danpritts · May 14, 2021 15:35
diff --git a/crtinfo-shell-function.bash b/crtinfo-shell-function.bash
 # bash and Gnu grep assumed

 crtinfo () {
  # accept command line cert name, or look for first *crt file in current directory
  if [[ -n $1 ]] ; then
    CERT=$1
  else
    CERTARRAY=(*crt)
    CERT=${CERTARRAY[0]}
    if [[ -n ${CERTARRAY[1]} ]] ;then
      echo -e "\nwarning - only looking at the first certificate found, skipping\n${CERTARRAY[1]} and all other certs in the current directory\n\n";
    fi
  fi

  if [[ ! -f $CERT ]]; then
    echo "no cert file in current directory, or cert on command line doesxn't exist"
    return 1
  fi

  echo -e "\n$CERT\n\n"
  openssl x509 -noout -text < $CERT | grep --color=auto -Pi 'before|after|subject:|issuer'

  echo -e "\nSubject Alternative Names:\n"
  openssl x509 -noout -text < $CERT | perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print ("\t",join("\n\t", sort @names));'

  key=$(echo $CERT | perl -pe 's{\.crt$}{.key}')

  # helper function to confirm that the key in this directory matches the cert
  if [[ -f $key ]] ; then
    echo
    chkcrtandkey $1 $2
  fi
 }


 function chkcrtandkey () {

  # accept 2 args, cert and key, or attempt to find .key matching argument 1
  if [[ -f $2 ]]; then
    CERT=$1
    KEY=$2
  elif [[ -f $1 ]]; then
    CERT=$1
    TMPKEY=$(echo $CERT | perl -pe 's{.crt}{.key}')
    if [[ -f $TMPKEY ]]; then
      KEY=$TMPKEY
    fi
  fi

  # if that fails, see if you can find a matching key and cert file in current directory
  if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then
    CERTARRAY=(*crt)
    CERT=${CERTARRAY[0]}
    KEYARRAY=(*key)
    KEY=${KEYARRAY[0]}
  fi

  if [[ ! -f $CERT ]] || [[ ! -f $KEY ]]; then
    echo "can't find matching cert and key in current directory"
    return 1
  fi


  # if the moduli match, then the key goes with the cert.
  echo -n "checking that $CERT and $KEY match: "
  CERTMODSUM=$(openssl x509 -noout -modulus -in $CERT | sha512sum)
  KEYMODSUM=$(openssl rsa -noout -modulus -in $KEY | sha512sum)
  if [[ $CERTMODSUM = $KEYMODSUM ]]; then
    echo "OK!"
    return 0
  else
    echo -e  "\n\n WARNING\n WARNING\n\n$CERT and $KEY DO NOT MATCH\n\n"
    echo $CERTMODSUM
    echo $KEYMODSUM
    return 1
  fi
 }
	# bash and Gnu grep assumed

	crtinfo () {
	# accept command line cert name, or look for first *crt file in current directory
	if [[ -n $1 ]] ; then
	CERT=$1
	else
	CERTARRAY=(*crt)
	CERT=${CERTARRAY[0]}
	if [[ -n ${CERTARRAY[1]} ]] ;then
	echo -e "\nwarning - only looking at the first certificate found, skipping\n${CERTARRAY[1]} and all other certs in the current directory\n\n";
	fi
	fi

	if [[ ! -f $CERT ]]; then
	echo "no cert file in current directory, or cert on command line doesxn't exist"
	return 1
	fi

	echo -e "\n$CERT\n\n"
	openssl x509 -noout -text < $CERT \| grep --color=auto -Pi 'before\|after\|subject:\|issuer'

	echo -e "\nSubject Alternative Names:\n"
	openssl x509 -noout -text < $CERT \| perl -l -0777 -ne '@names=/\bDNS:([^\s,]+)/g; print ("\t",join("\n\t", sort @names));'

	key=$(echo $CERT \| perl -pe 's{\.crt$}{.key}')

	# helper function to confirm that the key in this directory matches the cert
	if [[ -f $key ]] ; then
	echo
	chkcrtandkey $1 $2
	fi
	}


	function chkcrtandkey () {

	# accept 2 args, cert and key, or attempt to find .key matching argument 1
	if [[ -f $2 ]]; then
	CERT=$1
	KEY=$2
	elif [[ -f $1 ]]; then
	CERT=$1
	TMPKEY=$(echo $CERT \| perl -pe 's{.crt}{.key}')
	if [[ -f $TMPKEY ]]; then
	KEY=$TMPKEY
	fi
	fi

	# if that fails, see if you can find a matching key and cert file in current directory
	if [[ ! -f $CERT ]] \|\| [[ ! -f $KEY ]]; then
	CERTARRAY=(*crt)
	CERT=${CERTARRAY[0]}
	KEYARRAY=(*key)
	KEY=${KEYARRAY[0]}
	fi

	if [[ ! -f $CERT ]] \|\| [[ ! -f $KEY ]]; then
	echo "can't find matching cert and key in current directory"
	return 1
	fi


	# if the moduli match, then the key goes with the cert.
	echo -n "checking that $CERT and $KEY match: "
	CERTMODSUM=$(openssl x509 -noout -modulus -in $CERT \| sha512sum)
	KEYMODSUM=$(openssl rsa -noout -modulus -in $KEY \| sha512sum)
	if [[ $CERTMODSUM = $KEYMODSUM ]]; then
	echo "OK!"
	return 0
	else
	echo -e "\n\n WARNING\n WARNING\n\n$CERT and $KEY DO NOT MATCH\n\n"
	echo $CERTMODSUM
	echo $KEYMODSUM
	return 1
	fi
	}