#!/usr/bin/env bash # function will_expire() { expiry_status="" expiry_vars="$(openssl "$openssl_cmd" -in "$object_path" -noout "${openssl_var_opts[@]}")" expiry_date="$(echo "$expiry_vars" | grep "^$openssl_expiry_var=" | sed 's/^.\+=//g')" if [ -z "$expiry_date" ]; then return 1 fi expiry_secs="$(date +%s -d "$expiry_date")" diff="$((expiry_secs - now))" if [ "$diff" -gt "$1" ]; then return 1 elif [ "$diff" -lt 0 ]; then remaining=0 else remaining="$((diff / 86400))" fi total_matches="$((total_matches + 1))" if [ -z "$min_expiry" ]; then min_expiry="$remaining" elif [ "$remaining" -lt "$min_expiry" ]; then min_expiry="$remaining" fi } function has_expired() { if ! will_expire 0; then return 1 fi expiry_status="has expired" } function will_expire_days() { if ! will_expire "$(($1 * 86400))"; then return 1 fi expiry_status="will expire in $remaining days" } function check_object() { object_id="$(basename "$1")" object_path="$1" if has_expired || will_expire_days 3 || will_expire_days 7 || will_expire_days 15 || will_expire_days 30; then { echo echo "$object_repr '$object_id' $expiry_status" echo "$expiry_vars" } >>"$mail_out" fi } function check_dir() { object_repr="$2" for path in "$PKI_PUBLIC/$1"/*; do check_object "$path" done } if [ -z "$PKI_PUBLIC" ]; then echo "$0: \$PKI_PUBLIC not set" exit 1 elif [ ! -d "$PKI_PUBLIC" ]; then echo "$0: invalid \$PKI_PUBLIC: $PKI_PUBLIC" exit 1 fi mail_out="$(mktemp)" trap 'rm -f -- "$mail_out"' EXIT now="$(date +%s)" min_expiry="" total_matches=0 openssl_cmd=x509 openssl_var_opts=(-startdate -enddate) openssl_expiry_var="notAfter" check_dir ca "CA" check_dir cert "Certificate" openssl_cmd=crl openssl_var_opts=(-lastupdate -nextupdate) openssl_expiry_var="nextUpdate" check_dir crl "CRL for CA" if [ -s "$mail_out" ] && ! cmp -s last-mail "$mail_out"; then sendmail -t <<- EOF From: PKI expiration reminder To: sysadmin Subject: $total_matches PKI objects will expire in $min_expiry days The following PKI objects are due for renewal: $(<"$mail_out") EOF mv -- "$mail_out" last-mail fi