#  cert-check.sh
#  
#  Copyright (C) 2015 Max Mehl <mail@mehl.mx>
#  
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#  
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU General Public License for more details.
#  
#  You should have received a copy of the GNU General Public License
#  along with this program.  If not, see <http://www.gnu.org/licenses/>.
#  
#!/bin/bash

BASENAME=$(basename $0)

if [ "$1" = "" ]; then
	echo "Usage: $BASENAME CERT KEY (optional: CSR)"
	exit 0
elif [ "$2" = "" ]; then
	echo "Not enough arguments"
	exit 0
fi

CERTFILE=$1
KEYFILE=$2

CERTHASH=$(openssl x509 -noout -modulus -in $CERTFILE | openssl md5)
KEYHASH=$(openssl rsa -noout -modulus -in $KEYFILE | openssl md5)

if [ "$CERTHASH" == "$KEYHASH" ]; then
	echo "OK! The certificate $CERTFILE matches the key $KEYFILE."
else
	echo "FAILURE! The certificate $CERTFILE doesn't match the key $KEYFILE."
fi

if [ "$3" != "" ]; then
	CSRFILE=$3
	CSRHASH=$(openssl req -noout -modulus -in $CSRFILE | openssl md5)
	if [ "$CSRHASH" == "$KEYHASH" ]; then
		echo "OK! The request-file $CSRFILE matches the key $KEYFILE."
	else
		echo "FAILURE! The request-file $CSRFILE doesn't match the key $KEYFILE."
	fi
fi