123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 |
- #!/bin/sh
- expired=0
- offset="+6 months"
- if [ "$1" != "" ]
- then
- offset=$1
- fi
- exp_expired="\
- /test/crit-cert.pem \
- /test/expired/expired-cert.pem \
- /test/expired/expired-ca.pem \
- /test/expired/expired-cert.der \
- /test/expired/expired-ca.der \
- /certeccrsa.pem \
- /certeccrsa.der
- "
- ignore="\
- /test/cert-ext-ns.der \
- /rsa3072.der \
- /rsa2048.der \
- /1024/rsa1024.der \
- "
- earliest=`date -d "$offset" +%s`
- check_expiry() {
-
- expiry=`date -d "$2" +%s`
-
- if [ $expiry -lt $earliest ]
- then
-
- result=expired
-
- for exp in $exp_expired
- do
- case $1 in
- *$exp)
- result=ignore
- break
- ;;
- esac
- done
-
- if [ "$result" = "expired" ]
- then
- echo "$1 expires at:"
- echo " '$2' (< $offset)"
- expired=1
- fi
- fi
- }
- check_file() {
-
- for i in $ignore
- do
- case $1 in
- *$i)
- return
- ;;
- esac
- done
-
- case $1 in
- *key*) ;;
- *dh*) ;;
- *params*) ;;
- *priv*) ;;
- *pub*) ;;
- *dsa*) ;;
- *crl*)
-
- next_update=`openssl crl -in $file $inform -noout -nextupdate 2>&1`
- if [ "$?" != "0" ]
- then
-
- echo "$file not a crl"
- else
-
- next_update="${next_update#*=}"
- check_expiry $file "$next_update"
- fi
- ;;
- *)
-
- not_after=`openssl x509 -in $file $inform -noout -enddate 2>&1`
- if [ "$?" != "0" ]
- then
-
- echo "$file not a certificate"
- else
-
- not_after="${not_after#*=}"
- check_expiry $file "$not_after"
- fi
- ;;
- esac
- }
- inform="-inform PEM"
- pem_files=`find . -name '*.pem'`
- for file in $pem_files
- do
- check_file $file
- done
- inform="-inform DER"
- der_files=`find . -name '*.der'`
- for file in $der_files
- do
- check_file $file
- done
- return $expired
|