From 2e932e03e18357904786147538f7777b3f7bf8b4 Mon Sep 17 00:00:00 2001
From: Erich Eckner <git@eckner.net>
Date: Sun, 10 May 2020 10:20:08 +0200
Subject: crypt-expiry-check: allow to specify different warning intervals per
 to-be-checked item

---
 crypt-expiry-check.in | 27 ++++++++++++++++++---------
 1 file changed, 18 insertions(+), 9 deletions(-)

diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in
index 4777ea8..25988ce 100755
--- a/crypt-expiry-check.in
+++ b/crypt-expiry-check.in
@@ -299,7 +299,7 @@ check_server_status() {
         set_retcode 3
     
     else
-        check_file_status ${CERT_TMP} $1 $2
+        check_file_status ${CERT_TMP} $1 $2 $3
     fi
 }
 
@@ -315,6 +315,7 @@ check_file_status() {
     CERTFILE=${1}
     HOST=${2}
     PORT=${3}
+    FWARNDAYS=${4:-${WARNDAYS}}
 
     ### Check to make sure the certificate file exists
     if [ ! -r ${CERTFILE} ] || [ ! -s ${CERTFILE} ]
@@ -383,7 +384,7 @@ check_file_status() {
         prints ${HOST} ${PORT} "Expired" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP}
         set_retcode 2
 
-    elif [ ${CERTDIFF} -lt ${WARNDAYS} ]
+    elif [ ${CERTDIFF} -lt ${FWARNDAYS} ]
     then
         echo "The SSL certificate for ${HOST} \"(CN: ${COMMONNAME})\" will expire on ${CERTDATE}" >> ${MAILOUT_TMP}
         prints ${HOST} ${PORT} "Expiring" "${CERTDATE}" "${CERTDIFF}" "${CERTISSUER}" "${COMMONNAME}" "${SERIAL}" >> ${STDOUT_TMP}
@@ -404,6 +405,7 @@ check_gpg_key_status() {
 
     GPG_COMMAND="${1}"
     GPG_ADDRESS="${2}"
+    FWARNDAYS=${3:-${WARNDAYS}}
 
     ### Check to make sure gpg is available
     if [ ! -f "${GPG_COMMAND}" ]
@@ -445,7 +447,7 @@ check_gpg_key_status() {
         prints "GPG" " ${GPG_ADDRESS}" "Expired" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
         set_retcode 2
 
-    elif [ ${KEY_DIFF} -lt ${WARNDAYS} ]
+    elif [ ${KEY_DIFF} -lt ${FWARNDAYS} ]
     then
         echo "The GPG key for ${GPG_ADDRESS} will expire on ${KEY_DATE_STR}" >> ${MAILOUT_TMP}
         prints "GPG" " ${GPG_ADDRESS}" "Expiring" "${KEY_DATE_STR}" "${KEY_DIFF}" "" "" "" >> ${STDOUT_TMP}
@@ -614,21 +616,28 @@ done
 
 for (( i=0; i<${#SERVERFILES[@]}; i++ ))
 do
-    while read PORT HOST
+    while read FWARNDAYS PORT HOST
     do
         if [ "${PORT}" = "FILE" ]
         then
-            check_file_status "${HOST}" "FILE" "${HOST}"
+            check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}"
         elif [ "${PORT}" = "GPG" ]
         then
-            check_gpg_key_status "${GPG}" "${HOST}"
+            check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}"
         elif [[ "${PORT}" = "GPG:"* ]]
         then
-            check_gpg_key_status "$(which ${PORT#*:})" "${HOST}"
+            check_gpg_key_status "$(which ${PORT#*:})" "${HOST}" "${FWARNDAYS}"
         else
-            check_server_status "${HOST}" "${PORT}"
+            check_server_status "${HOST}" "${PORT}" "${FWARNDAYS}"
         fi
-    done < <(sed '/^#|^$/d;s/\(.*\S\) \+\(\S\+\)/\2 \1/' ${SERVERFILES[${i}]})
+    done < <(
+        sed '
+          /^#|^$/d
+          s/^\([0-9]\+\) \+\(.*\S\) \+\(\S\+\)$/\1 \3 \2/
+          t
+          s/^\(.*\S\) \+\(\S\+\)$/'"${WARNDAYS}"' \2 \1/
+        ' ${SERVERFILES[${i}]}
+    )
 done
 
 for (( i=0; i<${#CERTFILES[@]}; i++ ))
-- 
cgit v1.2.3