#!/usr/bin/sh
# print out the hash values
#
# 2011-03-06 jed
#   - added help menu
#   - added command line switch to show old hashes too

if [ "$1" = "--help" -o "$1" = "-?" ]
then
    echo "Usage: $0 [-compat_old] cert file(s)"
else
    if [ "$1" = "-compat_old" ]
    then
        shift

        # check if openssl binary supports -subject_hash_old switch
        tmp=/tmp/hash.$$
        openssl x509 --help 2> ${tmp}
        grep -q "subject_hash_old" ${tmp}

        if [ $? -eq 0 ]
        then
            compat_old=1
        else
            compat_old=0
        fi

        rm -f ${tmp}
    else
        compat_old=0
    fi

    for i in $*
    do
        if [ ${compat_old} -eq 1 ]
        then
            h=`openssl x509 -subject_hash -noout -in $i`
            echo "NEW: $h.0 => $i"
            h=`openssl x509 -subject_hash_old -noout -in $i`
            echo "OLD: $h.0 => $i"
        else
            h=`openssl x509 -subject_hash -noout -in $i`
            echo "$h.0 => $i"
        fi
    done
fi