#!/bin/bash
usage()
{
cat <<EOF
Usage: $(basename $0) [options]
Options:
  -f    local file
  -h    remote host
  -p    custome port

Exaple:
  sslchecker -h letsencrypt.org

EOF
}

while [ "$1" ]; do
  case "$1" in
    -f)
      shift
      file="$1"
      source="local"
      ;;
    -h)
      shift
      host="$1"
      source="remote"
      ;;
    -p)
      shift
      port="$1"
      ;;
    --help)
      usage
      exit 0
      ;;
    *)
      echo "see --help for usage"
      exit 1
      ;;
  esac
  shift
done

LocalCheck()
{
  openssl x509 -in $file -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux
}

RemoteCheck()
{
  echo | openssl s_client -connect $host:$port -servername $host 2>/dev/null | openssl x509 -noout -text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux
}

AltName()
{
grep -A1 "Subject Alternative Name:" | tail -n1 | sed 's/\*/wildcard/g' | sed 's/DNS://g' | tr -d ' ' | tr ',' '\n'
}

Validation()
{
  grep "CN =" | grep "Issuer" | sed 's/^.*CN = //g'
}

ValidDate()
{
  grep "Not" | sed 's/^[^:]*: //g'
}
Records()
{
  dig A $host +short
  dig AAAA $host +short
}
if [[ "$source" == "local" ]]; then
  if [ -z "$file" ]; then
    exit 1
  fi
  LocalCheck
fi

if [ "$source" == "remote" ]; then
if [ -z "$port" ]; then
  port="443"
fi

echo -e '\e[90m\e[1m\e[104mCert is valid for:\e[0m'
RemoteCheck | AltName
echo -e '\e[90m\e[1m\e[101mValidated by:\e[0m'
RemoteCheck | Validation
echo -e '\e[90m\e[1m\e[43mValidated from to:\e[0m'
RemoteCheck | ValidDate
echo -e '\e[90m\e[1m\e[102mA and AAAA Records:\e[0m'
Records
fi
