111 lines
2.5 KiB
Bash
111 lines
2.5 KiB
Bash
#!/usr/bin/env bash
|
|
|
|
# DESCRIPTION:
|
|
# get certificate info
|
|
#
|
|
# DEPENDENCIES:
|
|
# - openssl
|
|
#
|
|
# PARAMETERS:
|
|
# 1: "hostname:port | /path/to/cert" - certificate location
|
|
# -e - print of the expired date timestamp
|
|
# -f - print of the fingerprint
|
|
# -r - print of the remaining days
|
|
#
|
|
# FUNCTIONS:
|
|
#
|
|
#
|
|
# VARIABLES:
|
|
#
|
|
|
|
if ! command -v openssl &> /dev/null; then
|
|
printf "%s\n" "Not found dependencies"
|
|
|
|
exit 1
|
|
fi
|
|
|
|
datetime=$(date +%s)
|
|
certdest=$1
|
|
|
|
#
|
|
# MAIN:
|
|
#
|
|
|
|
if [ -n "${certdest}" ]; then
|
|
certpath="$(printf "%s" "${certdest}" | cut -d':' -f1)"
|
|
|
|
if [ -f "${certpath}" ]; then
|
|
if grep -q 'BEGIN CERTIFICATE' "${certpath}"; then
|
|
certdata=$(openssl x509 -inform pem -in "${certpath}")
|
|
else
|
|
certdata=$(openssl x509 -inform der -in "${certpath}")
|
|
fi
|
|
|
|
else
|
|
certport="$(printf "%s" "${certdest}" | cut -d':' -f2 -s)"
|
|
if [ -z "${certport}" ]; then
|
|
certport=443
|
|
fi
|
|
certdata=$( \
|
|
openssl s_client -connect "${certpath}:${certport}" \
|
|
< /dev/null 2>/dev/null \
|
|
)
|
|
|
|
fi
|
|
|
|
if [ -n "${certdata}" ]; then
|
|
expired=$(date -d \
|
|
"$(printf "%s" "${certdata}" | \
|
|
openssl x509 -noout -enddate | \
|
|
cut -d'=' -f2- \
|
|
)" \
|
|
+%s
|
|
)
|
|
subject=$(printf "%s" "${certdata}" | \
|
|
openssl x509 -noout -subject | \
|
|
cut -d'=' -f3- | cut -d' ' -f2- \
|
|
)
|
|
release=$(printf "%s" "${certdata}" | \
|
|
openssl x509 -noout -startdate | \
|
|
cut -d'=' -f2- \
|
|
)
|
|
fingerp=$(printf "%s" "${certdata}" | \
|
|
openssl x509 -noout -fingerprint | \
|
|
cut -d'=' -f2- \
|
|
)
|
|
remains=0; remains=$(( expired-datetime )); remains=$(( remains/60/60/24 ))
|
|
|
|
if [ -z "${2}" ]; then
|
|
printf '%s\n' "certpath: ${certpath}"
|
|
printf '%s\n' "certport: ${certport}"
|
|
printf '%s\n' "fingerprint: ${fingerp}"
|
|
printf '%s\n' "subject name: ${subject}"
|
|
printf '%s\n' "release date: ${release}"
|
|
printf '%s\n' "expired date: ${expired}"
|
|
printf '%s\n' "remains days: ${remains}"
|
|
elif [ "${2}" == "-e" ];then
|
|
printf '%s\n' "${expired}"
|
|
elif [ "${2}" == "-f" ];then
|
|
printf '%s\n' "${fingerp}"
|
|
elif [ "${2}" == "-r" ];then
|
|
printf '%s\n' "${remains}"
|
|
else
|
|
printf '%s\n' "certdata: ${certdata}"
|
|
fi
|
|
|
|
else
|
|
printf "%s\n" "Certificate was not loaded"
|
|
|
|
exit 1
|
|
fi
|
|
|
|
else
|
|
printf "%s\n" "Usage example: ${0} 'name.domain.zone'"
|
|
printf "%s\n" "Usage example: ${0} 'name.domain.zone:port' -r"
|
|
printf "%s\n" "Usage example: ${0} '/path/to/cert' -f"
|
|
|
|
exit 1
|
|
fi
|
|
|
|
exit 0
|