i2p.i2p/tests/scripts/checkcerts.sh

#!/bin/sh
#
# Run 'openssl x509' or 'certtool -i' on all certificate files
# Returns nonzero on failure. Fails if cert cannot be read or is older than
# $SOON (default 30).
#
# zzz 2011-08
# kytv 2013-03
# public domain
#

# How soon is too soon for a cert to expire?
# By default <= 30 will fail. 60 < x < 30 will warn.
WARN=60
SOON=30


if [ $(which openssl) ]; then
    OPENSSL=1
elif [ $(which certtool) ]; then : ;else
    echo "ERROR: Neither certtool nor openssl were found..." >&2
    exit 1
fi

CHECKCERT() {
    if [ $OPENSSL ]; then
        DATA=$(openssl x509 -enddate -noout -in $1| cut -d'=' -f2-)
    else
        DATA=$(certtool -i < "$1" | sed -e '/Not\sAfter/!d' -e 's/^.*:\s\(.*\)/\1/')
    fi
    # While this isn't strictly needed it'll ensure that the output is consistent,
    # regardles of the tool used.
    date -u -d "$(echo $DATA)" '+%F %H:%M'
}


cd `dirname $0`/../../installer/resources/certificates

NOW=$(date -u '+%s')

for i in *.crt
do
    echo "Checking $i ..."
    EXPIRES=`CHECKCERT $i`
    if [ -z "$EXPIRES" ]; then
        echo "********* FAILED CHECK FOR $i *************"
        FAIL=1
    else
        SECS=$(date -u -d "$EXPIRES" '+%s')
        DAYS="$(expr \( $SECS - $NOW \) / 86400)"
        if [ $DAYS -ge $SOON ]; then
            echo "Expires in $DAYS days ($EXPIRES)"
        elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then
            echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******"
            FAIL=1
        elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then
            echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******"
        elif [ $DAYS -eq 1 ]; then
            DAYS=$(echo $DAYS | sed 's/^-//')
            echo "****** Check for $I failed, expires in $DAYS day ($EXPIRES) ******"
            FAIL=1
        elif [ $DAYS -eq 0 ]; then
            echo "****** Check for $i failed, expires today ($EXPIRES) ******"
            FAIL=1
        elif [ $DAYS -le 0 ]; then
            DAYS=$(echo $DAYS | sed 's/^-//')
            echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******"
            FAIL=1
        fi
    fi
done

if [ -n "$FAIL" ]; then
    echo "******** At least one file failed check *********"
else
    echo "All files passed"
fi

[ -n $FAIL ] && exit $FAIL
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`#!/bin/sh`
simple test script 2011-08-27 15:27:15 +00:00			`#`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`# Run 'openssl x509' or 'certtool -i' on all certificate files`
			`# Returns nonzero on failure. Fails if cert cannot be read or is older than`
			`# $SOON (default 30).`
simple test script 2011-08-27 15:27:15 +00:00			`#`
			`# zzz 2011-08`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`# kytv 2013-03`
simple test script 2011-08-27 15:27:15 +00:00			`# public domain`
			`#`

various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`# How soon is too soon for a cert to expire?`
			`# By default <= 30 will fail. 60 < x < 30 will warn.`
			`WARN=60`
			`SOON=30`


remove debug text 2013-03-30 02:26:37 +00:00			`if [ $(which openssl) ]; then`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`OPENSSL=1`
			`elif [ $(which certtool) ]; then : ;else`
			`echo "ERROR: Neither certtool nor openssl were found..." >&2`
			`exit 1`
			`fi`

			`CHECKCERT() {`
			`if [ $OPENSSL ]; then`
			`DATA=$(openssl x509 -enddate -noout -in $1\| cut -d'=' -f2-)`
			`else`
			`DATA=$(certtool -i < "$1" \| sed -e '/Not\sAfter/!d' -e 's/^.:\s\(.\)/\1/')`
			`fi`
			`# While this isn't strictly needed it'll ensure that the output is consistent,`
			`# regardles of the tool used.`
			`date -u -d "$(echo $DATA)" '+%F %H:%M'`
			`}`


simple test script 2011-08-27 15:27:15 +00:00			cd `dirname $0`/../../installer/resources/certificates

various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`NOW=$(date -u '+%s')`

			`for i in *.crt`
simple test script 2011-08-27 15:27:15 +00:00			`do`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`echo "Checking $i ..."`
			EXPIRES=`CHECKCERT $i`
			`if [ -z "$EXPIRES" ]; then`
			`echo "******* FAILED CHECK FOR $i ***********"`
			`FAIL=1`
			`else`
			`SECS=$(date -u -d "$EXPIRES" '+%s')`
			`DAYS="$(expr \( $SECS - $NOW \) / 86400)"`
			`if [ $DAYS -ge $SOON ]; then`
			`echo "Expires in $DAYS days ($EXPIRES)"`
			`elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then`
			`echo "**** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ****"`
			`FAIL=1`
			`elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then`
			`echo "**** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ****"`
			`elif [ $DAYS -eq 1 ]; then`
			`DAYS=$(echo $DAYS \| sed 's/^-//')`
			`echo "**** Check for $I failed, expires in $DAYS day ($EXPIRES) ****"`
			`FAIL=1`
			`elif [ $DAYS -eq 0 ]; then`
			`echo "**** Check for $i failed, expires today ($EXPIRES) ****"`
			`FAIL=1`
			`elif [ $DAYS -le 0 ]; then`
			`DAYS=$(echo $DAYS \| sed 's/^-//')`
			`echo "**** Check for $i failed, expired $DAYS days ago ($EXPIRES) ****"`
			`FAIL=1`
			`fi`
			`fi`
simple test script 2011-08-27 15:27:15 +00:00			`done`

various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`if [ -n "$FAIL" ]; then`
			`echo "****** At least one file failed check *******"`
simple test script 2011-08-27 15:27:15 +00:00			`else`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00			`echo "All files passed"`
simple test script 2011-08-27 15:27:15 +00:00			`fi`
various updates to checkcerts script - add support for 'openssl' - parse expiration date, failing if expired or if expires within 30 days - warn at 60 2013-03-30 02:22:23 +00:00
			`[ -n $FAIL ] && exit $FAIL`