[CRYP-7902] Gather more certificate details and style improvements

1 files changed, 42 insertions, 30 deletions

diff --git a/include/tests_crypto b/include/tests_crypto
index 0fb1d35e..219cabbb 100644
--- a/include/tests_crypto
+++ b/include/tests_crypto
@@ -31,47 +31,59 @@
     if [ ! -z "${OPENSSLBINARY}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
     Register --test-no CRYP-7902 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check expire date of SSL certificates"
     if [ ${SKIPTEST} -eq 0 ]; then
+        COUNT_TOTAL=0
         FOUNDPROBLEM=0
-        sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | sed 's/:/ /g')
-        sSSL_PATHS=`echo ${sSSL_PATHS} | sed 's/^ //' | tr " " "\n" | ${SORTBINARY} | uniq | tr "\n" " "`
-        LogText "Result after sorting: ${sSSL_PATHS}"
+        sSSL_PATHS=$(echo ${SSL_CERTIFICATE_PATHS} | ${SEDBINARY} 's/:/ /g')
+        sSSL_PATHS=$(echo ${sSSL_PATHS} | ${SEDBINARY} 's/^ //' | ${TRBINARY} " " "\n" | ${SORTBINARY} | uniq | ${TRBINARY} "\n" " ")
+        LogText "Paths to scan: ${sSSL_PATHS}"
 
-        for I in ${sSSL_PATHS}; do
-            if [ -d ${I} ]; then
-                FileIsReadable ${I}
+        for DIR in ${sSSL_PATHS}; do
+            COUNT_DIR=0
+            if [ -d ${DIR} ]; then
+                FileIsReadable ${DIR}
                 if [ ${CANREAD} -eq 1 ]; then
-                    LogText "Result: found directory ${I}"
+                    LogText "Result: found directory ${DIR}"
                     # Search for CRT files
-                    sFINDCRTS=`find ${I} -name "*.crt" -type f -print 2> /dev/null`
-                    for J in ${sFINDCRTS}; do
-                        FileIsReadable ${J}
-                        if [ ${CANREAD} -eq 1 ]; then
-                            LogText "Test: checking certificate ${J}"
-                            # Check certificate where 'end date' has been expired
-                            FIND=`${OPENSSLBINARY} x509 -noout -checkend 0 -in ${J} -enddate > /dev/null ; echo $?`
-                            if [ "${FIND}" = "0" ]; then
-                                LogText "Result: certificate ${J} seems to be correct and still valid"
-                                Report "valid_certificate[]=${J}|unknown entity|"
-                              else
-                                FOUNDPROBLEM=1
-                                LogText "Result: certificate ${J} has been expired"
-                                Report "expired_certificate[]=${J}|unknown entity|"
+                    sFINDCRTS=$(${FINDBINARY} ${DIR} -name "*.crt" -type f -print 2> /dev/null)
+                    if [ ! -z "${sFINDCRTS}" ]; then
+                        for FILE in ${sFINDCRTS}; do
+                            FileIsReadable ${FILE}
+                            if [ ${CANREAD} -eq 1 ]; then
+                                COUNT_DIR=$((COUNT_DIR + 1))
+                                LogText "Test: checking certificate ${FILE}"
+                                # Check certificate where 'end date' has been expired
+                                EXIT_CODE=$(${OPENSSLBINARY} x509 -noout -checkend 0 -in ${FILE} -enddate > /dev/null ; echo $?)
+                                CERT_CN=$(${OPENSSLBINARY} x509 -noout -subject -in ${FILE} 2> /dev/null | ${SEDBINARY} -e 's/^subject.*CN=\([a-zA-Z0-9\.\-\*]*\).*$/\1/')
+                                CERT_NOTAFTER=$(${OPENSSLBINARY} x509 -noout -enddate -in ${FILE} 2> /dev/null | ${AWKBINARY} -F= '{if ($1=="notAfter") { print $2 }}')
+                                Report "certificate[]=${FILE}|${EXIT_CODE}|cn:${CERT_CN};notafter:${CERT_NOTAFTER};|"
+                                if [ "${EXIT_CODE}" = "0" ]; then
+                                    LogText "Result: certificate ${FILE} seems to be correct and still valid"
+                                else
+                                    FOUNDPROBLEM=1
+                                    LogText "Result: certificate ${FILE} has been expired"
+                                fi
+                            else
+                                LogText "Result: can not read file ${FILE} (no permission)"
                             fi
-                          else
-                            LogText "Result: can not read file ${J} (no permission)"
-                        fi
-                    done
-                  else
-                    LogText "Result: can not read path ${I} (no permission)"
+                        done
+                    else
+                        LogText "Result: no certificates found in directory ${DIR}"
+                    fi
+                else
+                    LogText "Result: can not read path ${DIR} (no permission)"
                 fi
-              else
-                LogText "Result: SSL path ${I} does not exist"
+            else
+                LogText "Result: SSL path ${DIR} does not exist"
             fi
+            COUNT_TOTAL=$((COUNT_TOTAL + COUNT_DIR))
+            LogText "Result: found ${COUNT_DIR} certificates in ${DIR}"
         done
+        Report "certificates=${COUNT_TOTAL}"
+        LogText "Result: found a total of ${COUNT_TOTAL} certificates"
 
         if [ ${FOUNDPROBLEM} -eq 0 ]; then
             Display --indent 2 --text "- Checking for expired SSL certificates" --result "${STATUS_NONE}" --color GREEN
-          else
+        else
             Display --indent 2 --text "- Checking for expired SSL certificates" --result "${STATUS_FOUND}" --color RED
             ReportSuggestion ${TEST_NO} "Check available certificates for expiration"
         fi