
平台论坛博客文库

› 论坛 › 程序设计 › Shell › 函数后面跟{cat;}应该如何理解？

[其他] 函数后面跟{cat;}应该如何理解？ [复制链接]

274920831

丰衣足食

论坛徽章:: 5

电梯直达

1楼 [收藏(0)] [报告]

发表于 2018-05-23 13:55 |只看该作者 |倒序浏览

本帖最后由 274920831 于 2018-05-23 15:24 编辑

Shell脚本检查SSL证书信息，如过期日期和主题，链接如下：
http://giantdorks.org/alain/shell-script-to-check-ssl-certificate-info-like-expiration-date-and-subject/

在作者所写的脚本如下：
#!/bin/bash

usage()
{
cat <&2
echo "see --help for usage"
exit 1
;;
esac
shift
done

CheckLocalCert()
{
  openssl x509 -in $crt -noout $opt
}

CheckRemoteCert()
{
  echo |
  openssl s_client $servername -connect $host

port 2>/dev/null |
  openssl x509 -noout $opt
}

if [ -z "$(type -t FormatOutput)" ]; then
  FormatOutput() { cat; }
fi

if [ -z "$opt" ]; then
  opt="-text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux"
fi

if [ -z "$source" ]; then
  echo "ERROR: missing certificate source."
  echo "

rovide one via '--file' or '--host' arguments."
  echo "See '--help' for examples."
  exit 1
fi

if [ "$source" == "local" ]; then
  [ -n "$DEBUG" ] && echo "DEBUG: certificate source is local file"
  if [ -z "$crt" ]; then
echo "ERROR: missing certificate file"
exit 1
  fi
  [ -n "$DEBUG" ] && echo
  CheckLocalCert | FormatOutput
fi

if [ "$source" == "remote" ]; then
  [ -n "$DEBUG" ] && echo "DEBUG: certificate source is remote host"
  if [ -z "$host" ]; then
echo "ERROR: missing remote host value."
echo "

rovide one via '--host' argument"
exit 1
  fi
  if [ -z "$port" ]; then
[ -n "$DEBUG" ] && echo "DEBUG: defaulting to 443 for port."
port="443"
  fi
  [ -n "$DEBUG" ] && echo
  CheckRemoteCert | FormatOutput
fi

这里的[ -n "$DEBUG"]
我应该如何来理解？

文库|博客

christmas1102

小富即安

论坛徽章:: 4

2楼 [报告]

发表于 2018-05-23 14:46 |只看该作者

fun() {
cat
}

复制代码

实战分享：从技术角度谈机器学习入门| 【大话IT】RadonDB低门槛向MySQL集群下战书 | ChinaUnix打赏功能已上线！ | 新一代分布式关系型数据库RadonDB知多少？

274920831

丰衣足食

论坛徽章:: 5

3楼 [报告]

发表于 2018-05-23 15:30 |只看该作者

回复 2# christmas1102

谢谢christmas1102 ，我如何理解[-n "$DEBUG"]这个命令，按照我的理解是验证DEBUG这个字符串的长度是否非0，如果非0才会执行后面的命令。if [ "$source" == "local" ]; then
[ -n "$DEBUG" ] && echo "DEBUG: certificate source is local file"

但是我脚本里面并没有对这个DEBUG进行定义，那是否说明$DEBUG的长度为0，所以就不会执行后面的 echo "DEBUG: certificate source is local file"

我的理解是否正确？

274920831

丰衣足食

论坛徽章:: 5

4楼 [报告]

发表于 2018-05-23 16:11 |只看该作者

https://gist.github.com/stevenringo/2fe5000d8091f800aee4bb5ed1e800a6

脚本写少了一点。

具体的脚本如下：

#!/bin/bash

	usage()
	{
	cat [color=rgb(3, 47, 9]<<EOF
	[color=rgb(3, 47, 9]Usage: $(basename $0) [options]
	[color=rgb(3, 47, 9]
	[color=rgb(3, 47, 9]This shell script is a simple wrapper around the openssl binary. It uses
	[color=rgb(3, 47, 9]s_client to get certificate information from remote hosts, or x509 for local
	[color=rgb(3, 47, 9]certificate files. It can parse out some of the openssl output or just dump all
	[color=rgb(3, 47, 9]of it as text.
	[color=rgb(3, 47, 9]
	[color=rgb(3, 47, 9]Options:
	[color=rgb(3, 47, 9]
	--all-info Print all output, including boring things like Modulus and
	Exponent.

	--alt Print Subject Alternative Names. These will be typically be
	additional hostnames that the certificate is valid for.

	--cn Print commonName from Subject. This is typically the host for
	which the certificate was issued.

	--debug Print additional info that might be helpful when debugging this
	script.

	--end Print certificate expiration date. For additional functionality
	related to certificate expiration, take a look at this script:
	"http://prefetch.net/code/ssl-cert-check".

	--dates Print start and end dates of when the certificate is valid.

	--file Use a local certificate file for input.

	--help Print this help message.

	--host Fetch the certificate from this remote host.

	--name Specify a specific domain name (Virtual Host) along with the
	request. This value will be used as the '-servername' in the
	s_client command. This is for TLS SNI (Server Name Indication).

	--issuer Print the certificate issuer.

	--most-info Print almost everything. Skip boring things like Modulus and
	Exponent.

	--option Pass any openssl option through to openssl to get its raw
	output.

	--port Use this port when conneting to remote host. If ommitted, port
	defaults to 443.

	--subject Print the certificate Subject -- typically address and org name.

