diff options
| author | Erich Eckner <git@eckner.net> | 2020-12-01 09:13:20 +0100 |
|---|---|---|
| committer | Erich Eckner <git@eckner.net> | 2020-12-01 09:13:20 +0100 |
| commit | 32563766ab38bce038e42c1b53e5e359369614bb (patch) | |
| tree | 37ccd63f455457c7bfb6fe93679c3dcfa99c38a4 /crypt-expiry-check.in | |
| parent | 0c1d1578f402b79e14becc2e9597e227e150df2e (diff) | |
| download | crypt-expiry-check-32563766ab38bce038e42c1b53e5e359369614bb.tar.xz | |
crypt-expiry-check: learn how to download cert file before checking ("-r" / "REMOTEFILE")
Diffstat (limited to 'crypt-expiry-check.in')
| -rwxr-xr-x | crypt-expiry-check.in | 41 |
1 files changed, 39 insertions, 2 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 25988ce..3846d7f 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -305,6 +305,32 @@ check_server_status() { ##################################################### ### Check the expiration status of a certificate file +### on a remote location +### Accepts three parameters: +### $1 -> certificate file to process +### $2 -> Server name +### $3 -> Port number of certificate +##################################################### +check_remote_file_status() { + + CERTURL=${1} + HOST=${2} + PORT=${3} + FWARNDAYS=${4:-${WARNDAYS}} + + if ! curl -so "${CERT_TMP}" "${CERTURL}" + then + >&2 echo "ERROR: Could not retrieve the certificate at '${CERTURL}'." + set_returncode 1 + return + fi + + check_file_status "${CERT_TMP}" "${HOST}" "${PORT}" "${FWARNDAYS}" + +} + +##################################################### +### Check the expiration status of a certificate file ### Accepts three parameters: ### $1 -> certificate file to process ### $2 -> Server name @@ -461,7 +487,7 @@ check_gpg_key_status() { ################################# ### Start of main program ################################# -while getopts abc:e:f:g:G:hik:nqs:t:x:v:VZ option +while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option do case "${option}" in @@ -500,6 +526,9 @@ do q) QUIET=true ;; + r) + REMOTECERTFILES[${#REMOTECERTFILES[@]}]=${OPTARG} + ;; s) HOSTS[${#HOSTS[@]}]=${OPTARG%:*} PORTS[${#PORTS[@]}]=${OPTARG#*:} @@ -600,7 +629,7 @@ else exit 1 fi -if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] +if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] then >&2 echo "ERROR: Nothing to check." usage @@ -621,6 +650,9 @@ do if [ "${PORT}" = "FILE" ] then check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}" + elif [ "${PORT}" = "REMOTEFILE" ] + then + check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}" elif [ "${PORT}" = "GPG" ] then check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}" @@ -645,6 +677,11 @@ do check_file_status "${CERTFILES[${i}]}" "FILE" "${CERTFILES[${i}]}" done +for (( i=0; i<${#REMOTECERTFILES[@]}; i++ )) +do + check_remote_file_status "${REMOTECERTFILES[${i}]}" "REMOTEFILE" "${REMOTECERTFILES[${i}]}" +done + for (( i=0; i<${#CHECKADDRESSES[@]}; i++ )) do check_gpg_key_status "${CHECKADDRESSBINARIES[${i}]}" "${CHECKADDRESSES[${i}]}" |