#! /usr/bin/env sh

# This program is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, either version 3 of the License, or (at your option) any
# later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.

# Space-separated list of supported algorithms
readonly ALGS="md5 sha1 sha256"

main()
{
	# Handle opts
	while getopts ":g:h" opt
	do
		case "$opt" in
			g) DO_ALGS="$DO_ALGS $OPTARG" ;;
			h) usage && exit 0 ;;
			*)
				printf "Invalid option passed: %s\n" "$OPTARG" >&2
				;;
		esac
	done

	shift $(( OPTIND - 1 ))

	# Set algs to show by default
	[ -z "$DO_ALGS" ] && DO_ALGS="$ALGS"

	# Use STDIN as cert if no arguments are given
	if [ -z "$*" ] || [ "$1" = "-" ]
	then
		no_args=1
		set -- "$(mktemp)"
		cat > "$1"
	fi

	# Generate fingerprint info for all certificates in question
	for crt in "$@"
	do
		# Skip this certificate if it does not exist
		if [ ! -f "$crt" ]
		then
			printf "No such file or directory: %s\n" "$crt" >&2
			continue
		fi

		# Skip the filename if only a single file is being checked
		[ "$#" -gt 1 ] && printf "%s: \n" "$crt"

		# Show fingerprints for files
		for alg in $DO_ALGS
		do
			[ "$#" -gt 1 ] && printf "%s" "\t"
			printf "%-6s %s\n" "$alg" "$(fingerprint "$alg" "$crt")"
		done
	done
}

fingerprint()
{
	openssl x509 -noout -fingerprint "-$1" -inform pem -in "$2" | awk -F= '{ print $NF }'
}

usage()
{
	cat <<EOF
Usage:
	$(basename "$0") -h
	$(basename "$0") [file [file...]]

Generate common fingerprints for a certificate, using openssl.

Options:
	-h  Show this help text and exit.
EOF
}

main "$@"