ThinGuy · April 3, 2018 14:42
diff --git a/check-cert b/check-cert
 check-cert() {
 	local DESC="${RO}${FUNCNAME}${RT}: Show which hostnames/ip addresses are listed in Subject Alternate Names (SAN) in a given x509 certifcate\n"
 	[[ $1 = '--desc' ]] && { printf "${DESC}";return; }
 	check-cert_usage() {
 	printf "\n\e[2GUsage: ${RO}${FUNCNAME%%_*} ${RT} -c,--cert </path/to/x509/certificate> [OPTIONS] ${RT}\n"
 	printf "\e[4G${RO} -c${RT},${RO}--c\e[20G${RT}Path to x509 certificate (Required)\n"
 	printf "\e[4G${RO} -a${RT},${RO}--all\e[20G${RT}Show all hostnames and ip addresses covered by the provided certificate\n"
 	printf "\e[4G${RO} -h${RT},${RO}--host\e[20G${RT}Provide a specific hostname to check (or \"all\" to show all hostnames)\n"
 	printf "\e[4G${RO} -i${RT},${RO}--IP\e[20G${RT}Provide a specific IP address to check (or \"all\" to show all IP addresses)\n"
 	echo
 	}
 	[[ -z ${1} || ${1} = '-h' || ${1} = '--help' ]] && { check-cert_usage;return 0; }
 	ARGS=$(getopt -o c:i:h:a --long cert:,ip:,host:,all -- "$@")    
 	eval set -- "$ARGS"
 	while true ; do
 		case "$1" in
 			-c|--cert) local CERT="${2}";shift 2;;
 			-a|--all) local ALL=true;shift 1;;
 			-i|--ip) local CCMD='ip'; local IP=${2};shift 2;;
 			-h|--host) local CCMD='host'; local HOST=${2};shift 2;;
 			--) shift;break;;
 		esac
 	done
 	[[ -z ${CERT} ]] && { printf "Please use -c option to provide a x509 SSL certificate to check\n\n";check-cert_usage;return 1; }
 	[[ -f ${CERT} ]] || { printf "Cannot find ${CERT}\n\n";check-cert_usage;return 1; }
 	if [[ ${ALL} = true ]];then
 		printf "Showing all hostnames and IP addresses covered by ${CERT##*/}\n"
 		sleep .5
 		openssl x509 -in ${CERT} -noout -text|grep -oP '(?<=DNS:|IP Address:)[^,]+'|sort -uV
 		return 0
 	elif [[ ${CCMD} = 'host' ]];then
 		[[ -n ${HOST} && ${HOST} = [Aa][Ll][Ll] ]] && { printf "Showing all hostnames covered by ${CERT##*/}\n";sleep .5;openssl x509 -in ${CERT} -noout -text|grep -oP '(?<=DNS:)[^,]+'|sort -uV; return 0; }
 		[[ -z $(/bin/grep -oE ${HOSTNAMEREGEX} <<< "${HOST}") ]] && { printf "Please enter a valid hostname using -h option\n\n";check-cert_usage;return 1; }
 		printf "Checking if ${CERT##*/} is valid for ${HOST}\n"
 		openssl x509 -in ${CERT} -noout -check${CCMD} ${HOST}
 	elif [[ ${CCMD} = 'ip' ]];then
 		[[ -n ${IP} && ${IP} = [Aa][Ll][Ll] ]] && { printf "Showing all IP addresses covered by ${CERT##*/}\n";sleep .5;openssl x509 -in ${CERT} -noout -text|grep -oP '(?<=IP Address:)[^,]+'|sort -uV; return 0; }
 		[[ -z $(/bin/grep -oE ${IPV4REGEX} <<< "${IP}") ]] && { printf "Please enter a valid IP address using -i option\n\n";check-cert_usage;return 1; }
 		printf "Checking if ${CERT##*/} is valid for ${IP}\n"
 		openssl x509 -in ${CERT} -noout -check${CCMD} ${IP}
 	else
 		printf "Please use -a for all entries, or use -h or -i options to provide specific hostname or ip addresses\n\n"
