#!/bin/ksh
# IBM_PROLOG_BEGIN_TAG 
# This is an automatically generated prolog. 
#  
# bos720 src/bos/usr/lib/nim/methods/certview.sh 1.3 
#  
# Licensed Materials - Property of IBM 
#  
# Restricted Materials of IBM 
#  
# COPYRIGHT International Business Machines Corp. 2004,2009 
# All Rights Reserved 
#  
# US Government Users Restricted Rights - Use, duplication or 
# disclosure restricted by GSA ADP Schedule Contract with IBM Corp. 
#  
# IBM_PROLOG_END_TAG 
# @(#)22 1.3 src/bos/usr/lib/nim/methods/certview.sh, cmdnim, bos720 3/10/09 12:11:42
#

# Certificate Viewer Script
# 
# The following is an example script for viewing OpenSSL certificate information.
# Only single flag options may be provided  -  multiple flags not supported.
# But, Feel free to customize this script :)
#
# For details on OpenSSL commands  - http://www.openssl.org
#

# set parameters from command line
while getopts hIisv x
do
	case ${x} in

		h)		# print out the hash values
				shift $((OPTIND - 1))
				for i in $*
				do
					c=`/usr/bin/openssl x509 -hash -noout -in $i`
					echo "$c.0 -> $i"
				done
				exit 0
				;;

		I)		# print the info
				shift $((OPTIND - 1))
				for i in $*
				do
					c=`/usr/bin/openssl x509 -subject -issuer -enddate -noout -in $i`
					echo "certname= $i"
					echo "$c"
					echo "--------"
				done
				exit 0
				;;

		i)		# print out the issuer
				shift $((OPTIND - 1))
				for i in $*
				do
					c=`/usr/bin/openssl x509 -issuer -noout -in $i`
					echo "$i\t$c"
				done
				exit 0
				;;

		s)		# print out the subject
				shift $((OPTIND - 1))
				for i in $*
				do
					c=`/usr/bin/openssl x509 -subject -noout -in $i`
					echo "$i\t$c"
				done
				exit 0
				;;

		\?)		# unknown option
				echo "\nUsage certview: Prints SSL certificate information"
				echo "\tcertview <certificates>"
				echo "\t  prints out all readable values for certificate(s)\n"
				echo "\tcertview -h <certificates>"
				echo "\t  prints out the hash value for certificate(s)\n"
				echo "\tcertview -i <certificates>"
				echo "\t  prints out the issuer value for certificate(s)\n"
				echo "\tcertview -s <certificates>"
				echo "\t  prints out the subject value for certificate(s)\n"
				echo "\tcertview -I <certificates>"
				echo "\t  prints out the subject, issuer, and enddate values for certificate(s)\n"
				exit 1
				;;
	esac
done

# No args passed, output the entire cert
for i in $*
do
	c=`/usr/bin/openssl x509 -text -noout -in $i`
	echo "certname = $i"
	echo "$c"
	echo "--------"
done

#done
exit $?