	Examples:

	1. Print a list of all hostnames that the certificate used by amazon.com
	is valid for.

	$(basename $0) --host amazon.com --alt
	DNS:uedata.amazon.com
	DNS:amazon.com
	DNS:amzn.com
	DNS:www.amzn.com
	DNS:www.amazon.com

	2. Print issuer of certificate used by smtp.gmail.com. Fetch certficate info
	over port 465.

	$(basename $0) --host smtp.gmail.com --port 465 --issuer
	issuer=
	countryName = US
	organizationName = Google Inc
	commonName = Google Internet Authority G2

	3. Print valid dates for the certificate, using a local file as the source of
	certificate data. Dates are formatted using the date command and display
	time in your local timezone instead of GMT.

	$(basename $0) --file /path/to/file.crt --dates
	valid from: 2014-02-04 16:00:00 PST
	valid till: 2017-02-04 15:59:59 PST


	4. Print certificate serial number. This script doesn't have a special option
	to parse out the serial number, so will use the generic --option flag to
	pass '-serial' through to openssl.

	$(basename $0) --host gmail.com --option -serial
	serial=4BF004B4DDC9C2F8

	EOF
	}

	if ! [ -x "$(type -P openssl)" ]; then
	echo "ERROR: script requires openssl"
	echo "For Debian and friends, get it with 'apt-get install openssl'"
	exit 1
	fi

	while [ "$1" ]; do
	case "$1" in
	--file)
	shift
	crt="$1"
	source="local"
	;;
	--host)
	shift
	host="$1"
	source="remote"
	;;
	--port)
	shift
	port="$1"
	;;
	--name)
	shift
	servername="-servername $1"
	;;
	--all-info)
	opt="-text"
	;;
	--alt)
	FormatOutput() {
	grep -A1 "Subject Alternative Name:" \| tail -n1 \|
	tr -d ' ' \| tr ',' '\n'
	}
	;;
	--cn)
	opt="-subject -nameopt multiline"
	FormatOutput() {
	awk '/commonName/ {print$NF}'
	}
	;;
	--dates)
	opt="-dates"
	FormatOutput() {
	dates=$(cat -)
	start=$(grep Before <<<"$dates" \| cut -d= -f2-)
	end=$(grep After <<<"$dates" \| cut -d= -f2-)
	echo valid from: $(date -d "$start" '+%F %T %Z')
	echo valid till: $(date -d "$end" '+%F %T %Z')
	}
	;;
	--end)
	opt="-enddate"
	FormatOutput() {
	read end
	end=$(cut -d= -f2- <<<"$end"
	date -d "$end" '+%F %T %Z'
	}
	;;
	--issuer)
	opt="-issuer -nameopt multiline"
	;;
	--most-info)
	opt="-text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux"
	;;
	--option)
	shift
	opt="$1"
	;;
	--subject)
	opt="-subject -nameopt multiline"
	;;
	--help)
	usage
	exit 0
	;;
	--debug)
	DEBUG="yes"
	;;
	*)
	echo "$(basename $0): invalid option $1" >&2
	echo "see --help for usage"
	exit 1
	;;
	esac
	shift
	done

	CheckLocalCert()
	{
	openssl x509 -in $crt -noout $opt
	}

	CheckRemoteCert()
	{
	echo \|
	openssl s_client $servername -connect $hostport 2>/dev/null \|
	openssl x509 -noout $opt
	}

	if [ -z "$(type -t FormatOutput)" ]; then
	FormatOutput() { cat; }
	fi

	if [ -z "$opt" ]; then
	opt="-text -certopt no_header,no_version,no_serial,no_signame,no_pubkey,no_sigdump,no_aux"
	fi

	if [ -z "$source" ]; then
	echo "ERROR: missing certificate source."
	echo "rovide one via '--file' or '--host' arguments."
	echo "See '--help' for examples."
	exit 1
	fi

	if [ "$source" == "local" ]; then
	[ -n "$DEBUG" ] && echo "DEBUG: certificate source is local file"
	if [ -z "$crt" ]; then
	echo "ERROR: missing certificate file"
	exit 1
	fi
	[ -n "$DEBUG" ] && echo
	CheckLocalCert \| FormatOutput
	fi

	if [ "$source" == "remote" ]; then
	[ -n "$DEBUG" ] && echo "DEBUG: certificate source is remote host"
	if [ -z "$host" ]; then
	echo "ERROR: missing remote host value."
	echo "rovide one via '--host' argument"
	exit 1
	fi
	if [ -z "$port" ]; then
	[ -n "$DEBUG" ] && echo "DEBUG: defaulting to 443 for port."
	port="443"
	fi
	[ -n "$DEBUG" ] && echo
	CheckRemoteCert \| FormatOutput
	fi

christmas1102

小富即安

论坛徽章:: 4

5楼 [报告]

发表于 2018-05-23 16:42 |只看该作者

本帖最后由 christmas1102 于 2018-05-23 17:04 编辑

回复 3# 274920831

[-n "$DEBUG"]个人觉得你说的没错呀，检测下变量是否有赋值，无值或空值都为假 && 后面一并不执行

(var=;test -n "$var" && echo yes || echo no)

复制代码

274920831

丰衣足食

论坛徽章:: 5

6楼 [报告]

发表于 2018-05-23 18:00 |只看该作者

谢谢christmas1102 ，脚本里面的这个函数：

FormatOutput()
         {
         dates=$(cat -)
         start=$(grep Before <<<"$dates" | cut -d= -f2-)
         end=$(grep After <<<"$dates" | cut -d= -f2-)
         echo valid from: $(date -d "$start" '+%F %T %Z')
         echo valid till: $(date -d "$end" '+%F %T %Z')
         }

我问一下，cat - 是什么意思？

grep Before <<< "$dates" | cut -d= -f2-
这里的<<<是什么意思？