#!/bin/bash
#tony20180925
#check if ssl certs match

echo "Enter for skip, tab for completion"
echo -n "Key    :"
read -e KEY
echo -n "Cert   :"
read -e CERT
echo -n "CSR    :"
read -e CSR
echo -n "Bundle :"
read -e BUNDLE

if [ ! -z $KEY ] && [ -f $KEY ]
then
	KEYSUM=`openssl pkey -in $KEY -pubout -outform pem | sha256sum`
fi
if [ ! -z $CERT ] && [ -f $CERT ]
then
	CERTSUM=`openssl x509 -in $CERT -pubkey -noout -outform pem | sha256sum`
fi
if [ ! -z $CSR ] && [ -f $CSR ]
then
	CSRSUM=`openssl req -in $CSR -pubkey -noout -outform pem | sha256sum`
fi
if [ ! -z $BUNDLE  ] && [ ! -z $CERT ] && [ -f $BUNDLE ] && [ -f $CERT ]
then
	BUNDLECHECK=`openssl verify -CAfile $BUNDLE $CERT`
fi
if [ ! -z "$KEYSUM" ]
then
	if [ ! -z "$CERTSUM" ]
	then
		if [ "$KEYSUM" = "$CERTSUM" ]
		then
			echo "Key and cert match OK"
		else
			echo "Key and cert mismatch"
		fi
	fi
	if [ ! -z "$CSRSUM" ]
	then
		if [ "$KEYSUM" = "$CSRSUM" ]
		then
			echo "Key and CSR match OK"
		else
			echo "Key and  CSR mismatch"
		fi
	fi
else
	if [ ! -z "$CERTSUM" ]
	then 
		if [ ! -z "$CSRSUM" ]
		then
			if [ "$CERTSUM" = "$CSRSUM" ]
			then
				echo "Cert  and CSR match OK"
			else
				echo "Cert  and  CSR mismatch"
			fi
		fi
	fi
fi

if [ ! -z "$BUNDLECHECK" ]
then
	echo "Bundle check: $BUNDLECHECK"
fi