|
@@ -59,6 +59,8 @@ $program accepts the following options:
|
|
|
can be specified multiple times on the command line in order to verify
|
|
|
multiple certificates.
|
|
|
|
|
|
-q
|
|
|
Enable quiet mode. Output only warnings and errors.
|
|
|
|
|
|
-d
|
|
|
Enable debug output.
|
|
@@ -121,17 +123,15 @@ fi
|
|
|
|
|
|
# Set-up functions for printing coloured messages.
|
|
|
function debug() {
|
|
|
if [[ $DEBUG != 0 ]]; then
|
|
|
echo "${_text_bold}${_text_blue}[DEBUG]${_text_reset}" "$@"
|
|
|
fi
|
|
|
[[ $DEBUG != 0 ]] && echo "${_text_bold}${_text_blue}[DEBUG]${_text_reset}" "$@"
|
|
|
}
|
|
|
|
|
|
function info() {
|
|
|
echo "${_text_bold}${_text_white}[INFO] ${_text_reset}" "$@"
|
|
|
[[ $QUIET == 0 ]] && echo "${_text_bold}${_text_white}[INFO] ${_text_reset}" "$@"
|
|
|
}
|
|
|
|
|
|
function success() {
|
|
|
echo "${_text_bold}${_text_green}[OK] ${_text_reset}" "$@"
|
|
|
[[ $QUIET == 0 ]] && echo "${_text_bold}${_text_green}[OK] ${_text_reset}" "$@"
|
|
|
}
|
|
|
|
|
|
function warning() {
|
|
@@ -155,24 +155,65 @@ function error() {
|
|
|
#
|
|
|
function check_expiration() {
|
|
|
local certificate_file="$1"
|
|
|
local certificate_file_expiration_date
|
|
|
local certificate_expiration_date certificate_expiration_date_in_seconds certificate_expires_in
|
|
|
local current_date_in_seconds
|
|
|
local expiration_period_seconds
|
|
|
local status
|
|
|
|
|
|
let expiration_period_seconds="$expiration_period"*24*60*60
|
|
|
|
|
|
debug "Running expiration check for file: $certificate_file"
|
|
|
debug "Expiration period set to: $expiration_period"
|
|
|
|
|
|
certificate_file_expiration_date=$(openssl x509 -enddate -noout -in "$certificate_file" | sed -e 's/^notAfter=//')
|
|
|
certificate_expiration_date=$(openssl x509 -enddate -noout -in "$certificate_file" | sed -e 's/^notAfter=//')
|
|
|
certificate_expiration_date_in_seconds=$(date -d "$certificate_expiration_date" "+%s")
|
|
|
current_date_in_seconds=$(date "+%s")
|
|
|
let certificate_expires_in="$certificate_expiration_date_in_seconds-$current_date_in_seconds"
|
|
|
|
|
|
if (( $certificate_expires_in >= 0 )); then
|
|
|
status="expires"
|
|
|
else
|
|
|
status="expired"
|
|
|
fi
|
|
|
|
|
|
if openssl x509 -noout -in "$certificate_file" -checkend "$expiration_period_seconds" > /dev/null; then
|
|
|
success "Expiration check ($expiration_period days) passed for $certificate_file (expires on $certificate_file_expiration_date)."
|
|
|
success "Certificate $certificate_file $status on $certificate_expiration_date, $(print_relative_period "$certificate_expires_in")."
|
|
|
return 0
|
|
|
else
|
|
|
error "Expiration check ($expiration_period days) failed for $certificate_file (expires on $certificate_file_expiration_date)."
|
|
|
error "Certificate $certificate_file $status on $certificate_expiration_date, $(print_relative_period "$certificate_expires_in")."
|
|
|
return 1
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
#
|
|
|
# Outputs period relative to current time in human-readable format
|
|
|
# with granularity in days.
|
|
|
#
|
|
|
# Arguments:
|
|
|
#
|
|
|
# $1 - Time period in seconds. Can be negative to denote past.
|
|
|
#
|
|
|
function print_relative_period() {
|
|
|
local seconds="$1"
|
|
|
local days leftover
|
|
|
|
|
|
let days="$seconds/(60*60*24)"
|
|
|
|
|
|
if (( $days == 1 )); then
|
|
|
echo "in $days day"
|
|
|
elif (( $days > 1 )); then
|
|
|
echo "in $days days"
|
|
|
elif (( $days == 0 && $seconds > 0 )); then
|
|
|
echo "in less than a day"
|
|
|
elif (( $days == 0 && $seconds < 0 )); then
|
|
|
echo "less than a day ago"
|
|
|
elif (( $days == -1 )); then
|
|
|
echo "one day ago"
|
|
|
elif (( $days < -1 )); then
|
|
|
echo "${days#-} days ago"
|
|
|
fi
|
|
|
}
|
|
|
|
|
|
# Exit codes
|
|
|
ERROR_SUCCESS=0
|
|
|
ERROR_PARAMETERS=1
|
|
@@ -186,6 +227,7 @@ fi
|
|
|
|
|
|
# Disable debug by default.
|
|
|
DEBUG=0
|
|
|
QUIET=0
|
|
|
|
|
|
# Set-up default option values.
|
|
|
let expiration_period=30
|
|
@@ -195,11 +237,12 @@ certificate_files=()
|
|
|
configuration_directory="/etc/check_certificate"
|
|
|
|
|
|
# Parse the arguments
|
|
|
while getopts "e:c:C:xdvh" opt; do
|
|
|
while getopts "e:c:C:xqdvh" opt; do
|
|
|
case "$opt" in
|
|
|
e) let expiration_period="$OPTARG";;
|
|
|
c) certificate_files+=("$OPTARG");;
|
|
|
C) configuration_directory="$OPTARG";;
|
|
|
q) QUIET=1;;
|
|
|
d) DEBUG=1;;
|
|
|
v) version
|
|
|
exit $ERROR_SUCCESS;;
|
|
@@ -238,9 +281,9 @@ if [[ ${#certificate_files[@]} == 0 ]]; then
|
|
|
done
|
|
|
fi
|
|
|
|
|
|
# Log a warning if list of certificates is empty.
|
|
|
# Inform user that no certificates have been configured for checking.
|
|
|
if [[ ${#certificate_files[@]} == 0 ]]; then
|
|
|
warning "No certificate files were specified for checking."
|
|
|
info "No certificate files were specified for checking."
|
|
|
fi
|
|
|
|
|
|
# Process the certificate files.
|