61 lines
1.8 KiB
Bash
61 lines
1.8 KiB
Bash
#!/bin/sh
|
|
|
|
# This file is included in every trust store generator script.
|
|
#
|
|
# It defines a function which checks if the expiry date of a
|
|
# certificate is within the specified boundaries.
|
|
#
|
|
# Boundaries can be specified like this:
|
|
#
|
|
# ./generate.sh # all certs
|
|
# ./generate.sh 90+ # certs that will expire in more than 90 days from now
|
|
# ./generate.sh 30- # certs that have expired more than 30 days ago
|
|
# ./generate.sh 30- 90+ # both of the above; so certs are excluded if:
|
|
# # {30 days ago} < cert_expiry < {90 days from now}
|
|
|
|
|
|
# Get the provided boundaries, if any.
|
|
minus_timestamp=''
|
|
plus_timestamp=''
|
|
now=$(date +%s)
|
|
for arg in "$@"; do
|
|
sign=$(expr "$arg" : '^[0-9]*\(-\|+\)$')
|
|
if [ "$sign" = '-' ]; then
|
|
minus_days=$(expr "$arg" : '^\([0-9]*\)-$')
|
|
minus_timestamp=$((now - minus_days * 86400))
|
|
elif [ "$sign" = '+' ]; then
|
|
plus_days=$(expr "$arg" : '^\([0-9]*\)+$')
|
|
plus_timestamp=$((now + plus_days * 86400))
|
|
else
|
|
continue
|
|
fi
|
|
done
|
|
|
|
|
|
cert_is_not_within_expiry_boundaries() (
|
|
|
|
# If `return 0`, cert will be excluded.
|
|
|
|
if [ -z "$minus_timestamp" ] && [ -z "$plus_timestamp" ]; then
|
|
# No boundaries were specified.
|
|
return 1 # false
|
|
fi
|
|
|
|
# Get expiration date from certificate.
|
|
cert_exp=$(echo "$cert" | openssl x509 -enddate -noout | cut -d '=' -f 2)
|
|
# Convert it to Unix timestamp.
|
|
cert_exp=$(date -d "$cert_exp" +%s)
|
|
|
|
if [ -n "$minus_timestamp" ] && [ "$cert_exp" -lt "$minus_timestamp" ]; then
|
|
# $cert_exp < $minus_timestamp, so the cert is within boundaries.
|
|
return 1 # false
|
|
elif [ -n "$plus_timestamp" ] && [ "$cert_exp" -gt "$plus_timestamp" ]; then
|
|
# $cert_exp > $plus_timestamp, so the cert is within boundaries.
|
|
return 1 # false
|
|
fi
|
|
|
|
# Certs are excluded if:
|
|
# $minus_timestamp < $cert_exp < $plus_timestamp
|
|
return 0 # true
|
|
)
|