diff options
| author | Michael Boelen <michael.boelen@cisofy.com> | 2017-08-18 20:19:15 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-08-18 20:19:15 +0300 |
| commit | 1190efac2bafe58ba84ed348a54d37355384f059 (patch) | |
| tree | 2b91c1a5ebfa51e59c45fa6a5ce4717a708e5d0f /include/tests_crypto | |
| parent | 4a673aebc7003f269e49f3dd738f8678e29f1cc9 (diff) | |
[CRYP-7902] add a test to filter out non-certificate files
Diffstat (limited to 'include/tests_crypto')
| -rw-r--r-- | include/tests_crypto | 27 |
1 files changed, 16 insertions, 11 deletions
diff --git a/include/tests_crypto b/include/tests_crypto index 56438178..32576bb5 100644 --- a/include/tests_crypto +++ b/include/tests_crypto @@ -52,18 +52,23 @@ # Only check the files that are not installed by a package if ! FileInstalledByPackage ${FILE}; then COUNT_DIR=$((COUNT_DIR + 1)) - LogText "Test: checking certificate ${FILE}" - # Check certificate where 'end date' has been expired - FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null) - EXIT_CODE=$? - CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') - CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') - Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" - if [ ${EXIT_CODE} -eq 0 ]; then - LogText "Result: certificate ${FILE} seems to be correct and still valid" + LogText "Test: checking file and determining if it is certificate ${FILE}" + FIND=$(${OPENSSLBINARY} x509 -noout -in ${FILE} -enddate 2> /dev/null | ${GREPBINARY} "^notAfter") + if [ $? -eq 0 ]; then + # Check certificate where 'end date' has been expired + FIND=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate 2> /dev/null) + EXIT_CODE=$? + CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/') + CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}') + Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|" + if [ ${EXIT_CODE} -eq 0 ]; then + LogText "Result: certificate ${FILE} seems to be correct and still valid" + else + FOUNDPROBLEM=1 + LogText "Result: certificate ${FILE} has been expired" + fi else - FOUNDPROBLEM=1 - LogText "Result: certificate ${FILE} has been expired" + LogText "Result: skipping tests for this file (${FILE}) as it is most likely not a certificate (a key file?)" fi fi else |