add fetch certificate from url

README.md

@@ -81,3 +81,12 @@ certctl help sign
 certctl show cert-filepath.crt
 certctl show csr-filepath.csr
 ```
+
+## Fetch certificate from URL
+
+```
+certctl fetch 192.168.122.10:8443
+certctl fetch https://pkg.go.dev/io
+certctl fetch golang.org
+certctl fetch golang.org --file golang.org.crt --noout
+```

cmd/fetch.go

@@ -2,12 +2,18 @@ package cmd
 
 import (
 	"errors"
+	"fmt"
+	"net/url"
+	"os"
+	"strings"
+	"text/tabwriter"
 
+	"github.com/chenzhiwei/certctl/pkg/cert"
 	"github.com/spf13/cobra"
 )
 
 var (
-	chain bool
+	noout bool
 	file  string
 
 	fetchCmd = &cobra.Command{
@@ -24,15 +30,60 @@ var (
 )
 
 func init() {
-	fetchCmd.Flags().BoolVar(&chain, "chain", true, "fetch certificate chain")
-	fetchCmd.Flags().StringVar(&file, "file", "", "save the fetched certificate to a file")
+	fetchCmd.Flags().BoolVar(&noout, "noout", false, "do not print the certificate info")
+	fetchCmd.Flags().StringVar(&file, "file", "", "save the certificate to a file")
 }
 
 func runFetch(args []string) error {
-	url := args[0]
-	if url == "" {
+	s := args[0]
+	if s == "" {
 		return errors.New("something went wrong")
 	}
 
+	if !strings.Contains(s, "://") {
+		s = "https://" + s
+	}
+
+	u, err := url.Parse(s)
+	if err != nil {
+		return err
+	}
+
+	if u.Scheme == "http" {
+		return errors.New("can't fetch certificate with http")
+	}
+
+	host := u.Host
+	if !strings.Contains(host, ":") && u.Scheme == "https" {
+		host = host + ":443"
+	}
+
+	certBytes, err := cert.FetchCert(host)
+	if err != nil {
+		return err
+	}
+
+	if file != "" {
+		if err := os.WriteFile(file, certBytes, 0644); err != nil {
+			return err
+		}
+	}
+
+	if !noout {
+		result, err := cert.GetCertInfo(certBytes)
+		if err != nil {
+			return err
+		}
+
+		writer := tabwriter.NewWriter(os.Stdout, 0, 8, 1, '\t', tabwriter.AlignRight)
+		for _, info := range result {
+			for k, v := range info {
+				fmt.Fprintf(writer, "%s\t%s\n", k, v)
+			}
+		}
+
+		writer.Flush()
+	}
+
 	return nil
 }

pkg/cert/fetch.go

@@ -0,0 +1,29 @@
+package cert
+
+import (
+	"bytes"
+	"crypto/tls"
+	"encoding/pem"
+)
+
+func FetchCert(addr string) ([]byte, error) {
+	conn, err := tls.Dial("tcp", addr, &tls.Config{InsecureSkipVerify: true})
+	if err != nil {
+		return nil, err
+	}
+	defer conn.Close()
+
+	certs := conn.ConnectionState().PeerCertificates
+
+	var buf bytes.Buffer
+	for _, crt := range certs {
+		b := pem.EncodeToMemory(&pem.Block{
+			Type:  "CERTIFICATE",
+			Bytes: crt.Raw,
+		})
+
+		buf.Write(b)
+	}
+
+	return buf.Bytes(), nil
+}