From 32563766ab38bce038e42c1b53e5e359369614bb Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Tue, 1 Dec 2020 09:13:20 +0100 Subject: crypt-expiry-check: learn how to download cert file before checking ("-r" / "REMOTEFILE") --- crypt-expiry-check.in | 41 +++++++++++++++++++++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) diff --git a/crypt-expiry-check.in b/crypt-expiry-check.in index 25988ce..3846d7f 100755 --- a/crypt-expiry-check.in +++ b/crypt-expiry-check.in @@ -303,6 +303,32 @@ check_server_status() { fi } +##################################################### +### Check the expiration status of a certificate file +### on a remote location +### Accepts three parameters: +### $1 -> certificate file to process +### $2 -> Server name +### $3 -> Port number of certificate +##################################################### +check_remote_file_status() { + + CERTURL=${1} + HOST=${2} + PORT=${3} + FWARNDAYS=${4:-${WARNDAYS}} + + if ! curl -so "${CERT_TMP}" "${CERTURL}" + then + >&2 echo "ERROR: Could not retrieve the certificate at '${CERTURL}'." + set_returncode 1 + return + fi + + check_file_status "${CERT_TMP}" "${HOST}" "${PORT}" "${FWARNDAYS}" + +} + ##################################################### ### Check the expiration status of a certificate file ### Accepts three parameters: @@ -461,7 +487,7 @@ check_gpg_key_status() { ################################# ### Start of main program ################################# -while getopts abc:e:f:g:G:hik:nqs:t:x:v:VZ option +while getopts abc:e:f:g:G:hik:nqr:s:t:x:v:VZ option do case "${option}" in @@ -500,6 +526,9 @@ do q) QUIET=true ;; + r) + REMOTECERTFILES[${#REMOTECERTFILES[@]}]=${OPTARG} + ;; s) HOSTS[${#HOSTS[@]}]=${OPTARG%:*} PORTS[${#PORTS[@]}]=${OPTARG#*:} @@ -600,7 +629,7 @@ else exit 1 fi -if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] +if [ $[${#HOSTS[@]} + ${#SERVERFILES[@]} + ${#CERTFILES[@]} + ${#REMOTECERTFILES[@]} + ${#CHECKADDRESSES[@]}] -eq 0 ] then >&2 echo "ERROR: Nothing to check." usage @@ -621,6 +650,9 @@ do if [ "${PORT}" = "FILE" ] then check_file_status "${HOST}" "FILE" "${HOST}" "${FWARNDAYS}" + elif [ "${PORT}" = "REMOTEFILE" ] + then + check_remote_file_status "${HOST}" "REMOTEFILE" "${HOST}" "${FWARNDAYS}" elif [ "${PORT}" = "GPG" ] then check_gpg_key_status "${GPG}" "${HOST}" "${FWARNDAYS}" @@ -645,6 +677,11 @@ do check_file_status "${CERTFILES[${i}]}" "FILE" "${CERTFILES[${i}]}" done +for (( i=0; i<${#REMOTECERTFILES[@]}; i++ )) +do + check_remote_file_status "${REMOTECERTFILES[${i}]}" "REMOTEFILE" "${REMOTECERTFILES[${i}]}" +done + for (( i=0; i<${#CHECKADDRESSES[@]}; i++ )) do check_gpg_key_status "${CHECKADDRESSBINARIES[${i}]}" "${CHECKADDRESSES[${i}]}" -- cgit v1.2.3-70-g09d2