 		check-cert_usage
 		return 1
 	fi
 }
	check-cert() {
	local DESC="${RO}${FUNCNAME}${RT}: Show which hostnames/ip addresses are listed in Subject Alternate Names (SAN) in a given x509 certifcate\n"
	[[ $1 = '--desc' ]] && { printf "${DESC}";return; }
	check-cert_usage() {
	printf "\n\e[2GUsage: ${RO}${FUNCNAME%%_*} ${RT} -c,--cert </path/to/x509/certificate> [OPTIONS] ${RT}\n"
	printf "\e[4G${RO} -c${RT},${RO}--c\e[20G${RT}Path to x509 certificate (Required)\n"
	printf "\e[4G${RO} -a${RT},${RO}--all\e[20G${RT}Show all hostnames and ip addresses covered by the provided certificate\n"
	printf "\e[4G${RO} -h${RT},${RO}--host\e[20G${RT}Provide a specific hostname to check (or \"all\" to show all hostnames)\n"
	printf "\e[4G${RO} -i${RT},${RO}--IP\e[20G${RT}Provide a specific IP address to check (or \"all\" to show all IP addresses)\n"
	echo
	}
	[[ -z ${1} \|\| ${1} = '-h' \|\| ${1} = '--help' ]] && { check-cert_usage;return 0; }
	ARGS=$(getopt -o c:i:h:a --long cert:,ip:,host:,all -- "$@")
	eval set -- "$ARGS"
	while true ; do
	case "$1" in
	-c\|--cert) local CERT="${2}";shift 2;;
	-a\|--all) local ALL=true;shift 1;;
	-i\|--ip) local CCMD='ip'; local IP=${2};shift 2;;
	-h\|--host) local CCMD='host'; local HOST=${2};shift 2;;
	--) shift;break;;
	esac
	done
	[[ -z ${CERT} ]] && { printf "Please use -c option to provide a x509 SSL certificate to check\n\n";check-cert_usage;return 1; }
	[[ -f ${CERT} ]] \|\| { printf "Cannot find ${CERT}\n\n";check-cert_usage;return 1; }
	if [[ ${ALL} = true ]];then
	printf "Showing all hostnames and IP addresses covered by ${CERT##*/}\n"
	sleep .5
	openssl x509 -in ${CERT} -noout -text\|grep -oP '(?<=DNS:\|IP Address:)[^,]+'\|sort -uV
	return 0
	elif [[ ${CCMD} = 'host' ]];then
	[[ -n ${HOST} && ${HOST} = [Aa][Ll][Ll] ]] && { printf "Showing all hostnames covered by ${CERT##*/}\n";sleep .5;openssl x509 -in ${CERT} -noout -text\|grep -oP '(?<=DNS:)[^,]+'\|sort -uV; return 0; }
	[[ -z $(/bin/grep -oE ${HOSTNAMEREGEX} <<< "${HOST}") ]] && { printf "Please enter a valid hostname using -h option\n\n";check-cert_usage;return 1; }
	printf "Checking if ${CERT##*/} is valid for ${HOST}\n"
	openssl x509 -in ${CERT} -noout -check${CCMD} ${HOST}
	elif [[ ${CCMD} = 'ip' ]];then
	[[ -n ${IP} && ${IP} = [Aa][Ll][Ll] ]] && { printf "Showing all IP addresses covered by ${CERT##*/}\n";sleep .5;openssl x509 -in ${CERT} -noout -text\|grep -oP '(?<=IP Address:)[^,]+'\|sort -uV; return 0; }
	[[ -z $(/bin/grep -oE ${IPV4REGEX} <<< "${IP}") ]] && { printf "Please enter a valid IP address using -i option\n\n";check-cert_usage;return 1; }
	printf "Checking if ${CERT##*/} is valid for ${IP}\n"
	openssl x509 -in ${CERT} -noout -check${CCMD} ${IP}
	else
	printf "Please use -a for all entries, or use -h or -i options to provide specific hostname or ip addresses\n\n"
	check-cert_usage
	return 1
	fi
	}