#!/bin/bash
#< Get SSL certificate info for HTTPS virtual servers (BigIP)
AWK="/bin/awk"
BASENAME="/bin/basename"
BIGPIPE="/bin/bigpipe"
CAT="/bin/cat"
CUT="/bin/cut"
ECHO="/bin/echo"
GREP="/bin/grep"
OPENSSL="/usr/bin/openssl"
PRINTF="/usr/bin/printf"
RM="/bin/rm"
SED="/bin/sed"
TR="/usr/bin/tr"
THISPROG=$( ${BASENAME} $0 )
SSLBASE="/config/ssl/ssl.crt"
SSLTMP="/tmp/clientssl.$$"
function print_error {
${ECHO} "Error: $@" >&2
}
function print_usage {
{
${ECHO} "Usage: ${THISPROG} [-v]"
${ECHO} " -v Verbose"
} >&2
}
function parse_bigpipe_ssl {
${BIGPIPE} profile clientssl list | ${AWK} '{
if ( $0 !~ /}/ ) {
gsub( /\n/, "", $0 );
str=sprintf( "%s %s", str, $0 );
} else {
printf( "%s }\n", str );
str="";
}
}' | ${GREP} "$1" >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
return 0
else
return 1
fi
}
function parse_bigpipe_servers {
${BIGPIPE} virtual list | ${AWK} '{
if ( $0 !~ /}/ ) {
gsub( /\n/, "", $0 );
str=sprintf( "%s %s", str, $0 );
} else {
printf( "%s }\n", str );
str="";
}
}' | ${GREP} "destination[^:]*:https" | ${TR} -s ' ' | while read LINE; do
VIRTUAL_SERVER=$( ${ECHO} "${LINE}" | ${SED} 's/^.*virtual \([^ ]*\) .*$/\1/' )
DESTINATION=$( ${ECHO} "${LINE}" | ${SED} 's/^.*destination \([^ ]*\) .*$/\1/' )
DEST_IP=$( ${ECHO} "${DESTINATION}" | ${CUT} -d':' -f1 )
DEST_PORT=$( ${ECHO} "${DESTINATION}" | ${CUT} -d':' -f2 )
${ECHO} "${LINE}" | ${GREP} " rule " >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
RULE=1
else
RULE=0
fi
(( RULE )) && {
PROFILES=$( ${ECHO} "${LINE}" | ${SED} 's/^.*profile \(.*\) rule.*$/\1/' )
POOL=$( ${ECHO} "${LINE}" | ${SED} 's/^.*rule \([^ ]*\) .*$/\1/' )
} || {
PROFILES=$( ${ECHO} "${LINE}" | ${SED} 's/^.*profile \(.*\) pool.*$/\1/' )
POOL=$( ${ECHO} "${LINE}" | ${SED} 's/^.*pool \([^ ]*\) .*$/\1/' )
}
${ECHO} "${PROFILES}" | ${TR} ' ' '\n' | while read PROFILE; do
parse_bigpipe_ssl ${PROFILE} >/dev/null 2>&1
if [ "$?" -eq "0" ]; then
${ECHO} "${PROFILE}" > ${SSLTMP}
fi
done
CLIENTSSL=$( ${CAT} ${SSLTMP} )
SSLDATA=$( ${BIGPIPE} profile clientssl ${CLIENTSSL} list )
KEY=$( ${ECHO} "${SSLDATA}" | ${GREP} "^[ ]*key" | ${SED} 's/^.*\"\([^\"]*\)\".*$/\1/' )
CERT=$( ${ECHO} "${SSLDATA}" | ${GREP} "^[ ]*cert" | ${SED} 's/^.*\"\([^\"]*\)\".*$/\1/' )
CA=$( ${ECHO} "${SSLDATA}" | ${GREP} "^[ ]*ca file" | ${SED} 's/^.*\"\([^\"]*\)\".*$/\1/' )
if [ "${CA}" = "" ]; then
CA=$( ${BIGPIPE} profile clientssl clientssl list | ${GREP} "^[ ]*ca file" | ${SED} 's/^.*\"\([^\"]*\)\".*$/\1/' )
fi
EXPIRE=$( ${OPENSSL} x509 -in ${SSLBASE}/${CERT} -noout -text | ${GREP} "After" | ${CUT} -d ':' -f2- )
(( VERBOSE )) && {
${PRINTF} "%20s: %s\n" "Virtual Server" "${VIRTUAL_SERVER}"
${PRINTF} "%20s: %s\n" "Destination IP" "${DEST_IP}"
${PRINTF} "%20s: %s\n" "Destination Port" "${DEST_PORT}"
${PRINTF} "%20s: %s\n" "Pool" "${POOL}"
${PRINTF} "%20s: %s\n" "Profiles" "${PROFILES}"
${PRINTF} "%20s: %s\n" "Client SSL" "${CLIENTSSL}"
${PRINTF} "%20s: %s\n" "SSL Key" "${KEY}"
${PRINTF} "%20s: %s\n" "SSL Cert" "${CERT}"
${PRINTF} "%20s: %s\n" "SSL CA" "${CA}"
${PRINTF} "%20s: %s\n" "Expires" "${EXPIRE}"
${PRINTF} "\n"
} || {
${PRINTF} "%20s: %s\n" "Virtual Server" "${VIRTUAL_SERVER}"
${PRINTF} "%20s: %s\n" "Client SSL" "${CLIENTSSL}"
${PRINTF} "%20s: %s\n" "SSL Key" "${KEY}"
${PRINTF} "%20s: %s\n" "SSL Cert" "${CERT}"
${PRINTF} "%20s: %s\n" "SSL CA" "${CA}"
${PRINTF} "%20s: %s\n" "Expires" "${EXPIRE}"
${PRINTF} "\n"
}
${RM} ${SSLTMP}
done
}
if [ "$#" -gt "1" ]; then
print_usage && exit 1
elif [ "$#" -eq "1" -a "$1" != "-v" ]; then
print_usage && exit 1
fi
if [ "$1" = "-v" ]; then
VERBOSE=1
else
VERBOSE=0
fi
parse_bigpipe_servers
exit 0