venkytv/cert

## cert
#!/bin/bash

if [[ $# -lt 1 ]]; then
	echo "usage: $( basename $0 ) <https-url>" >&2
	exit 1
fi

[[ $( uname ) == "Darwin" ]] && DATE='gdate' || DATE='date'
$DATE --version 2>&1 | head -n 1 | grep GNU >/dev/null
if [[ $? -ne 0 ]]; then
	echo "ERROR: GNU coreutils date command not found" >&2
	exit 2
fi

cert_check() {
	local host port expiry epoch now

	host="${1%:*}"
	port="${1#*:}"
	[[ "$port" == "$1" ]] && port=443

	expiry=$( openssl s_client -connect "${host}:${port}" -servername "$host" </dev/null 2>/dev/null \
		| openssl x509 -noout -dates \
		| grep '^notAfter' \
		| cut -d= -f2- )

	epoch=$( $DATE --date="$expiry" +'%s' )
	now=$( $DATE '+%s' )

	echo $(( ( epoch - now ) / ( 24 * 60 * 60 ) ))
}

URL="$1"

HOST=$( echo ${URL#https://} | tr -d / )
HOSTNAME=${HOST%:*}

[[ "$HOST" == "$HOSTNAME" ]] && HOST="${HOST}:443"

DOMAINS=$( openssl s_client -connect "$HOST" -servername "$HOSTNAME" </dev/null 2>/dev/null \
	| openssl x509 -noout -text \
	| grep DNS: \
	| sed -e 's/, /,/g' -e 's/DNS://g' \
	| tr -d ' 	' )

VALIDITY=$( curl -v "$URL" 2>&1 \
	| sed -n "s/.*subjectAltName: //p" )

ER="[1;31m"
OK="[1;32m"
HI="[1;33m"
RE="[0m"

EXPIRY_DAYS=$( cert_check ${HOST} )
if [[ "$EXPIRY_DAYS" -lt 30 ]]; then
	EXPIRY_DAYS="${ER}${EXPIRY_DAYS} days${RE}"
else
	EXPIRY_DAYS="${OK}${EXPIRY_DAYS} days${RE}"
fi

CURL=$( curl -v "https://$HOST" 2>&1 )
ALTNAME=$( echo "$CURL" | sed -n -e 's/.*subjectAltName: //p' )
VALIDITY=$( echo "$CURL" | sed -n -e 's/^*  \(SSL certificate.*\)/\1/p' )
if [[ "$VALIDITY" == *ok. ]]; then
	VALIDITY="${OK}${VALIDITY}${RE}"
else
	VALIDITY="${ER}${VALIDITY}${RE}"
fi

echo
echo "Domains: ${HI}$DOMAINS${RE}"
echo "Expiry: $EXPIRY_DAYS"
echo "Validity:"
echo " - $ALTNAME"
echo " - $VALIDITY"
	#!/bin/bash

	if [[ $# -lt 1 ]]; then
	echo "usage: $( basename $0 ) <https-url>" >&2
	exit 1
	fi

	[[ $( uname ) == "Darwin" ]] && DATE='gdate' \|\| DATE='date'
	$DATE --version 2>&1 \| head -n 1 \| grep GNU >/dev/null
	if [[ $? -ne 0 ]]; then
	echo "ERROR: GNU coreutils date command not found" >&2
	exit 2
	fi

	cert_check() {
	local host port expiry epoch now

	host="${1%:*}"
	port="${1#*:}"
	[[ "$port" == "$1" ]] && port=443

	expiry=$( openssl s_client -connect "${host}:${port}" -servername "$host" </dev/null 2>/dev/null \
	\| openssl x509 -noout -dates \
	\| grep '^notAfter' \
	\| cut -d= -f2- )

	epoch=$( $DATE --date="$expiry" +'%s' )
	now=$( $DATE '+%s' )

	echo $(( ( epoch - now ) / ( 24 * 60 * 60 ) ))
	}

	URL="$1"

	HOST=$( echo ${URL#https://} \| tr -d / )
	HOSTNAME=${HOST%:*}

	[[ "$HOST" == "$HOSTNAME" ]] && HOST="${HOST}:443"

	DOMAINS=$( openssl s_client -connect "$HOST" -servername "$HOSTNAME" </dev/null 2>/dev/null \
	\| openssl x509 -noout -text \
	\| grep DNS: \
	\| sed -e 's/, /,/g' -e 's/DNS://g' \
	\| tr -d ' ' )

	VALIDITY=$( curl -v "$URL" 2>&1 \
	\| sed -n "s/.*subjectAltName: //p" )

	ER="[1;31m"
	OK="[1;32m"
	HI="[1;33m"
	RE="[0m"

	EXPIRY_DAYS=$( cert_check ${HOST} )
	if [[ "$EXPIRY_DAYS" -lt 30 ]]; then
	EXPIRY_DAYS="${ER}${EXPIRY_DAYS} days${RE}"
	else
	EXPIRY_DAYS="${OK}${EXPIRY_DAYS} days${RE}"
	fi

	CURL=$( curl -v "https://$HOST" 2>&1 )
	ALTNAME=$( echo "$CURL" \| sed -n -e 's/.*subjectAltName: //p' )
	VALIDITY=$( echo "$CURL" \| sed -n -e 's/^* \(SSL certificate.*\)/\1/p' )
	if [[ "$VALIDITY" == *ok. ]]; then
	VALIDITY="${OK}${VALIDITY}${RE}"
	else
	VALIDITY="${ER}${VALIDITY}${RE}"
	fi

	echo
	echo "Domains: ${HI}$DOMAINS${RE}"
	echo "Expiry: $EXPIRY_DAYS"
	echo "Validity:"
	echo " - $ALTNAME"
	echo " - $VALIDITY"