Script to check SSL certs
Verifies that certificate, key and csr all match. Messy and work to be done. This currently does not return appropriate status nor exit at appropriate times. It only displays the three hashes if it can calculate them to be compared by human eyes.
This commit is contained in:
parent
8794234b3a
commit
9054b195f5
|
|
@ -0,0 +1,114 @@
|
|||
#!/bin/bash
|
||||
|
||||
trap "exit 1" TERM
|
||||
export TOP_PID=$$
|
||||
|
||||
readonly PROGRAM_NAME=$(basename $0)
|
||||
readonly PROGRAM_LOC=$(readlink -m $(dirname $0))
|
||||
readonly ARGS="$@"
|
||||
readonly ARG_COUNT="$#"
|
||||
|
||||
error () {
|
||||
local readonly message=$1; shift
|
||||
|
||||
echo $message
|
||||
echo
|
||||
|
||||
exit 1
|
||||
}
|
||||
|
||||
file_error () {
|
||||
local readonly file=$1; shift
|
||||
|
||||
error "File $file does not exist"
|
||||
}
|
||||
|
||||
hash_error () {
|
||||
local readonly file=$1; shift
|
||||
local readonly cert_type=$1; shift
|
||||
|
||||
error "File $file is not a $cert_type file"
|
||||
}
|
||||
|
||||
usage () {
|
||||
echo usage: $POGRAM_NAME CERTIFICATE_FILE KEY_FILE CSR_FILE
|
||||
exit 0
|
||||
}
|
||||
|
||||
md5 () {
|
||||
local readonly modulus=$1; shift
|
||||
|
||||
echo $modulus \
|
||||
| openssl md5
|
||||
}
|
||||
|
||||
hash_certificate () {
|
||||
local readonly certificate=$1; shift
|
||||
out=$( openssl x509 -noout -modulus -in $certificate 2>/dev/null )
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
hash_error $certificate certificate
|
||||
fi
|
||||
|
||||
echo $(md5 $out)
|
||||
}
|
||||
|
||||
hash_key () {
|
||||
local readonly key=$1; shift
|
||||
out=$( openssl rsa -noout -modulus -in $key 2>/dev/null )
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
hash_error $key key
|
||||
fi
|
||||
|
||||
echo $(md5 $out)
|
||||
}
|
||||
|
||||
hash_csr () {
|
||||
local readonly csr=$1; shift
|
||||
out=$( openssl req -noout -modulus -in $csr 2>/dev/null )
|
||||
|
||||
if [ $? -ne 0 ]; then
|
||||
hash_error $csr csr
|
||||
fi
|
||||
|
||||
echo $(md5 $out)
|
||||
}
|
||||
|
||||
incorrect_number_of_arguments () {
|
||||
test $ARG_COUNT -ne 3
|
||||
}
|
||||
|
||||
is_file () {
|
||||
local readonly file=$1
|
||||
|
||||
[[ -f $file ]]
|
||||
}
|
||||
|
||||
main () {
|
||||
local readonly certificate=$1; shift
|
||||
local readonly key=$1; shift
|
||||
local readonly csr=$1; shift
|
||||
|
||||
if incorrect_number_of_arguments; then
|
||||
usage
|
||||
fi
|
||||
|
||||
if ! is_file $certificate; then
|
||||
file_error $certificate
|
||||
fi
|
||||
|
||||
if ! is_file $key; then
|
||||
file_error $key
|
||||
fi
|
||||
|
||||
if ! is_file $csr; then
|
||||
file_error $csr
|
||||
fi
|
||||
|
||||
echo $(hash_certificate $certificate)
|
||||
echo $(hash_key $key)
|
||||
echo $(hash_csr $csr)
|
||||
}
|
||||
|
||||
main $ARGS
|
||||
Loading…
Reference in New Issue