Trust store generator scripts for various Gemini clients
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

60 lines
1.8 KiB

#!/bin/sh
# This file is included in every trust store generator script.
#
# It defines a function which checks if the expiry date of a
# certificate is within the specified boundaries.
#
# Boundaries can be specified like this:
#
# ./generate.sh # all certs
# ./generate.sh 90+ # certs that will expire in more than 90 days from now
# ./generate.sh 30- # certs that have expired more than 30 days ago
# ./generate.sh 30- 90+ # both of the above; so certs are excluded if:
# # {30 days ago} < cert_expiry < {90 days from now}
# Get the provided boundaries, if any.
minus_timestamp=''
plus_timestamp=''
now=$(date +%s)
for arg in "$@"; do
sign=$(expr "$arg" : '^[0-9]*\(-\|+\)$')
if [ "$sign" = '-' ]; then
minus_days=$(expr "$arg" : '^\([0-9]*\)-$')
minus_timestamp=$((now - minus_days * 86400))
elif [ "$sign" = '+' ]; then
plus_days=$(expr "$arg" : '^\([0-9]*\)+$')
plus_timestamp=$((now + plus_days * 86400))
else
continue
fi
done
cert_is_not_within_expiry_boundaries() (
# If `return 0`, cert will be excluded.
if [ -z "$minus_timestamp" ] && [ -z "$plus_timestamp" ]; then
# No boundaries were specified.
return 1 # false
fi
# Get expiration date from certificate.
cert_exp=$(echo "$cert" | openssl x509 -enddate -noout | cut -d '=' -f 2)
# Convert it to Unix timestamp.
cert_exp=$(date -d "$cert_exp" +%s)
if [ -n "$minus_timestamp" ] && [ "$cert_exp" -lt "$minus_timestamp" ]; then
# $cert_exp < $minus_timestamp, so the cert is within boundaries.
return 1 # false
elif [ -n "$plus_timestamp" ] && [ "$cert_exp" -gt "$plus_timestamp" ]; then
# $cert_exp > $plus_timestamp, so the cert is within boundaries.
return 1 # false
fi
# Certs are excluded if:
# $minus_timestamp < $cert_exp < $plus_timestamp
return 0 # true
)