minions/bin/ssl_fp

#!/bin/bash

. "$(sfpath)" || exit 3

shellfu import pretty

usage() {
    mkusage "[-d] SERVER:PORT"
}

cached() {
    local cache_size    # size of cache, just to help debugging
    cache_size=$(stat -c %s "$Cache")
    debug -v Cache cache_size
    if test "$cache_size" -gt 0;
    then
        debug "using cache ($cache_size bytes)"
        cat "$Cache"
    else
        debug "building cache"
        get_cert | tee "$Cache"
    fi
}

get_cert() {
    debug heya
    </dev/null openssl s_client -connect "$Conn" 2>/dev/null
}

get_fp() {
    local fun="$1"
    debug -v Conn fun
    cached get_cert \
      | openssl x509 -noout -"$fun" -fingerprint 2>/dev/null
}

get_fps() {
    get_fp md5
    get_fp sha1
    get_fp sha256
}

main() {
    local Conn      # connection target (SERVER:PORT)
    local Cache     # cert cache (for re-computing hashes)
    local es        # exit status
    #shellcheck disable=SC2034
    while true; do case "$1" in
        *:*) Conn="$1";             shift ;;
        -d)  PRETTY_DEBUG=true;    shift ;;
        "")                         break ;;
        *)                          usage ;;
    esac done
    test -n "$Conn" || usage
    Cache="$(mktemp -t ssl_fp.cache.XXXXXXXX)"
    get_fps; es=$?
    rm -f "$Cache"
    return "$es"
}

main "$@"