#!/bin/sh
set -f

[ $# -gt 0 ] || exit 0
me=${0##*/}

[ -n "$1" ] || exit 1
[ -f "$1" ] || {
	env printf '%s: not a file or does not exist: %q\n' "${me}" "$1" >&2
	exit 1
}
[ -s "$1" ] || exit 0

w=$(mktemp -d) || exit 1
w_cleanup() {
	[ -z "$w" ] || ls -lA "$w/"
	[ -z "$w" ] || rm -rf "$w"
	unset w
	exit "${1:-0}"
}

openssl-cert-auto-pem.sh "$1" > "$w/cert.pem" || w_cleanup 1
[ -s "$w/cert.pem" ] || w_cleanup 1

awk '
BEGIN {
    OFS = ","
    m_begin="-----BEGIN CERTIFICATE-----"
    m_end="-----END CERTIFICATE-----"
    i_begin = 0
}
$0 == m_begin { i_begin = NR ; }
$0 == m_end {
    if (i_begin > 0) {
        print i_begin,NR
        i_begin = 0
    }
}
' "$w/cert.pem" > "$w/cert.off"
[ -s "$w/cert.off" ] || w_cleanup 1

while read -r a ; do
	[ -n "$a" ] || continue

	{
		sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint -sha256 \
		|| \
		sed -ne "${a}p" "$w/cert.pem" | openssl x509 -noout -fingerprint
	} | tr '[:upper:]' '[:lower:]'
done < "$w/cert.off"

w_cleanup 0