alias name: three" -Context 8
$expirity = [regex]::Match($three.Context.DisplayPostContext[7],"until:(.*)").value.split(':')[1]
Upvotes: 1
Related Questions
- Powershell find a string after specific line
- Fetch line starting with a specific string in powershell
- How to capture a specific line around a regex match in Windows PowerShell?
- RegEx capturing string several lines behind
- PowerShell how to capture a string of text after a certain pattern but without including the pattern itself in the results
- Regex for returning multiple values between strings separated by new line
- RegEx after certain string
- Parsing line after match "something" Powershell
- extract a variable value from the middle of a string
- Select string to display only a certain part of a returned line