diff --git a/README.md b/README.md index 3b0f491..037565c 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ Small tools needed to solve immediate tasks independently or as part of a project * [`build-python`.sh](https://git.hmp.today/pavel.muhortov/utils#build-python-sh) +* [`cert-info`.sh](https://git.hmp.today/pavel.muhortov/utils#cert-info-sh) * [`sendmail`.py](https://git.hmp.today/pavel.muhortov/utils#sendmail-py) * [`simplewc`.py](https://git.hmp.today/pavel.muhortov/utils#simplewc-py) @@ -39,6 +40,36 @@ sudo su - -c "bash <(curl -s https://git.hmp.today/pavel.muhortov/utils/raw/bran ____ +## `cert-info`.sh + +**Description:** +> Get certificate info. + +**Dependencies:** +> +> * [bash](https://www.gnu.org/software/bash/) (tested versions: 4.2.46 on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) +> * [openssl](https://www.openssl.org/) (tested version 1.0.2k on [CentOS 7](https://wiki.centos.org/Manuals/ReleaseNotes/CentOS7.2009)) + +| POSITION | PARAMETERS | DESCRIPTION | DEFAULT | +|-----------|--------------|------------------------|---------------| +| 1 |**[hostname:port \| /path/to/cert]**|certificate location|| +| 2 |**[-e]**|print of the expired date timestamp|| +| 2 |**[-f]**|print of the fingerprint|| +| 2 |**[-r]**|print of the remaining days|| + +Example usage in terminal with make the script executable: + +```bash +# download +sudo wget https://git.hmp.today/pavel.muhortov/utils/raw/branch/master/cert-info.sh -O /usr/local/bin/cert-info.sh +sudo chmod +x /usr/local/bin/cert-info.sh +# check cert +cert-info.sh www.hmp.today +cert-info.sh /etc/ssl/certs/ca-certificates.crt +``` + +____ + ## `sendmail`.py **Description:** diff --git a/cert-info.sh b/cert-info.sh new file mode 100644 index 0000000..78481bf --- /dev/null +++ b/cert-info.sh @@ -0,0 +1,105 @@ +#!/usr/bin/env bash + +# DESCRIPTION: +# get certificate info +# +# DEPENDENCIES: +# - openssl +# +# PARAMETERS: +# 1: "hostname:port | /path/to/cert" - certificate location +# -e - print of the expired date timestamp +# -f - print of the fingerprint +# -r - print of the remaining days +# +# FUNCTIONS: +# +# +# VARIABLES: +# + +if ! command -v openssl &> /dev/null; then + printf "%s\n" "Not found dependencies" + + exit 1 +fi + +datetime=$(date +%s) +certdest=$1 + +# +# MAIN: +# + +if [ -n "${certdest}" ]; then + certpath="$(printf "%s" "${certdest}" | cut -d':' -f1)" + + if [ -f "${certpath}" ]; then + certdata=$(cat "${certpath}") + + else + certport="$(printf "%s" "${certdest}" | cut -d':' -f2 -s)" + if [ -z "${certport}" ]; then + certport=443 + fi + certdata=$( \ + openssl s_client "${certpath}:${certport}" < /dev/null 2>/dev/null \ + ) + + fi + + if [ -n "${certdata}" ]; then + expired=$(date -d \ + "$(printf "%s" "${certdata}" | \ + openssl x509 -noout -enddate | \ + cut -d'=' -f2- \ + )" \ + +%s + ) + subject=$(printf "%s" "${certdata}" | \ + openssl x509 -noout -subject | \ + cut -d'=' -f3- | cut -d' ' -f2- \ + ) + release=$(printf "%s" "${certdata}" | \ + openssl x509 -noout -startdate | \ + cut -d'=' -f2- \ + ) + fingerp=$(printf "%s" "${certdata}" | \ + openssl x509 -noout -fingerprint | \ + cut -d'=' -f2- \ + ) + remains=0; remains=$(( expired-datetime )); remains=$(( remains/60/60/24 )) + + if [ -z "${2}" ]; then + printf '%s\n' "certpath: ${certpath}" + printf '%s\n' "certport: ${certport}" + printf '%s\n' "fingerprint: ${fingerp}" + printf '%s\n' "subject name: ${subject}" + printf '%s\n' "release date: ${release}" + printf '%s\n' "expired date: ${expired}" + printf '%s\n' "remains days: ${remains}" + elif [ "${2}" == "-e" ];then + printf '%s\n' "${expired}" + elif [ "${2}" == "-f" ];then + printf '%s\n' "${fingerp}" + elif [ "${2}" == "-r" ];then + printf '%s\n' "${remains}" + else + printf '%s\n' "certdata: ${certdata}" + fi + + else + printf "%s\n" "Certificate was not loaded" + + exit 1 + fi + +else + printf "%s\n" "Usage example: ${0} 'name.domain.zone'" + printf "%s\n" "Usage example: ${0} 'name.domain.zone:port' -r" + printf "%s\n" "Usage example: ${0} '/path/to/cert' -f" + + exit 1 +fi + +exit 0