summaryrefslogtreecommitdiff
path: root/crypt-expiry-check.in
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2020-12-01 09:13:20 +0100
committerErich Eckner <git@eckner.net>2020-12-01 09:13:20 +0100
commit32563766ab38bce038e42c1b53e5e359369614bb (patch)
tree37ccd63f455457c7bfb6fe93679c3dcfa99c38a4 /crypt-expiry-check.in
parent0c1d1578f402b79e14becc2e9597e227e150df2e (diff)
downloadcrypt-expiry-check-32563766ab38bce038e42c1b53e5e359369614bb.tar.xz
crypt-expiry-check: learn how to download cert file before checking ("-r" / "REMOTEFILE")
Diffstat (limited to 'crypt-expiry-check.in')
-rwxr-xr-xcrypt-expiry-check.in41
1 files changed, 39 insertions, 2 deletions
diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 25988ce..3846d7f 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -305,6 +305,32 @@ check_server_status() {
#####################################################
### Check the expiration status of a certificate file
+### on a remote location
+### Accepts three parameters:
+### $1 -> certificate file to process
+### $2 -> Server name
+### $3 -> Port number of certificate
+#####################################################
+check_remote_file_status() {
+
+ CERTURL=${1}
+ HOST=${2}
+ PORT=${3}
+ FWARNDAYS=${4:-${WARNDAYS}}
+
+ if ! curl -so "${CERT_TMP}" "${CERTURL}"
+ then
+ >&2 echo "ERROR: Could not retrieve the certificate at '${CERTURL}'."
+ set_returncode 1
+ return
+ fi
+
+ check_file_status "${CERT_TMP}" "${HOST}" "${PORT}" "${FWARNDAYS}"
+
+}
+
+#####################################################
+### Check the expiration status of a certificate file
### Accepts three parameters:
### $1 -> certificate file to process
### $2 -> Server name
@@ -461,7 +487,7 @@ check_gpg_key_status() {
#################################
### Start of main program
#################################
-while getopts abc:e:f:g:G:hik:nqs:t:x:v:VZ option
+while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option
do
case "${option}"
in
@@ -500,6 +526,9 @@ do
q)
QUIET=true
;;
+ r)
+ REMOTECERTFILES[${#REMOTECERTFILES[@]}]=${OPTARG}
+ ;;
s)
HOSTS[${#HOSTS[@]}]=${OPTARG%:*}
PORTS[${#PORTS[@]}]=${OPTARG#*:}
@@ -600,7 +629,7 @@ else
exit 1
fi
-if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ]
+if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ]
then
>&2 echo "ERROR: Nothing to check."
usage
@@ -621,6 +650,9 @@ do
if [ "${PORT}" = "FILE" ]
then
check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}"
+ elif [ "${PORT}" = "REMOTEFILE" ]
+ then
+ check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}"
elif [ "${PORT}" = "GPG" ]
then
check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}"
@@ -645,6 +677,11 @@ do
check_file_status "${CERTFILES[${i}]}" "FILE" "${CERTFILES[${i}]}"
done
+for (( i=0; i<${#REMOTECERTFILES[@]}; i++ ))
+do
+ check_remote_file_status "${REMOTECERTFILES[${i}]}" "REMOTEFILE" "${REMOTECERTFILES[${i}]}"
+done
+
for (( i=0; i<${#CHECKADDRESSES[@]}; i++ ))
do
check_gpg_key_status "${CHECKADDRESSBINARIES[${i}]}" "${CHECKADDRESSES[${i}]}"