diff options
Diffstat (limited to '.local')
-rwxr-xr-x | .local/bin/crt-fetch | 50 | ||||
-rwxr-xr-x | .local/bin/crt-fp | 68 |
2 files changed, 90 insertions, 28 deletions
diff --git a/.local/bin/crt-fetch b/.local/bin/crt-fetch new file mode 100755 index 0000000..670669f --- /dev/null +++ b/.local/bin/crt-fetch @@ -0,0 +1,50 @@ +#!/bin/sh + +# This program is free software: you can redistribute it and/or modify it under +# the terms of the GNU Affero General Public License as published by the Free +# Software Foundation, either version 3 of the License, or (at your option) any +# later version. +# +# This program is distributed in the hope that it will be useful, but WITHOUT +# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS +# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more +# details. + +main() +{ + # Handle opts + while getopts ":h" opt + do + case "$opt" in + h) usage && exit 0 ;; + *) + printf "Invalid option passed: %s\n" "$OPTARG" >&2 + ;; + esac + done + + shift $(( OPTIND - 1 )) + + # Show help + [ -z "$1" ] && usage && exit 1 + + # Perform the request to fetch the certificate, and print it on STDOUT + printf "%s" "" \ + | openssl s_client -connect "$1:${2:-443}" 2> /dev/null \ + | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' +} + +usage() +{ + cat <<EOF +Usage: + ${0##*/} -h + +Nondescript + +Options: + -h Show this help text and exit. +EOF +} + +main "$@" diff --git a/.local/bin/crt-fp b/.local/bin/crt-fp index a764ba6..ec14fcc 100755 --- a/.local/bin/crt-fp +++ b/.local/bin/crt-fp @@ -10,49 +10,61 @@ # FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more # details. +# Space-separated list of supported algorithms +readonly ALGS="md5 sha1 sha256" + main() { # Handle opts - opts "$@" - shift "$OPTS" - unset OPTS + while getopts ":g:h" opt + do + case "$opt" in + g) DO_ALGS="$DO_ALGS $OPTARG" ;; + h) usage && exit 0 ;; + *) + printf "Invalid option passed: %s\n" "$OPTARG" >&2 + ;; + esac + done + + shift $(( OPTIND - 1 )) - # Show help - [ "$OPT_HELP_ONLY" ] && usage && exit 0 - [ -z "$1" ] && usage && exit 1 + # Set algs to show by default + [ -z "$DO_ALGS" ] && DO_ALGS="$ALGS" + + # Use STDIN as cert if no arguments are given + if [ -z "$*" ] || [ "$1" = "-" ] + then + no_args=1 + set -- "$(mktemp)" + cat > "$1" + fi # Generate fingerprint info for all certificates in question for crt in "$@" do - printf "%s: \n" "$crt" - for alg in md5 sha1 sha256 + # Skip this certificate if it does not exist + if [ ! -f "$crt" ] + then + printf "No such file or directory: %s\n" "$crt" >&2 + continue + fi + + # Skip the filename if only a single file is being checked + [ "$#" -gt 1 ] && printf "%s: \n" "$crt" + + # Show fingerprints for files + for alg in $DO_ALGS do - printf " %-8s %s\n" "$alg" "$(fingerprint "$alg" "$crt")" + [ "$#" -gt 1 ] && printf "%s" "\t" + printf "%-6s %s\n" "$alg" "$(fingerprint "$alg" "$crt")" done done } fingerprint() { - openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" \ - | awk -F= '{ print $NF }' -} - -opts() -{ - OPTS=0 - - while getopts ":h" opt - do - case "$opt" in - h) OPT_HELP_ONLY=1 ;; - *) - printf "Invalid option passed: %s\n" "$OPTARG" >&2 - ;; - esac - done - - unset opt + openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" | awk -F= '{ print $NF }' } usage() |