Use kingpin for command parsing; make SNI a flag instead

Author: colinodell

README.md

@@ -11,7 +11,7 @@ Either build it yourself or grab a pre-compiled download from the [Releases](htt
 To check a certificate, simply run:
 
 ```bash
-./check-ssl [domain]
+./check-ssl [server]
 ```
 
 ![](screenshot.png)
@@ -21,9 +21,12 @@ Example of allowed arguments include:
  - `example.com`
  - `example.com:443`
  - `https://www.example.com:443/foo/bar`
+ - `93.184.216.34`
 
 By default, it'll resolve the IP of the given domain and test against that server.  But you can also use this tool to check other servers by providing two arguments: the server to test and the SNI to use.  For example:
 
 ```bash
-./check-ssl [server] [SNI domain]
+./check-ssl [server] --sni=[SNI domain]
+
+./check-ssl example.com --sni=foo.example.com
 ```

go.mod

@@ -6,5 +6,6 @@ require (
 	github.com/cloudflare/cfssl v1.6.1
 	github.com/dustin/go-humanize v1.0.0
 	github.com/logrusorgru/aurora v0.0.0-20200102142835-e9ef32dff381
+	gopkg.in/alecthomas/kingpin.v2 v2.2.6
 	golang.org/x/crypto v0.0.0-20210506145944-38f3c27a63bf
 )

go.sum

@@ -79,9 +79,11 @@ github.com/akavel/rsrc v0.8.0/go.mod h1:uLoCtb9J+EyAqh+26kdrTgmzRBFPGOolLWKpdxkK
 github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
 github.com/alecthomas/kingpin v2.2.6+incompatible/go.mod h1:59OFYbFVLKQKq+mqrL6Rw5bR0c3ACQaawgXx0QYndlE=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 h1:JYp7IbQjafoB+tBA3gMyHYHrpOtNuDiK/uB5uXxq5wM=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d h1:UQZhZ2O0vMHr2cI+DC1Mbh0TJxzA3RcLoMsFw+aXw7E=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
 github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
@@ -1106,6 +1108,7 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba
 google.golang.org/protobuf v1.25.1-0.20200805231151-a709e31e5d12/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c=
 google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6 h1:jMFz6MfLP0/4fUyZle81rXUoxOBFi19VUFKVDOQfozc=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=

main.go

@@ -7,6 +7,7 @@ import (
 	"github.com/cloudflare/cfssl/log"
 	"github.com/cloudflare/cfssl/revoke"
 	"github.com/dustin/go-humanize"
+	"gopkg.in/alecthomas/kingpin.v2"
 	"net"
 	"net/url"
 	"os"
@@ -16,26 +17,21 @@ import (
 	. "github.com/logrusorgru/aurora"
 )
 
+var (
+	server  = kingpin.Arg("host", "Hostname, IP, or URL of the server to check.").String()
+	sni     = kingpin.Flag("sni", "SNI server to use for the certificate (optional).").Short('s').String()
+)
+
 func main() {
-	if len(os.Args) < 2 || len(os.Args) > 3 {
-		fmt.Print("go-check-ssl: Simple command line utility to check the status of an SSL certificate.\n\n")
-		fmt.Printf("Usage: %s server [domain]\n", os.Args[0])
-		fmt.Println()
-		fmt.Print("Arguments:\n")
-		fmt.Print("  - 'server' should be any valid hostname, IP, or URL to test\n")
-		fmt.Print("  - '[domain]' allows you to provide an arbitrary domain name to use for SNI\n")
-		fmt.Println()
-		fmt.Print("Example usage:\n")
-		fmt.Printf("  - %s example.com\n", os.Args[0])
-		fmt.Printf("  - %s https://www.example.com:443/foo/bar\n", os.Args[0])
-		fmt.Printf("  - %s 93.184.216.34 www.example.com\n", os.Args[0])
-		fmt.Printf("  - %s 93.184.216.34:443 www.example.com\n", os.Args[0])
+	log.SetLogger(new(logger))
+
+	kingpin.Parse()
+	if server == nil || *server == "" {
+		kingpin.Usage()
 		os.Exit(1)
 	}
 
-	log.SetLogger(new(logger))
-
-	input := os.Args[1]
+	input := *server
 	if !strings.Contains(input, "://") {
 		input = "https://" + input
 	}
@@ -46,7 +42,7 @@ func main() {
 		os.Exit(1)
 	}
 
-	// Hostname is used for SNI
+	// Hostname is used for SNI by default
 	hostname := parsedUrl.Hostname()
 	// Server is used for the underlying connection
 	server := hostname
@@ -55,9 +51,9 @@ func main() {
 		port = "443"
 	}
 
-	// Did the user provide a different hostname to use for SNI?
-	if len(os.Args) > 2 {
-		hostname = os.Args[2]
+	// Did the user provide a different server to use for SNI?
+	if sni != nil && *sni != "" {
+		hostname = *sni
 	}
 
 	// Resolve the IP of the server