openssl source ip wrapper

openssl_source_ip.sh

#!/bin/bash

# ============================================================
# openssl wrapper which enables source address specification
#
# script params:
# 1) source ip address or corresponding dns name
# 2) destination ip address or corresponding dns name
# 3) destination port
# 4) certiticate to use with openssl
# 5) private key for supplied certifikace
# ============================================================

# ============================================================
# function to print program usage
# ============================================================
function usage()
{
  # there should be no less than 5 params:
  # 1) source ip address
  # 2) destination ip address
  # 3) destination port
  # 4) certiticate to use with openssl
  # 5) private key for supplied certifikace
  if [[ $# -lt 5 ]]
  then
    echo "usage: "
    echo "$0 source_ip|source_dns_name dest_ip|dest_dns_name dest_port cert key"
    exit 1
  fi

  source_ip=$1
  dest_ip=$2
  dest_port=$3
  cert=$4
  key=$5
}
# ============================================================
# produce output and exit
# ============================================================
function output()
{
  echo "$output"
  exit $exval
}
# ============================================================
# set exit value
# ============================================================
function set_exval()
{
  exval=$1
}
# ============================================================
# set program output
# ============================================================
function set_output()
{
  output=$1
}
# ============================================================
# test connection
# 
# if there is no service running or a firewall is blocking it
# do not setup tunnel for openssl
# ============================================================
function test_connection()
{
  local tmp
  # timeout of connection refused
  tmp=$(echo | nc -s $source_ip $dest_ip $dest_port 2>&1)

  set_exval $?
  if [[ $exval -ne 0 ]]
  then
    set_output "$tmp"
  fi

  return $exval
}
# ============================================================
# create proxy with nc
# ============================================================
function create_nc_proxy()
{
  nc -l -p 10000 < $fifo | nc -s $source_ip $dest_ip $dest_port > $fifo
}
# ============================================================
# prepare working environment
# ============================================================
function prepare_env()
{
  test_connection
  if [[ $? -eq 0 ]]
  then
    fifo="/tmp/openssl_$$"
    mkfifo $fifo
    create_nc_proxy &
    nc_pid=$!
  else
    return 1
  fi
}
# ============================================================
# cleanup before exiting 
# ============================================================
function cleanup()
{
  rm $fifo 2>/dev/null		# delete fifo
  rm $tmp_cert 2>/dev/null	# delete checked cert
  kill $nc_pid 2>/dev/null	# terminate nc
}
# ============================================================
# get certificate and perform checks on it
# ============================================================
function check_cert()
{
  tmp_cert=$(mktemp)
  # /dev/null input just to terminate connection
  openssl s_client -connect 127.0.0.1:10000 -cert $cert -key $key < /dev/null >/dev/null
  #2>/dev/null | openssl x509 -outform PEM > $tmp_cert
  #openssl x509 -in $tmp_cert -noout -issuer -nameopt multiline -subject -nameopt multiline -dates
}
# ============================================================
# main function
# ============================================================
function main()
{
  usage $@
  prepare_env 
  if [[ $? -eq 0 ]]	# working environment successfully created
  then
    #sleep 1 		# wait for tunnel to be set up
    check_cert
    cleanup
  fi
  output
}
# ============================================================
main "$@"