Created
May 14, 2021 15:35
-
-
Save danpritts/2d596b8c01828e9f09329fa741d8838d to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # bash and Gnu grep assumed | |
| crtinfo () { | |
| # accept command line cert name, or look for first *crt file in current directory | |
| if [[ -n $1 ]] ; then | |
| CERT=$1 | |
| else | |
| CERTARRAY=(*crt) | |
| CERT=${CERTARRAY[0]} | |
| if [[ -n ${CERTARRAY[1]} ]] ;then | |
| echo -e "\nwarning - only looking at the first certificate found, skipping\n${CERTARRAY[1]} and all other certs in the current directory\n\n"; | |
| fi | |
| fi | |
| if [[ ! -f $CERT ]]; then | |
| echo "no cert file in current directory, or cert on command line doesxn't exist" | |
| return 1 | |
| fi | |
| echo -e "\n$CERT\n\n" | |
| openssl x509 -noout -text < $CERT | grep --color=auto -Pi 'before|after|subject:|issuer' | |
| echo -e "\nSubject Alternative Names:\n" | |
| openssl x509 -noout -text < $CERT | perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print ("\t",join("\n\t", sort @names));' | |
| key=$(echo $CERT | perl -pe 's{\.crt$}{.key}') | |
| # helper function to confirm that the key in this directory matches the cert | |
| if [[ -f $key ]] ; then | |
| echo | |
| chkcrtandkey $1 $2 | |
| fi | |
| } | |
| function chkcrtandkey () { | |
| # accept 2 args, cert and key, or attempt to find .key matching argument 1 | |
| if [[ -f $2 ]]; then | |
| CERT=$1 | |
| KEY=$2 | |
| elif [[ -f $1 ]]; then | |
| CERT=$1 | |
| TMPKEY=$(echo $CERT | perl -pe 's{.crt}{.key}') | |
| if [[ -f $TMPKEY ]]; then | |
| KEY=$TMPKEY | |
| fi | |
| fi | |
| # if that fails, see if you can find a matching key and cert file in current directory | |
| if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then | |
| CERTARRAY=(*crt) | |
| CERT=${CERTARRAY[0]} | |
| KEYARRAY=(*key) | |
| KEY=${KEYARRAY[0]} | |
| fi | |
| if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then | |
| echo "can't find matching cert and key in current directory" | |
| return 1 | |
| fi | |
| # if the moduli match, then the key goes with the cert. | |
| echo -n "checking that $CERT and $KEY match: " | |
| CERTMODSUM=$(openssl x509 -noout -modulus -in $CERT | sha512sum) | |
| KEYMODSUM=$(openssl rsa -noout -modulus -in $KEY | sha512sum) | |
| if [[ $CERTMODSUM = $KEYMODSUM ]]; then | |
| echo "OK!" | |
| return 0 | |
| else | |
| echo -e "\n\n WARNING\n WARNING\n\n$CERT and $KEY DO NOT MATCH\n\n" | |
| echo $CERTMODSUM | |
| echo $KEYMODSUM | |
| return 1 | |
| fi | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment