evolix/shellpki
21
0
Fork 0
Code Issues Pull requests Releases 3 Wiki Activity

Add check subcommand for expiration alert

Browse source
This commit is contained in:
Victor LABORIE 2018-02-21 11:25:00 +01:00
parent 2e2e59790a
commit c5ba184692
1 changed files with 30 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

30
shellpki.sh
View file

@ -53,6 +53,10 @@ List all actually valid commonName (CN) :
${0} list [-a|v|r] ${0} list [-a|v|r]
Check expiration date of valid certificates :
${0} check
EOF EOF
} }
@ -306,6 +310,27 @@ list() {
echo "${certs}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs -n1 echo "${certs}" | grep -Eo "CN\s*=[^,/]*" | cut -d'=' -f2 | xargs -n1
} }
check() {
# default expiration alert
# TODO : permit override with parameters
min_day=90
cur_epoch=$(date -u +'%s')
for cert in ${CRTDIR}/*; do
end_date=$(openssl x509 -noout -enddate -in "${cert}" | cut -d'=' -f2)
end_epoch=$(date -ud "${end_date}" +'%s')
diff_epoch=$((end_epoch - cur_epoch))
diff_day=$((diff_epoch/60/60/24))
if [ "${diff_day}" -lt "${min_day}" ]; then
if [ "${diff_day}" -le 0 ]; then
echo "${cert} has expired"
else
echo "${cert} expire in ${diff_day} days"
fi
fi
done
}
main() { main() {
[ "$(id -u)" -eq 0 ] || error "Please become root before running ${0} !" [ "$(id -u)" -eq 0 ] || error "Please become root before running ${0} !"
@ -363,6 +388,11 @@ main() {
list "$@" list "$@"
;; ;;
check)
shift
check "$@"
;;
*) *)
usage >&2 usage >&2
exit 1 exit 1