diff --git a/tests/scripts/checkcerts.sh b/tests/scripts/checkcerts.sh index 5c3d737e46..72aa9c53bd 100755 --- a/tests/scripts/checkcerts.sh +++ b/tests/scripts/checkcerts.sh @@ -4,6 +4,9 @@ # Returns nonzero on failure. Fails if cert cannot be read or is older than # $SOON (default 30). # +# Hard dependency: OpenSSL OR gnutls +# Recommended: GNU date +# # zzz 2011-08 # kytv 2013-03 # public domain @@ -22,17 +25,58 @@ elif [ $(which certtool) ]; then : ;else exit 1 fi -CHECKCERT() { +# This "grouping hack" is here to prevent errors from being displayed with the +# original Bourne shell (Linux shells don't need the {}s +if { date --help;} >/dev/null 2>&1 ; then + HAVE_GNUDATE=1 +fi + +checkcert() { if [ $OPENSSL ]; then DATA=$(openssl x509 -enddate -noout -in $1| cut -d'=' -f2-) else DATA=$(certtool -i < "$1" | sed -e '/Not\sAfter/!d' -e 's/^.*:\s\(.*\)/\1/') fi # While this isn't strictly needed it'll ensure that the output is consistent, - # regardles of the tool used. - date -u -d "$(echo $DATA)" '+%F %H:%M' + # regardles of the tool used. Dates/times are formatting according to OpenSSL's output + # since this available by default on most systems. + if [ -n "$HAVE_GNUDATE" ]; then + LANG=C date -u -d "$(echo $DATA)" '+%b %d %H:%M:%S %Y GMT' + else + echo $DATA + fi } +compute_dates() { + # Date computations currently depend on GNU date(1). + # If run on a non-Linux system just print the expiration date. + # TODO Cross-platform date calculation support + if [ -n "$HAVE_GNUDATE" ]; then + SECS=$(date -u -d "$EXPIRES" '+%s') + DAYS="$(expr \( $SECS - $NOW \) / 86400)" + if [ $DAYS -ge $SOON ]; then + echo "Expires in $DAYS days ($EXPIRES)" + elif [ $DAYS -eq 1 ]; then + DAYS=$(echo $DAYS | sed 's/^-//') + echo "****** Check for $I failed, expires tomorrow ($EXPIRES) ******" + FAIL=1 + elif [ $DAYS -eq 0 ]; then + echo "****** Check for $i failed, expires today ($EXPIRES) ******" + FAIL=1 + elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then + echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******" + FAIL=1 + elif [ $DAYS -lt $WARN ] && [ $DAYS -gt $SOON ]; then + echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******" + elif [ $DAYS -lt 0 ]; then + DAYS=$(echo $DAYS | sed 's/^-//') + echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******" + FAIL=1 + fi + else + echo $EXPIRES + fi +} cd `dirname $0`/../../installer/resources/certificates @@ -41,32 +85,12 @@ NOW=$(date -u '+%s') for i in *.crt do echo "Checking $i ..." - EXPIRES=`CHECKCERT $i` + EXPIRES=`checkcert $i` if [ -z "$EXPIRES" ]; then echo "********* FAILED CHECK FOR $i *************" FAIL=1 else - SECS=$(date -u -d "$EXPIRES" '+%s') - DAYS="$(expr \( $SECS - $NOW \) / 86400)" - if [ $DAYS -ge $SOON ]; then - echo "Expires in $DAYS days ($EXPIRES)" - elif [ $DAYS -le $SOON ] && [ $DAYS -gt 0 ]; then - echo "****** Check for $i failed, expires in $DAYS days (<= ${SOON}d) ($EXPIRES) ******" - FAIL=1 - elif [ $DAYS -le $WARN ] && [ $DAYS -ge $SOON ]; then - echo "****** WARNING: $i expires in $DAYS days (<= ${WANT}d) ($EXPIRES) ******" - elif [ $DAYS -eq 1 ]; then - DAYS=$(echo $DAYS | sed 's/^-//') - echo "****** Check for $I failed, expires in $DAYS day ($EXPIRES) ******" - FAIL=1 - elif [ $DAYS -eq 0 ]; then - echo "****** Check for $i failed, expires today ($EXPIRES) ******" - FAIL=1 - elif [ $DAYS -le 0 ]; then - DAYS=$(echo $DAYS | sed 's/^-//') - echo "****** Check for $i failed, expired $DAYS days ago ($EXPIRES) ******" - FAIL=1 - fi + compute_dates fi done