Use functions in cert-expirations.sh

2022-12-01 16:42:35 +01:00 · 2022-12-01 16:42:35 +01:00 · bd5e02bb87
parent e33722d440
commit bd5e02bb87
1 changed files with 118 additions and 66 deletions
--- a/cert-expirations.sh
+++ b/cert-expirations.sh
@ -1,31 +1,36 @@
 #!/bin/sh

-SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
+VERSION="22.04"

-if [ "${SYSTEM}" = "openbsd" ]; then
-    carp=$(/sbin/ifconfig carp0 2>/dev/null | grep 'status' | cut -d' ' -f2)
+show_version() {
+    cat <<END
+cert-expirations.sh version ${VERSION}

-    if [ "$carp" = "backup" ]; then
-        exit 0
-    fi
-fi
+Copyright 2020-2022 Evolix <info@evolix.fr>,
+                    Jérémy Lecour <jlecour@evolix.fr>,
+                    Jérémy Dubois <jdubois@evolix.fr>
+                    and others.

-cacert_path="/etc/openvpn/ssl/ca/cacert.pem"
-index_path="/etc/openvpn/ssl/ca/index.txt"
-somedays="3456000" # 40 days currently
-expired_certs=""
-expiring_soon_certs=""
-still_valid_certs=""
+cert-expirations.sh comes with ABSOLUTELY NO WARRANTY.  This is free software,
+and you are welcome to redistribute it under certain conditions.
+See the MIT Licence for details.
+END
+}

-echo "Warning : all times are in UTC !"
-echo ""
+show_usage() {
+    cat <<END
+Usage: ${0} [--version]
+END
+}
+
+check_ca_expiration() {
    echo "CA certificate:"
    openssl x509 -enddate -noout -in ${cacert_path} \
        | cut -d '=' -f 2 \
        | sed -e "s/^\(.*\)\ \(20..\).*/- \2 \1/"
+}

-echo ""
-
+check_certs_expiration() {
    # Syntax "cmd | { while read line; do var="foo"; done echo $var }" needed, otherwise $var is empty at the end of while loop
    grep ^V ${index_path} \
        | awk -F "/" '{print $1,$5}' \
@ -70,3 +75,50 @@ grep ^V ${index_path} \
        echo "Valid client certificates expiring later (in more than $((somedays / 60 / 60 / 24)) days):"
        echo "${still_valid_certs}"
    }
+}
+
+main() {
+    SYSTEM=$(uname | tr '[:upper:]' '[:lower:]')
+    
+    if [ "${SYSTEM}" = "openbsd" ]; then
+        carp=$(/sbin/ifconfig carp0 2>/dev/null | grep 'status' | cut -d' ' -f2)
+    
+        if [ "$carp" = "backup" ]; then
+            exit 0
+        fi
+    fi
+    
+    cacert_path="/etc/openvpn/ssl/ca/cacert.pem"
+    index_path="/etc/openvpn/ssl/ca/index.txt"
+    somedays="3456000" # 40 days currently
+    expired_certs=""
+    expiring_soon_certs=""
+    still_valid_certs=""
+
+    case "$1" in
+        version|--version)
+            show_version
+            exit 0
+        ;;
+
+        help|--help)
+            show_usage
+            exit 0
+        ;;
+
+        "")
+            echo "Warning : all times are in UTC !"
+            echo ""
+            check_ca_expiration
+            echo ""
+            check_certs_expiration
+        ;;
+
+        *)
+            show_usage >&2
+            exit 1
+        ;;
+    esac
+}
+
+main "$@"