Last active
July 29, 2021 05:37
-
-
Save lager1/f65bd950aeba108d81d6bc3615050c15 to your computer and use it in GitHub Desktop.
openssl source ip wrapper
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
# ============================================================ | |
# openssl wrapper which enables source address specification | |
# | |
# script params: | |
# 1) source ip address or corresponding dns name | |
# 2) destination ip address or corresponding dns name | |
# 3) destination port | |
# 4) certiticate to use with openssl | |
# 5) private key for supplied certifikace | |
# ============================================================ | |
# ============================================================ | |
# function to print program usage | |
# ============================================================ | |
function usage() | |
{ | |
# there should be no less than 5 params: | |
# 1) source ip address | |
# 2) destination ip address | |
# 3) destination port | |
# 4) certiticate to use with openssl | |
# 5) private key for supplied certifikace | |
if [[ $# -lt 5 ]] | |
then | |
echo "usage: " | |
echo "$0 source_ip|source_dns_name dest_ip|dest_dns_name dest_port cert key" | |
exit 1 | |
fi | |
source_ip=$1 | |
dest_ip=$2 | |
dest_port=$3 | |
cert=$4 | |
key=$5 | |
} | |
# ============================================================ | |
# produce output and exit | |
# ============================================================ | |
function output() | |
{ | |
echo "$output" | |
exit $exval | |
} | |
# ============================================================ | |
# set exit value | |
# ============================================================ | |
function set_exval() | |
{ | |
exval=$1 | |
} | |
# ============================================================ | |
# set program output | |
# ============================================================ | |
function set_output() | |
{ | |
output=$1 | |
} | |
# ============================================================ | |
# test connection | |
# | |
# if there is no service running or a firewall is blocking it | |
# do not setup tunnel for openssl | |
# ============================================================ | |
function test_connection() | |
{ | |
local tmp | |
# timeout of connection refused | |
tmp=$(echo | nc -s $source_ip $dest_ip $dest_port 2>&1) | |
set_exval $? | |
if [[ $exval -ne 0 ]] | |
then | |
set_output "$tmp" | |
fi | |
return $exval | |
} | |
# ============================================================ | |
# create proxy with nc | |
# ============================================================ | |
function create_nc_proxy() | |
{ | |
nc -l -p 10000 < $fifo | nc -s $source_ip $dest_ip $dest_port > $fifo | |
} | |
# ============================================================ | |
# prepare working environment | |
# ============================================================ | |
function prepare_env() | |
{ | |
test_connection | |
if [[ $? -eq 0 ]] | |
then | |
fifo="/tmp/openssl_$$" | |
mkfifo $fifo | |
create_nc_proxy & | |
nc_pid=$! | |
else | |
return 1 | |
fi | |
} | |
# ============================================================ | |
# cleanup before exiting | |
# ============================================================ | |
function cleanup() | |
{ | |
rm $fifo 2>/dev/null # delete fifo | |
rm $tmp_cert 2>/dev/null # delete checked cert | |
kill $nc_pid 2>/dev/null # terminate nc | |
} | |
# ============================================================ | |
# get certificate and perform checks on it | |
# ============================================================ | |
function check_cert() | |
{ | |
tmp_cert=$(mktemp) | |
# /dev/null input just to terminate connection | |
openssl s_client -connect 127.0.0.1:10000 -cert $cert -key $key < /dev/null >/dev/null | |
#2>/dev/null | openssl x509 -outform PEM > $tmp_cert | |
#openssl x509 -in $tmp_cert -noout -issuer -nameopt multiline -subject -nameopt multiline -dates | |
} | |
# ============================================================ | |
# main function | |
# ============================================================ | |
function main() | |
{ | |
usage $@ | |
prepare_env | |
if [[ $? -eq 0 ]] # working environment successfully created | |
then | |
#sleep 1 # wait for tunnel to be set up | |
check_cert | |
cleanup | |
fi | |
output | |
} | |
# ============================================================ | |
main "$@" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment