#!/bin/bash
#
# SSL wrapper scripts
#
# This code is licensed under a Creative Commons License.
# http://creativecommons.org/licenses/by-nc-sa/3.0/
#

#
# show usage
#
function usage {
  echo "SSL wrapper scripts"
  echo "Based on http://www.madboa.com/geek/openssl/"
}

#
# usage: ssl retrieve remote.host.name [port]
#        ssl retrieve remote.host.name [port] -starttls smtp
#
function retrieve {
  REMHOST=$1
  REMPORT=${2:-443}

  shift 2
  OPTS="$*"

  echo | \
  openssl s_client -connect ${REMHOST}:${REMPORT} $OPTS 2>&1 | \
  sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p'
}

#
# usage: fingerprint cert
#
function fingerprint {
  openssl x509 -noout -in $1 -fingerprint
  openssl x509 -noout -in $1 -fingerprint -md5
  openssl x509 -noout -in $1 -fingerprint -sha256
}

# Parse option
COMMAND="$1"
shift

if [ "$COMMAND" == "retrieve" ]; then
  retrieve $*
elif [ "$COMMAND" == "info" ]; then
  openssl x509 -noout -in $1 -text
elif [ "$COMMAND" == "verify" ]; then
  openssl verify $*
elif [ "$COMMAND" == "fingerprint" ] || [ "$COMMAND" == "finger" ]; then
  fingerprint $*
else
  usage
fi