tls-utils/source/verify.py

import sys as _sys
import argparse as _argparse

import helpers.string as _string
import helpers.certinfo as _certinfo


def main():
	## args
	argument_parser = _argparse.ArgumentParser(
		prog = "tls-verify",
		description = "compares the fingerprints of a TLS certificate on the machine with the one delivered through the internet for a given domain",
	)
	argument_parser.add_argument(
		"domain",
		type = str,
		metavar = "<domain>",
	)
	argument_parser.add_argument(
		"-d",
		"--cert-directory",
		type = str,
		default = "/etc/ssl/fullchains",
		metavar = "<cert-directory>",
	)
	argument_parser.add_argument(
		"-e",
		"--file-extension",
		type = str,
		default = "pem",
		metavar = "<file-extension>",
	)
	args = argument_parser.parse_args()
	
	## exec
	fingerprint_shall = _certinfo.extract_fingerprint(
		_certinfo.get_certificate_info_from_file(
			_string.coin(
				"{{directory}}/{{domain}}.{{extension}}",
				{
					"directory": args.cert_directory,
					"domain": args.domain,
					"extension": args.file_extension
				}
			)
		)
	)
	fingerprint_is = _certinfo.extract_fingerprint(
		_certinfo.get_certificate_info_from_internet(
			args.domain
		)
	)
	if (fingerprint_shall == fingerprint_is):
		_sys.stdout.write("ok\n")
		_sys.exit(0)
	else:
		_sys.stderr.write("!MISMATCH!\n")
		_sys.stderr.write("[shall] %s\n" % fingerprint_shall)
		_sys.stderr.write("[is   ] %s\n" % fingerprint_is)
		_sys.exit(1)
[ini] 2026-04-03 01:05:31 +02:00			`import sys as _sys`
			`import argparse as _argparse`

			`import helpers.string as _string`
			`import helpers.certinfo as _certinfo`


			`def main():`
			`## args`
			`argument_parser = _argparse.ArgumentParser(`
			`prog = "tls-verify",`
			`description = "compares the fingerprints of a TLS certificate on the machine with the one delivered through the internet for a given domain",`
			`)`
			`argument_parser.add_argument(`
			`"domain",`
			`type = str,`
			`metavar = "<domain>",`
			`)`
			`argument_parser.add_argument(`
			`"-d",`
			`"--cert-directory",`
			`type = str,`
			`default = "/etc/ssl/fullchains",`
			`metavar = "<cert-directory>",`
			`)`
			`argument_parser.add_argument(`
			`"-e",`
			`"--file-extension",`
			`type = str,`
			`default = "pem",`
			`metavar = "<file-extension>",`
			`)`
			`args = argument_parser.parse_args()`

			`## exec`
			`fingerprint_shall = _certinfo.extract_fingerprint(`
			`_certinfo.get_certificate_info_from_file(`
			`_string.coin(`
			`"{{directory}}/{{domain}}.{{extension}}",`
			`{`
			`"directory": args.cert_directory,`
			`"domain": args.domain,`
			`"extension": args.file_extension`
			`}`
			`)`
			`)`
			`)`
			`fingerprint_is = _certinfo.extract_fingerprint(`
			`_certinfo.get_certificate_info_from_internet(`
			`args.domain`
			`)`
			`)`
			`if (fingerprint_shall == fingerprint_is):`
			`_sys.stdout.write("ok\n")`
			`_sys.exit(0)`
			`else:`
			`_sys.stderr.write("!MISMATCH!\n")`
			`_sys.stderr.write("[shall] %s\n" % fingerprint_shall)`
			`_sys.stderr.write("[is ] %s\n" % fingerprint_is)`
			`_sys.exit(1)`